diff options
| author | 2022-01-26 01:38:32 +0000 | |
|---|---|---|
| committer | 2022-01-26 01:38:32 +0000 | |
| commit | d4f6ab5e6a659f43c1ab94883ea5b24c0b512505 (patch) | |
| tree | 38374d5287aee1e6a7444ba26e346c9113dd08bc /libs/gui/LayerDebugInfo.cpp | |
| parent | 2aab4a792be4311a91d389316c857f2b8f576dc8 (diff) | |
rpc_binder_fuzzer: case with transaction
We still weren't getting coverage here, so manual corpus.
Here is the layout of a special transaction to get the root object, and
a transaction on the root object, respectively:
/ .... init ... \/ conn init \/ RpcWireHeader \/ RpcTransactionBody \/ ctrl \
000000F0000000000000000000000000636369000000000000000000280000001111111111111111000000000000000000000000000000000000000000000000000000000000000000000000000000008d4a8d4a
000000F0000000000000000000000000636369000000000000000000280000001111111111111111030000000000000000000000000000000000000000000000000000000000000000000000000000008d4a8d4a
The test case which is added is done by joining these two transactions
(the root object must be retrieved before we can transact on it).
echo "000000F00000000000000000000000006363690000000000000000002800000011111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000280000001111111111111111030000000000000000000000000000000000000000000000000000000000000000000000000000008d4a8d4a" | xxd -ps -r
Hopefully this will be enough for the fuzzer to find the transaction
operations we have setup there.
Bug: 199324691
Test: rpc_binder_fuzzer tests/rpc_fuzzer/corpus/transact_on_binder (w/ log showing coverage)
Change-Id: I4b9b62525ec27994db261d7ee354049a21168602
Diffstat (limited to 'libs/gui/LayerDebugInfo.cpp')
0 files changed, 0 insertions, 0 deletions