Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ff9c00dd authored by Steven Moreland's avatar Steven Moreland Committed by Automerger Merge Worker
Browse files

Merge "Restrict domain of transact codes in fuzzService" am: 2f9a0e82 am:... 

Merge "Restrict domain of transact codes in fuzzService" am: 2f9a0e82 am: 672c2c2d am: 8e338e08

Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2334431



Change-Id: I6773a60b3718e90d503a0e58dbb92ec1835d514e
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 1612a4ed 8e338e08

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

+3 −1
Original line number Diff line number Diff line
@@ -37,7 +37,9 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { 
    }



    while (provider.remaining_bytes() > 0) {

        uint32_t code = provider.ConsumeIntegral<uint32_t>();

        // Most of the AIDL services will have small set of transaction codes.

        uint32_t code = provider.ConsumeBool() ? provider.ConsumeIntegral<uint32_t>()

                                               : provider.ConsumeIntegralInRange<uint32_t>(0, 100);

        uint32_t flags = provider.ConsumeIntegral<uint32_t>();

        Parcel data;

        // for increased fuzz coverage