Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b1105589 authored by David Drysdale's avatar David Drysdale Committed by Gerrit Code Review
Browse files

Revert "rpc_binder: Change `trusty_tipc_fuzzer` to support multiple connections and messages" 

This reverts commit 589c8d1e.

Reason for revert: fuzzer crashes immediately on line 99 as vector is empty

Change-Id: I5e56a94671a43cd131c250d98f7cfae3c96f34ab
parent 589c8d1e

trusty/fuzz/tipc_fuzzer.cpp

+18 −61
Original line number Original line Diff line number Diff line
@@ -14,8 +14,6 @@ 
 * limitations under the License.

 * limitations under the License.

 */

 */





#include <android-base/result.h>

#include <fuzzer/FuzzedDataProvider.h>

#include <stdlib.h>

#include <stdlib.h>

#include <trusty/coverage/coverage.h>

#include <trusty/coverage/coverage.h>

#include <trusty/coverage/uuid.h>

#include <trusty/coverage/uuid.h>
@@ -25,7 +23,6 @@ 
#include <iostream>

#include <iostream>

#include <memory>

#include <memory>





using android::base::Result;

using android::trusty::coverage::CoverageRecord;

using android::trusty::coverage::CoverageRecord;

using android::trusty::fuzz::ExtraCounters;

using android::trusty::fuzz::ExtraCounters;

using android::trusty::fuzz::TrustyApp;

using android::trusty::fuzz::TrustyApp;
@@ -44,14 +41,7 @@ using android::trusty::fuzz::TrustyApp; 
#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."

#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."

#endif

#endif





#ifdef TRUSTY_APP_MAX_CONNECTIONS

static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);

constexpr size_t MAX_CONNECTIONS = TRUSTY_APP_MAX_CONNECTIONS;

#else

constexpr size_t MAX_CONNECTIONS = 1;

#endif



static_assert(MAX_CONNECTIONS >= 1);



static std::unique_ptr<CoverageRecord> record;

static std::unique_ptr<CoverageRecord> record;





extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {

extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
@@ -63,8 +53,7 @@ extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) { 
    }

    }





    /* Make sure lazy-loaded TAs have started and connected to coverage service. */

    /* Make sure lazy-loaded TAs have started and connected to coverage service. */

    TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);

    auto ret = kTrustyApp.Connect();

    auto ret = ta.Connect();

    if (!ret.ok()) {

    if (!ret.ok()) {

        std::cerr << ret.error() << std::endl;

        std::cerr << ret.error() << std::endl;

        exit(-1);

        exit(-1);
@@ -84,56 +73,24 @@ extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) { 
    return 0;

    return 0;

}

}





Result<void> testOneInput(FuzzedDataProvider& provider) {

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    std::vector<TrustyApp> trustyApps;

    static uint8_t buf[TIPC_MAX_MSG_SIZE];



    while (provider.remaining_bytes() > 0) {

        if (trustyApps.size() < MAX_CONNECTIONS && provider.ConsumeBool()) {

            auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);

            const auto result = ta.Connect();

            if (!result.ok()) {

                return result;

            }

        } else {

            const auto i = provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size());

            std::swap(trustyApps[i], trustyApps.back());



            if (provider.ConsumeBool()) {

                auto& ta = trustyApps.back();





                const auto data = provider.ConsumeRandomLengthString();

    ExtraCounters counters(record.get());

                auto result = ta.Write(data.data(), data.size());

    counters.Reset();

                if (!result.ok()) {

                    return result;

                }





                std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;

    auto ret = kTrustyApp.Write(data, size);

                result = ta.Read(buf.data(), buf.size());

    if (ret.ok()) {

                if (!result.ok()) {

        ret = kTrustyApp.Read(&buf, sizeof(buf));

                    return result;

    }

    }





                // Reconnect to ensure that the service is still up.

    // Reconnect to ensure that the service is still up

                ta.Disconnect();

    kTrustyApp.Disconnect();

                result = ta.Connect();

    ret = kTrustyApp.Connect();

                if (!result.ok()) {

    if (!ret.ok()) {

                    std::cerr << result.error() << std::endl;

        std::cerr << ret.error() << std::endl;

        android::trusty::fuzz::Abort();

        android::trusty::fuzz::Abort();

                    return result;

                }

            } else {

                trustyApps.pop_back();

            }

        }

    }

    }

    return {};

}



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    ExtraCounters counters(record.get());

    counters.Reset();





    FuzzedDataProvider provider(data, size);

    return ret.ok() ? 0 : -1;

    const auto result = testOneInput(provider);

    return result.ok() ? 0 : -1;

}
 
}