diff options
| author | 2021-09-20 15:49:11 -0700 | |
|---|---|---|
| committer | 2021-09-20 15:54:19 -0700 | |
| commit | bbfdb59708a13e7d76bba07fcb588bb2b905c3fc (patch) | |
| tree | 80e350594abd14fae7b271d179a633818ed50828 /libs/gui/DebugEGLImageTracker.cpp | |
| parent | 963b7bbac0352ce3d058bbd7e582930ff6c89e46 (diff) | |
binder_rpc_fuzzer: use ConsumeRandomLengthString
This function uses a clever mechanism (by establishing an end-of-string
sequence '\[^\]' and treating '\\' as '\') in order to allow
perterbations from the fuzzer to more easily resize a string being read
without changing the structure of the rest of the fuzz data. In the
previous solution (since FuzzedDataProvider reads integral values off of
the end of the fuzz data), a change in the size of data being read may
shift things in the string in a way that fundamentally changes the
structure of the data being processed. In order to try to allow the
fuzzer to more easily exploit high-coverage strings, changing to this
approach.
Note, ConsumeRandomLengthString will read in binary data as well and it
will also allow null bytes.
Bug: 199324691
Test: binder_rpc_fuzzer
Change-Id: Iaab6e7045add2e0bf541e5218364ffba49138bdc
Diffstat (limited to 'libs/gui/DebugEGLImageTracker.cpp')
0 files changed, 0 insertions, 0 deletions