commit f3f061442858276330248338104c9eb761f3ef10
author Mike McTernan <mikemcternan@google.com> Thu Aug 18 20:20:31 2022 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Aug 18 20:20:31 2022 +0000
tree 39feaca7b2a19046095c7812b49457e7331cafa0
parent f1ce148531ef9c31b6a85486759a3e1ff8b8b5aa
parent a0a7e2dae1afa2fe3d3b90abf12f871beb214090

[automerger skipped] Fix integer wrap sanitisation. am: 61e10c9c53 am: 5a3e448a22 am: d3f1c05623 am: aa22bcd1bc -s ours am: b8922879f6 -s ours am: 9ca79fca4e -s ours am: a0a7e2dae1 -s ours

am skip reason: skipped by user mikemcternan

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/dtc/+/19606334

Change-Id: I2971b0f98282297ecdd410a8c088630b59e9fed1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

fuzzing/Android.bp

diff --git a/fuzzing/Android.bp b/fuzzing/Android.bp
new file mode 100644
index 0000000..ddda130
--- /dev/null
+++ b/fuzzing/Android.bp
@@ -0,0 +1,15 @@
+// Copyright 2022 The Android Open Source Project
+package {
+    default_applicable_licenses: ["external_dtc_license"],
+}
+
+cc_fuzz {
+    name: "libfdt_fuzzer",
+    srcs: [
+        "libfdt_fuzzer.cpp",
+    ],
+    static_libs: [
+        "libfdt",
+    ],
+    host_supported: true,
+}

fuzzing/libfdt_fuzzer.cpp

diff --git a/fuzzing/libfdt_fuzzer.cpp b/fuzzing/libfdt_fuzzer.cpp
new file mode 100644
index 0000000..4a0b1fc
--- /dev/null
+++ b/fuzzing/libfdt_fuzzer.cpp
@@ -0,0 +1,42 @@
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "libfdt.h"
+#include "libfdt_env.h"
+
+void walk_device_tree(const void *device_tree, int parent_node) {
+  int len = 0;
+  const char *node_name = fdt_get_name(device_tree, parent_node, &len);
+  if (node_name != NULL) {
+    // avoid clang complaining about unused variable node_name and force
+    // ASan to validate string pointer in strlen call.
+    assert(strlen(node_name) == len);
+  }
+
+  uint32_t phandle = fdt_get_phandle(device_tree, parent_node);
+  if (phandle != 0) {
+    assert(parent_node == fdt_node_offset_by_phandle(device_tree, phandle));
+  }
+
+  // recursively walk the node's children
+  for (int node = fdt_first_subnode(device_tree, parent_node); node >= 0;
+       node = fdt_next_subnode(device_tree, node)) {
+    walk_device_tree(device_tree, node);
+  }
+}
+
+// Information on device tree is available in external/dtc/Documentation/
+// folder.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // Non-zero return values are reserved for future use.
+  if (size < FDT_V17_SIZE) return 0;
+
+  if (fdt_check_header(data) != 0) return 0;
+
+  int root_node_offset = 0;
+  walk_device_tree(data, root_node_offset);
+
+  return 0;
+}
\ No newline at end of file