Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0730e80b authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix fuzzer testcase 

Fuzzer reports show memory leaks emanating from fuzz_alarm.cc.
On investigation these are invalid and stem from problems with
memory and flow management in the fuzzer implementation.

Fix those issues.

Bug: 262875478
Test: fuzz
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I3db039f3841bb19be52957fdb968ff09c9327e7f
parent fc19478d

system/osi/test/fuzzers/alarm/fuzz_alarm.cc

+4 −2
Original line number Diff line number Diff line
@@ -107,6 +107,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { 
  // Alarm must be non-null, or set() will trigger assert

  if (alarm) {

    if (!fuzz_set_alarm(alarm, MAX_ALARM_DURATION, cb, &dataProvider)) {

      alarm_free(alarm);

      return 0;

    }

    alarm_cancel(alarm);
@@ -122,8 +123,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { 
    for (int i = 0; i < num_alarms; i++) {

      uint64_t interval =

          dataProvider.ConsumeIntegralInRange<uint64_t>(0, MAX_ALARM_DURATION);

      if (fuzz_set_alarm(alarm, interval, cb, &dataProvider)) {

        return 0;

      if (!fuzz_set_alarm(alarm, interval, cb, &dataProvider)) {

        num_alarms = i;

        break;

      }

      alarm_get_remaining_ms(alarm);

    }