Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9de12854 authored by Pawan Wagh's avatar Pawan Wagh Committed by Automerger Merge Worker
Browse files

Merge "Skipping enforceNoDataAvail in fuzzService" am: 84af7ae3 am: 77d868a4

parents 58c011a4 77d868a4
Loading
Loading
Loading
Loading
+9 −0
Original line number Diff line number Diff line
@@ -966,7 +966,15 @@ bool Parcel::enforceInterface(const char16_t* interface,
    }
}

void Parcel::setEnforceNoDataAvail(bool enforceNoDataAvail) {
    mEnforceNoDataAvail = enforceNoDataAvail;
}

binder::Status Parcel::enforceNoDataAvail() const {
    if (!mEnforceNoDataAvail) {
        return binder::Status::ok();
    }

    const auto n = dataAvail();
    if (n == 0) {
        return binder::Status::ok();
@@ -3077,6 +3085,7 @@ void Parcel::initState()
    mAllowFds = true;
    mDeallocZero = false;
    mOwner = nullptr;
    mEnforceNoDataAvail = true;
}

void Parcel::scanForFds() const {
+6 −0
Original line number Diff line number Diff line
@@ -150,6 +150,9 @@ public:
    // Returns Status(EX_BAD_PARCELABLE) when the Parcel is not consumed.
    binder::Status enforceNoDataAvail() const;

    // This Api is used by fuzzers to skip dataAvail checks.
    void setEnforceNoDataAvail(bool enforceNoDataAvail);

    void                freeData();

    size_t              objectsCount() const;
@@ -1329,6 +1332,9 @@ private:
    // data to be overridden with zero when deallocated
    mutable bool        mDeallocZero;

    // Set this to false to skip dataAvail checks.
    bool mEnforceNoDataAvail;

    release_func        mOwner;

    size_t mReserved;
+4 −0
Original line number Diff line number Diff line
@@ -34,6 +34,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) {
        uint32_t code = provider.ConsumeIntegral<uint32_t>();
        uint32_t flags = provider.ConsumeIntegral<uint32_t>();
        Parcel data;
        // for increased fuzz coverage
        data.setEnforceNoDataAvail(provider.ConsumeBool());

        sp<IBinder> target = options.extraBinders.at(
                provider.ConsumeIntegralInRange<size_t>(0, options.extraBinders.size() - 1));
@@ -50,6 +52,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) {
        fillRandomParcel(&data, FuzzedDataProvider(subData.data(), subData.size()), &options);

        Parcel reply;
        // for increased fuzz coverage
        reply.setEnforceNoDataAvail(provider.ConsumeBool());
        (void)target->transact(code, data, &reply, flags);

        // feed back in binders and fds that are returned from the service, so that