diff options
| author | 2022-11-17 18:20:50 +0000 | |
|---|---|---|
| committer | 2022-11-17 18:20:50 +0000 | |
| commit | 9de12854cbf36bd1e194b3100d39ff43247d8b64 (patch) | |
| tree | e31b3c36c4bbc63ca59a396f174afce61e31ef43 | |
| parent | 58c011a4c9f56312ba395af177b1e150474e15cd (diff) | |
| parent | 77d868a4765eb1932daeea081a919b7b4fdab8bb (diff) | |
Merge "Skipping enforceNoDataAvail in fuzzService" am: 84af7ae353 am: 77d868a476
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2303440
Change-Id: Ic5f14bbfbfbc88b77e55c62db6bd866e5c473fbc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| -rw-r--r-- | libs/binder/Parcel.cpp | 9 | ||||
| -rw-r--r-- | libs/binder/include/binder/Parcel.h | 6 | ||||
| -rw-r--r-- | libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp | 4 |
3 files changed, 19 insertions, 0 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 07d0a65ae0..4b07608a79 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -966,7 +966,15 @@ bool Parcel::enforceInterface(const char16_t* interface, } } +void Parcel::setEnforceNoDataAvail(bool enforceNoDataAvail) { + mEnforceNoDataAvail = enforceNoDataAvail; +} + binder::Status Parcel::enforceNoDataAvail() const { + if (!mEnforceNoDataAvail) { + return binder::Status::ok(); + } + const auto n = dataAvail(); if (n == 0) { return binder::Status::ok(); @@ -3077,6 +3085,7 @@ void Parcel::initState() mAllowFds = true; mDeallocZero = false; mOwner = nullptr; + mEnforceNoDataAvail = true; } void Parcel::scanForFds() const { diff --git a/libs/binder/include/binder/Parcel.h b/libs/binder/include/binder/Parcel.h index 6de6ce8025..f730acb9f8 100644 --- a/libs/binder/include/binder/Parcel.h +++ b/libs/binder/include/binder/Parcel.h @@ -150,6 +150,9 @@ public: // Returns Status(EX_BAD_PARCELABLE) when the Parcel is not consumed. binder::Status enforceNoDataAvail() const; + // This Api is used by fuzzers to skip dataAvail checks. + void setEnforceNoDataAvail(bool enforceNoDataAvail); + void freeData(); size_t objectsCount() const; @@ -1329,6 +1332,9 @@ private: // data to be overridden with zero when deallocated mutable bool mDeallocZero; + // Set this to false to skip dataAvail checks. + bool mEnforceNoDataAvail; + release_func mOwner; size_t mReserved; diff --git a/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp b/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp index 25f609674e..9670aa30d8 100644 --- a/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp +++ b/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp @@ -34,6 +34,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { uint32_t code = provider.ConsumeIntegral<uint32_t>(); uint32_t flags = provider.ConsumeIntegral<uint32_t>(); Parcel data; + // for increased fuzz coverage + data.setEnforceNoDataAvail(provider.ConsumeBool()); sp<IBinder> target = options.extraBinders.at( provider.ConsumeIntegralInRange<size_t>(0, options.extraBinders.size() - 1)); @@ -50,6 +52,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { fillRandomParcel(&data, FuzzedDataProvider(subData.data(), subData.size()), &options); Parcel reply; + // for increased fuzz coverage + reply.setEnforceNoDataAvail(provider.ConsumeBool()); (void)target->transact(code, data, &reply, flags); // feed back in binders and fds that are returned from the service, so that |