diff options
| author | 2019-09-30 15:31:35 -0700 | |
|---|---|---|
| committer | 2019-09-30 18:29:11 -0700 | |
| commit | 6d81393c13ba5bf816fe0ed7c39b51c9af3cb6be (patch) | |
| tree | 439ba2eaccf3d9b131f31019209c0518aeb93ee7 | |
| parent | 7c7c6485310be3474b35787548adf492d2425ef5 (diff) | |
libbinder fuzzer: read flattenable
Bug: 131861045
Test: binder_parcel_fuzzer (for a few minutes)
Change-Id: Ic5657e0e0a4da7ab9cf6080a1912941c15c59a5c
| -rw-r--r-- | libs/binder/fuzzer/binder.cpp | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/libs/binder/fuzzer/binder.cpp b/libs/binder/fuzzer/binder.cpp index 1aabfe6907..f678f4c912 100644 --- a/libs/binder/fuzzer/binder.cpp +++ b/libs/binder/fuzzer/binder.cpp @@ -37,6 +37,29 @@ private: int64_t mExampleUsedData = 0; }; +struct ExampleFlattenable : public android::Flattenable<ExampleFlattenable> { +public: + size_t getFlattenedSize() const { return sizeof(mValue); } + size_t getFdCount() const { return 0; } + status_t flatten(void*& /*buffer*/, size_t& /*size*/, int*& /*fds*/, size_t& /*count*/) const { + FUZZ_LOG() << "should not reach"; + abort(); + } + status_t unflatten(void const*& buffer, size_t& size, int const*& /*fds*/, size_t& /*count*/) { + if (size < sizeof(mValue)) { + return android::NO_MEMORY; + } + android::FlattenableUtils::read(buffer, size, mValue); + return android::OK; + } +private: + int32_t mValue = 0xFEEDBEEF; +}; + +struct ExampleLightFlattenable : public android::LightFlattenablePod<ExampleLightFlattenable> { + int32_t mValue = 0; +}; + #define PARCEL_READ_WITH_STATUS(T, FUN) \ [] (const ::android::Parcel& p, uint8_t /*data*/) {\ FUZZ_LOG() << "about to read " #T " using " #FUN " with status";\ @@ -173,8 +196,18 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<std::unique_ptr<std::string>>>, readUtf8VectorFromUtf16Vector), // PARCEL_READ_WITH_STATUS(std::vector<std::string>, readUtf8VectorFromUtf16Vector), - // TODO: read(Flattenable<T>) - // TODO: read(LightFlattenable<T>) + [] (const android::Parcel& p, uint8_t /*len*/) { + FUZZ_LOG() << "about to read flattenable"; + ExampleFlattenable f; + status_t status = p.read(f); + FUZZ_LOG() << "read flattenable: " << status; + }, + [] (const android::Parcel& p, uint8_t /*len*/) { + FUZZ_LOG() << "about to read lite flattenable"; + ExampleLightFlattenable f; + status_t status = p.read(f); + FUZZ_LOG() << "read lite flattenable: " << status; + }, // TODO(b/131868573): can force read of arbitrarily sized vector // TODO: resizeOutVector |