From 7168f2726eccdc00210ba59563a4ed3b821cca9d Mon Sep 17 00:00:00 2001
From: Dylan Katz <dylan.katz@leviathansecurity.com>
Date: Thu, 2 Jul 2020 11:51:44 -0700
Subject: Add second batch of fuzzers for libutils

This adds fuzzers for:
- CallStack
- Looper
- LruCache
- Printer
- ProcessCallStack
- PropertyMap
- RWLock
- RefBase
- StopWatch.
Test: Ran each fuzzer for 10 minutes. Rough coverage est. (likely far below actual value): 10.97%

Signed-off-by: Dylan Katz <dylan.katz@leviathansecurity.com>
Change-Id: I2f9f35c18b13338c282fb7f9c3ea4099ecb2c56f
---
 libutils/RWLock_fuzz.cpp | 50 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100755 libutils/RWLock_fuzz.cpp

(limited to 'libutils/RWLock_fuzz.cpp')

diff --git a/libutils/RWLock_fuzz.cpp b/libutils/RWLock_fuzz.cpp
new file mode 100755
index 000000000..e07590549
--- /dev/null
+++ b/libutils/RWLock_fuzz.cpp
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <functional>
+
+#include "fuzzer/FuzzedDataProvider.h"
+#include "utils/RWLock.h"
+
+static constexpr int MAX_OPERATIONS = 100;
+static constexpr int MAX_NAME_LEN = 2048;
+
+static const std::vector<std::function<void(android::RWLock*)>> operations = {
+        [](android::RWLock* lock) -> void {
+            // This might return a non-zero value if already locked
+            // Either way we are definitely locked now.
+            lock->tryWriteLock();
+        },
+        [](android::RWLock* lock) -> void { lock->tryReadLock(); },
+        [](android::RWLock* lock) -> void { lock->unlock(); },
+};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    FuzzedDataProvider dataProvider(data, size);
+    std::string nameStr = dataProvider.ConsumeRandomLengthString(MAX_NAME_LEN);
+    int type = dataProvider.ConsumeIntegral<int>();
+    android::RWLock rwLock = android::RWLock(type, nameStr.c_str());
+    std::vector<uint8_t> opsToRun = dataProvider.ConsumeRemainingBytes<uint8_t>();
+    int opsRun = 0;
+    for (auto it : opsToRun) {
+        if (opsRun++ >= MAX_OPERATIONS) {
+            break;
+        }
+        it = it % operations.size();
+        operations[it](&rwLock);
+    }
+    rwLock.unlock();
+    return 0;
+}
-- 
cgit v1.2.3