Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f2774a04 authored by Tom Cherry's avatar Tom Cherry
Browse files

logd: add fuzzer for SerializedLogBuffer and other improvements

1) Add fuzzer for SerializedLogBuffer
2) Enable fuzzing on host
3) Read logs after writing them
4) Silence log tags error on host

Test: run these fuzzers
Change-Id: Id5f0394546ecbccf5281e3d8855853be90dee3f0
parent 1fdbdbe1
Loading
Loading
Loading
Loading
+2 −0
Original line number Diff line number Diff line
@@ -276,7 +276,9 @@ void LogTags::ReadFileEventLogTags(const char* filename, bool warn) {
            cp++;
        }
    } else if (warn) {
#ifdef __ANDROID__
        LOG(ERROR) << "Cannot read " << filename;
#endif
    }
}

+21 −7
Original line number Diff line number Diff line
@@ -13,11 +13,9 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
cc_fuzz {
    name: "log_buffer_log_fuzzer",
    srcs: [
        "log_buffer_log_fuzzer.cpp",
    ],

cc_defaults {
    name: "log_fuzzer_defaults",
    static_libs: [
        "libbase",
        "libcutils",
@@ -25,9 +23,25 @@ cc_fuzz {
        "liblog",
        "liblogd",
        "libcutils",
        "libsysutils",
        "libz",
        "libzstd",
    ],
    cflags: ["-Werror"],
    cflags: ["-Wextra"],
    host_supported: true,
}

cc_fuzz {
    name: "log_buffer_log_fuzzer",
    defaults: ["log_fuzzer_defaults"],
    srcs: [
        "log_buffer_log_fuzzer.cpp",
    ],
}

cc_fuzz {
    name: "serialized_log_buffer_fuzzer",
    defaults: ["log_fuzzer_defaults"],
    srcs: [
        "serialized_log_buffer_fuzzer.cpp",
    ],
}
+52 −7
Original line number Diff line number Diff line
@@ -15,10 +15,13 @@
 */
#include <string>

#include <android-base/logging.h>

#include "../ChattyLogBuffer.h"
#include "../LogReaderList.h"
#include "../LogReaderThread.h"
#include "../LogStatistics.h"
#include "../SerializedLogBuffer.h"

// We don't want to waste a lot of entropy on messages
#define MAX_MSG_LENGTH 5
@@ -27,7 +30,20 @@
#define MIN_TAG_ID 1000
#define TAG_MOD 10

namespace android {
#ifndef __ANDROID__
unsigned long __android_logger_get_buffer_size(log_id_t) {
    return 1024 * 1024;
}

bool __android_logger_valid_buffer_size(unsigned long) {
    return true;
}
#endif

char* android::uidToName(uid_t) {
    return strdup("fake");
}

struct LogInput {
  public:
    log_id_t log_id;
@@ -79,9 +95,13 @@ int write_log_messages(const uint8_t** pdata, size_t* data_left, LogBuffer* log_
    return 1;
}

char* uidToName(uid_t) {
    return strdup("fake");
}
class NoopWriter : public LogWriter {
  public:
    NoopWriter() : LogWriter(0, true) {}
    bool Write(const logger_entry&, const char*) override { return true; }

    std::string name() const override { return "noop_writer"; }
};

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
    // We want a random tag length and a random remaining message length
@@ -89,11 +109,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
        return 0;
    }

    android::base::SetMinimumLogSeverity(android::base::ERROR);

    LogReaderList reader_list;
    LogTags tags;
    PruneList prune_list;
    LogStatistics stats(true);
    LogBuffer* log_buffer = new ChattyLogBuffer(&reader_list, &tags, &prune_list, &stats);
    std::unique_ptr<LogBuffer> log_buffer;
#ifdef FUZZ_SERIALIZED
    log_buffer.reset(new SerializedLogBuffer(&reader_list, &tags, &stats));
#else
    log_buffer.reset(new ChattyLogBuffer(&reader_list, &tags, &prune_list, &stats));
#endif
    size_t data_left = size;
    const uint8_t** pdata = &data;

@@ -102,12 +129,30 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
    log_id_for_each(i) { log_buffer->SetSize(i, 10000); }

    while (data_left >= sizeof(LogInput) + 2 * sizeof(uint8_t)) {
        if (!write_log_messages(pdata, &data_left, log_buffer, &stats)) {
        if (!write_log_messages(pdata, &data_left, log_buffer.get(), &stats)) {
            return 0;
        }
    }

    // Read out all of the logs.
    {
        auto lock = std::unique_lock{reader_list.reader_threads_lock()};
        std::unique_ptr<LogWriter> test_writer(new NoopWriter());
        std::unique_ptr<LogReaderThread> log_reader(
                new LogReaderThread(log_buffer.get(), &reader_list, std::move(test_writer), true, 0,
                                    kLogMaskAll, 0, {}, 1, {}));
        reader_list.reader_threads().emplace_back(std::move(log_reader));
    }

    // Wait until the reader has finished.
    while (true) {
        usleep(50);
        auto lock = std::unique_lock{reader_list.reader_threads_lock()};
        if (reader_list.reader_threads().size() == 0) {
            break;
        }
    }

    log_id_for_each(i) { log_buffer->Clear(i, 0); }
    return 0;
}
}  // namespace android
+19 −0
Original line number Diff line number Diff line
/*
 * Copyright 2020 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#define FUZZ_SERIALIZED

#include "log_buffer_log_fuzzer.cpp"