From 3ec797638303931fdfd204581540be7f079c093f Mon Sep 17 00:00:00 2001 From: Onkar Shinde Date: Thu, 2 May 2024 16:09:58 +0530 Subject: Create decoder using fd and buffer Test: ./imagedecoder_fuzzer corpus/ exec/s: 40 Bug: 326543079 Change-Id: I42af404243ce6bf7a963a5bbea8c7968d6eee28d --- native/graphics/jni/fuzz/fuzz_imagedecoder.cpp | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/native/graphics/jni/fuzz/fuzz_imagedecoder.cpp b/native/graphics/jni/fuzz/fuzz_imagedecoder.cpp index 886f3075df72..6743997fb152 100644 --- a/native/graphics/jni/fuzz/fuzz_imagedecoder.cpp +++ b/native/graphics/jni/fuzz/fuzz_imagedecoder.cpp @@ -31,6 +31,20 @@ struct PixelFreer { using PixelPointer = std::unique_ptr; +AImageDecoder* init(const uint8_t* data, size_t size, bool useFileDescriptor) { + AImageDecoder* decoder = nullptr; + if (useFileDescriptor) { + constexpr char testFd[] = "tempFd"; + int32_t fileDesc = open(testFd, O_RDWR | O_CREAT | O_TRUNC); + write(fileDesc, data, size); + AImageDecoder_createFromFd(fileDesc, &decoder); + close(fileDesc); + } else { + AImageDecoder_createFromBuffer(data, size, &decoder); + } + return decoder; +} + extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { FuzzedDataProvider dataProvider = FuzzedDataProvider(data, size); /** @@ -39,8 +53,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { */ const int32_t dataSize = dataProvider.ConsumeIntegralInRange(0, (size * 80) / 100); std::vector inputBuffer = dataProvider.ConsumeBytes(dataSize); - AImageDecoder* decoder = nullptr; - AImageDecoder_createFromBuffer(inputBuffer.data(), inputBuffer.size(), &decoder); + AImageDecoder* decoder = + init(inputBuffer.data(), inputBuffer.size(), dataProvider.ConsumeBool()); if (!decoder) { return 0; } -- cgit v1.2.3-59-g8ed1b