Merge changes I5f9219b7,Ibf42623a,I870c762f (0d82d3d0) · Commits · e / os / platform_frameworks_native

services/inputflinger/tests/fuzzers/CursorInputFuzzer.cpp

+2 −12

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		#include <CursorInputMapper.h>
		#include <FuzzContainer.h>
		#include <MapperHelpers.h>

		namespace android {

		@@ -65,22 +66,11 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
		mapper.populateDeviceInfo(info);
		},
		[&]() -> void {
		int32_t type, code;
		type = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidTypes)
		: fdp->ConsumeIntegral<int32_t>();
		code = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidCodes)
		: fdp->ConsumeIntegral<int32_t>();

		// Need to reconfigure with 0 or you risk a NPE.
		std::list<NotifyArgs> unused =
		mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), policyConfig,
		InputReaderConfiguration::Change(0));
		RawEvent rawEvent{fdp->ConsumeIntegral<nsecs_t>(),
		fdp->ConsumeIntegral<nsecs_t>(),
		fdp->ConsumeIntegral<int32_t>(),
		type,
		code,
		fdp->ConsumeIntegral<int32_t>()};
		RawEvent rawEvent = getFuzzedRawEvent(*fdp);
		unused += mapper.process(&rawEvent);
		},
		[&]() -> void {

services/inputflinger/tests/fuzzers/FuzzContainer.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -38,7 +38,7 @@ public:
		std::string deviceName = mFdp->ConsumeRandomLengthString(16);
		std::string deviceLocation = mFdp->ConsumeRandomLengthString(12);
		int32_t deviceID = mFdp->ConsumeIntegralInRange<int32_t>(0, 5);
		int32_t deviceGeneration = mFdp->ConsumeIntegralInRange<int32_t>(/from/ 0, /to/ 5);
		int32_t deviceGeneration = mFdp->ConsumeIntegralInRange<int32_t>(/from=/0, /to=/5);

		// Create mocked objects.
		mFuzzEventHub = std::make_shared<FuzzEventHub>(mFdp);

services/inputflinger/tests/fuzzers/KeyboardInputFuzzer.cpp

+2 −11

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		#include <FuzzContainer.h>
		#include <KeyboardInputMapper.h>
		#include <MapperHelpers.h>

		namespace android {

		@@ -72,17 +73,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
		std::list<NotifyArgs> unused = mapper.reset(fdp->ConsumeIntegral<nsecs_t>());
		},
		[&]() -> void {
		int32_t type, code;
		type = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidTypes)
		: fdp->ConsumeIntegral<int32_t>();
		code = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidCodes)
		: fdp->ConsumeIntegral<int32_t>();
		RawEvent rawEvent{fdp->ConsumeIntegral<nsecs_t>(),
		fdp->ConsumeIntegral<nsecs_t>(),
		fdp->ConsumeIntegral<int32_t>(),
		type,
		code,
		fdp->ConsumeIntegral<int32_t>()};
		RawEvent rawEvent = getFuzzedRawEvent(*fdp);
		std::list<NotifyArgs> unused = mapper.process(&rawEvent);
		},
		[&]() -> void {

services/inputflinger/tests/fuzzers/MapperHelpers.h

+17 −14

Original line number	Diff line number	Diff line
		@@ -22,7 +22,6 @@

		constexpr size_t kValidTypes[] = {EV_SW,
		EV_SYN,
		SYN_REPORT,
		EV_ABS,
		EV_KEY,
		EV_MSC,
		@@ -46,7 +45,6 @@ constexpr size_t kValidCodes[] = {
		ABS_MT_PRESSURE,
		ABS_MT_DISTANCE,
		ABS_MT_TOOL_TYPE,
		SYN_MT_REPORT,
		MSC_SCAN,
		REL_X,
		REL_Y,
		@@ -74,6 +72,22 @@ ToolType getFuzzedToolType(Fdp& fdp) {
		return static_cast<ToolType>(toolType);
		}

		template <class Fdp>
		RawEvent getFuzzedRawEvent(Fdp& fdp) {
		const int32_t type = fdp.ConsumeBool() ? fdp.PickValueInArray(kValidTypes)
		: fdp.template ConsumeIntegral<int32_t>();
		const int32_t code = fdp.ConsumeBool() ? fdp.PickValueInArray(kValidCodes)
		: fdp.template ConsumeIntegral<int32_t>();
		return RawEvent{
		.when = fdp.template ConsumeIntegral<nsecs_t>(),
		.readTime = fdp.template ConsumeIntegral<nsecs_t>(),
		.deviceId = fdp.template ConsumeIntegral<int32_t>(),
		.type = type,
		.code = code,
		.value = fdp.template ConsumeIntegral<int32_t>(),
		};
		}

		class FuzzEventHub : public EventHubInterface {
		InputDeviceIdentifier mIdentifier;
		std::vector<TouchVideoFrame> mVideoFrames;
		@@ -118,18 +132,7 @@ public:
		std::vector<RawEvent> events;
		const size_t count = mFdp->ConsumeIntegralInRange<size_t>(0, kMaxSize);
		for (size_t i = 0; i < count; ++i) {
		int32_t type = mFdp->ConsumeBool() ? mFdp->PickValueInArray(kValidTypes)
		: mFdp->ConsumeIntegral<int32_t>();
		int32_t code = mFdp->ConsumeBool() ? mFdp->PickValueInArray(kValidCodes)
		: mFdp->ConsumeIntegral<int32_t>();
		events.push_back({
		.when = mFdp->ConsumeIntegral<nsecs_t>(),
		.readTime = mFdp->ConsumeIntegral<nsecs_t>(),
		.deviceId = mFdp->ConsumeIntegral<int32_t>(),
		.type = type,
		.code = code,
		.value = mFdp->ConsumeIntegral<int32_t>(),
		});
		events.push_back(getFuzzedRawEvent(*mFdp));
		}
		return events;
		}

services/inputflinger/tests/fuzzers/MultiTouchInputFuzzer.cpp

+2 −10

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@
		*/

		#include <FuzzContainer.h>
		#include <MapperHelpers.h>
		#include <MultiTouchInputMapper.h>

		namespace android {
		@@ -87,16 +88,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
		std::list<NotifyArgs> unused = mapper.reset(fdp->ConsumeIntegral<nsecs_t>());
		},
		[&]() -> void {
		int32_t type = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidTypes)
		: fdp->ConsumeIntegral<int32_t>();
		int32_t code = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidCodes)
		: fdp->ConsumeIntegral<int32_t>();
		RawEvent rawEvent{fdp->ConsumeIntegral<nsecs_t>(),
		fdp->ConsumeIntegral<nsecs_t>(),
		fdp->ConsumeIntegral<int32_t>(),
		type,
		code,
		fdp->ConsumeIntegral<int32_t>()};
		RawEvent rawEvent = getFuzzedRawEvent(*fdp);
		std::list<NotifyArgs> unused = mapper.process(&rawEvent);
		},
		[&]() -> void {