From 9d5845bb5e19011fd0e8e9842f1aa16add138454 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Mon, 11 May 2020 15:44:01 -0700 Subject: Add fuzzers for libutils classes Adds fuzzers for BitSet, FileMap, String8, String16, and Vector. Test: Ran fuzzers on Android Pixel 3a. Aggregate coverage was 1.2% (this is far lower than true coverage due to shared libraries being counted) Change-Id: I739216fe88afa51dc2f73b857da91116853382f0 Removed unneeded cflags, moved libbase to defaults Test: Built Android.bp successfully Signed-off-by: Dylan Katz Change-Id: I739216fe88afa51dc2f73b857da91116853382f0 --- libutils/FileMap_fuzz.cpp | 50 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 libutils/FileMap_fuzz.cpp (limited to 'libutils/FileMap_fuzz.cpp') diff --git a/libutils/FileMap_fuzz.cpp b/libutils/FileMap_fuzz.cpp new file mode 100644 index 000000000..d800564f1 --- /dev/null +++ b/libutils/FileMap_fuzz.cpp @@ -0,0 +1,50 @@ +/* + * Copyright 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include + +#include "android-base/file.h" +#include "fuzzer/FuzzedDataProvider.h" +#include "utils/FileMap.h" + +static constexpr uint16_t MAX_STR_SIZE = 256; +static constexpr uint8_t MAX_FILENAME_SIZE = 32; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider dataProvider(data, size); + TemporaryFile tf; + // Generate file contents + std::string contents = dataProvider.ConsumeRandomLengthString(MAX_STR_SIZE); + // If we have string contents, dump them into the file. + // Otherwise, just leave it as an empty file. + if (contents.length() > 0) { + const char* bytes = contents.c_str(); + android::base::WriteStringToFd(bytes, tf.fd); + } + android::FileMap m; + // Generate create() params + std::string orig_name = dataProvider.ConsumeRandomLengthString(MAX_FILENAME_SIZE); + size_t length = dataProvider.ConsumeIntegralInRange(1, SIZE_MAX); + off64_t offset = dataProvider.ConsumeIntegralInRange(1, INT64_MAX); + bool read_only = dataProvider.ConsumeBool(); + m.create(orig_name.c_str(), tf.fd, offset, length, read_only); + m.getDataOffset(); + m.getFileName(); + m.getDataLength(); + m.getDataPtr(); + int enum_index = dataProvider.ConsumeIntegral(); + m.advise(static_cast(enum_index)); + return 0; +} -- cgit v1.2.3