Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c020a29c authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge changes Ifd3e7582,Ie9e3109d 

* changes:
  binder_parcel_fuzzer: fuzz parcle types separately
  binder_parcel_fuzzer: remove expensive logging
parents d041aa4d ea9ed86e

libs/binder/fuzzer/main.cpp

+19 −6
Original line number Diff line number Diff line
@@ -51,12 +51,25 @@ void doFuzz( 
}



void fuzz(uint8_t options, const std::vector<uint8_t>& input, const std::vector<uint8_t>& instructions) {

    (void) options;



    // although they will do completely different things, might as well fuzz both

    doFuzz<::android::hardware::Parcel>(HWBINDER_PARCEL_READ_FUNCTIONS, input, instructions);

    uint8_t parcelType = options & 0x3;



    switch (parcelType) {

        case 0x0:

            doFuzz<::android::hardware::Parcel>(HWBINDER_PARCEL_READ_FUNCTIONS, input,

                                                instructions);

            break;

        case 0x1:

            doFuzz<::android::Parcel>(BINDER_PARCEL_READ_FUNCTIONS, input, instructions);

            break;

        case 0x2:

            doFuzz<NdkParcelAdapter>(BINDER_NDK_PARCEL_READ_FUNCTIONS, input, instructions);

            break;

        case 0x3:

            /*reserved for future use*/

            break;

        default:

            LOG_ALWAYS_FATAL("unknown parcel type %d", static_cast<int>(parcelType));

    }

}



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

libs/binder/fuzzer/util.h

+20 −13
Original line number Diff line number Diff line
@@ -23,27 +23,34 @@ 
#error "Must define FUZZ_LOG_TAG"

#endif



#define ENABLE_LOG_FUZZ 1

#define FUZZ_LOG() FuzzLog(FUZZ_LOG_TAG, ENABLE_LOG_FUZZ).log()

// for local debugging

#define ENABLE_LOG_FUZZ 0



#define FUZZ_LOG() FuzzLog(FUZZ_LOG_TAG).log()



#if ENABLE_LOG_FUZZ == 1

class FuzzLog {

public:

    FuzzLog(const std::string& tag, bool log) : mTag(tag), mLog(log) {}

    ~FuzzLog() {

        if (mLog) {

            std::cout << mTag << ": " << mOs.str() << std::endl;

        }

    }

    FuzzLog(const char* tag) : mTag(tag) {}

    ~FuzzLog() { std::cout << mTag << ": " << mOs.str() << std::endl; }



    std::stringstream& log() {

        return mOs;

    }

    std::stringstream& log() { return mOs; }



private:

    std::string mTag;

    bool mLog;

    const char* mTag = nullptr;

    std::stringstream mOs;

};

#else

class FuzzLog {

public:

    FuzzLog(const char* /*tag*/) {}

    template <typename T>

    FuzzLog& operator<<(const T& /*t*/) {

        return *this;

    }

    FuzzLog& log() { return *this; }

};

#endif



std::string hexString(const void* bytes, size_t len);

std::string hexString(const std::vector<uint8_t>& bytes);