Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0c5a332a authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "libbinder fuzzer driver: uid corpus continuity" am: 4afa2c39 am:... 

Merge "libbinder fuzzer driver: uid corpus continuity" am: 4afa2c39 am: 91b3126c am: cbd84325 am: ddfaac0f am: 698dca55 am: 2d4a0efd

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2607731



Change-Id: Id2e7b17ac618f17177a634b9751ef41e7ebe3504
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 2fd3269c 2d4a0efd

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

+5 −1
Original line number Diff line number Diff line
@@ -33,9 +33,13 @@ void fuzzService(const std::vector<sp<IBinder>>& binders, FuzzedDataProvider&& p 
            .extraFds = {},

    };



    // Always take so that a perturbation of just the one ConsumeBool byte will always

    // take the same path, but with a different UID. Without this, the fuzzer needs to

    // guess both the change in value and the shift at the same time.

    int64_t maybeSetUid = provider.ConsumeIntegral<int64_t>();

    if (provider.ConsumeBool()) {

        // set calling uid

        IPCThreadState::self()->restoreCallingIdentity(provider.ConsumeIntegral<int64_t>());

        IPCThreadState::self()->restoreCallingIdentity(maybeSetUid);

    }



    while (provider.remaining_bytes() > 0) {