Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10f612bb authored by Steven Moreland's avatar Steven Moreland
Browse files

binder_rpc_fuzzer: limit connections 

Unbounded connections will exhaust resources.

Fixes: 260736889
Test: w/ reproducer
Change-Id: Ic21a1b4aab1127fbf4b9d3d943d0b27f423b84ea
parent 112211ee

libs/binder/tests/rpc_fuzzer/main.cpp

+6 −1
Original line number Original line Diff line number Diff line
@@ -133,8 +133,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 




    bool hangupBeforeShutdown = provider.ConsumeBool();

    bool hangupBeforeShutdown = provider.ConsumeBool();





    // b/260736889 - limit arbitrarily, due to thread resource exhaustion, which currently

    // aborts. Servers should consider RpcServer::setConnectionFilter instead.

    constexpr size_t kMaxConnections = 1000;



    while (provider.remaining_bytes() > 0) {

    while (provider.remaining_bytes() > 0) {

        if (connections.empty() || provider.ConsumeBool()) {

        if (connections.empty() ||

            (connections.size() < kMaxConnections && provider.ConsumeBool())) {

            base::unique_fd fd(TEMP_FAILURE_RETRY(socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)));

            base::unique_fd fd(TEMP_FAILURE_RETRY(socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)));

            CHECK_NE(fd.get(), -1);

            CHECK_NE(fd.get(), -1);

            CHECK_EQ(0,

            CHECK_EQ(0,