diff options
| -rw-r--r-- | libs/binder/fuzzer/binder.cpp | 42 | ||||
| -rw-r--r-- | libs/binder/fuzzer/util.cpp | 12 | ||||
| -rw-r--r-- | libs/binder/fuzzer/util.h | 3 |
3 files changed, 49 insertions, 8 deletions
diff --git a/libs/binder/fuzzer/binder.cpp b/libs/binder/fuzzer/binder.cpp index 1aabfe6907..86264dbe9d 100644 --- a/libs/binder/fuzzer/binder.cpp +++ b/libs/binder/fuzzer/binder.cpp @@ -37,6 +37,29 @@ private: int64_t mExampleUsedData = 0; }; +struct ExampleFlattenable : public android::Flattenable<ExampleFlattenable> { +public: + size_t getFlattenedSize() const { return sizeof(mValue); } + size_t getFdCount() const { return 0; } + status_t flatten(void*& /*buffer*/, size_t& /*size*/, int*& /*fds*/, size_t& /*count*/) const { + FUZZ_LOG() << "should not reach"; + abort(); + } + status_t unflatten(void const*& buffer, size_t& size, int const*& /*fds*/, size_t& /*count*/) { + if (size < sizeof(mValue)) { + return android::NO_MEMORY; + } + android::FlattenableUtils::read(buffer, size, mValue); + return android::OK; + } +private: + int32_t mValue = 0xFEEDBEEF; +}; + +struct ExampleLightFlattenable : public android::LightFlattenablePod<ExampleLightFlattenable> { + int32_t mValue = 0; +}; + #define PARCEL_READ_WITH_STATUS(T, FUN) \ [] (const ::android::Parcel& p, uint8_t /*data*/) {\ FUZZ_LOG() << "about to read " #T " using " #FUN " with status";\ @@ -102,7 +125,7 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { [] (const ::android::Parcel& p, uint8_t len) { FUZZ_LOG() << "about to readInplace"; const void* r = p.readInplace(len); - FUZZ_LOG() << "readInplace done. pointer: " << r; + FUZZ_LOG() << "readInplace done. pointer: " << r << " bytes: " << hexString(r, len); }, PARCEL_READ_OPT_STATUS(int32_t, readInt32), PARCEL_READ_OPT_STATUS(uint32_t, readUint32), @@ -129,7 +152,8 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { FUZZ_LOG() << "about to readString16Inplace"; size_t outLen = 0; const char16_t* str = p.readString16Inplace(&outLen); - FUZZ_LOG() << "readString16Inplace: " << (str ? "non-null" : "null") << " size: " << outLen; + FUZZ_LOG() << "readString16Inplace: " << hexString(str, sizeof(char16_t) * outLen) + << " size: " << outLen; }, PARCEL_READ_WITH_STATUS(android::sp<android::IBinder>, readStrongBinder), PARCEL_READ_WITH_STATUS(android::sp<android::IBinder>, readNullableStrongBinder), @@ -173,8 +197,18 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<std::unique_ptr<std::string>>>, readUtf8VectorFromUtf16Vector), // PARCEL_READ_WITH_STATUS(std::vector<std::string>, readUtf8VectorFromUtf16Vector), - // TODO: read(Flattenable<T>) - // TODO: read(LightFlattenable<T>) + [] (const android::Parcel& p, uint8_t /*len*/) { + FUZZ_LOG() << "about to read flattenable"; + ExampleFlattenable f; + status_t status = p.read(f); + FUZZ_LOG() << "read flattenable: " << status; + }, + [] (const android::Parcel& p, uint8_t /*len*/) { + FUZZ_LOG() << "about to read lite flattenable"; + ExampleLightFlattenable f; + status_t status = p.read(f); + FUZZ_LOG() << "read lite flattenable: " << status; + }, // TODO(b/131868573): can force read of arbitrarily sized vector // TODO: resizeOutVector diff --git a/libs/binder/fuzzer/util.cpp b/libs/binder/fuzzer/util.cpp index b3a4ee745d..b1213e9007 100644 --- a/libs/binder/fuzzer/util.cpp +++ b/libs/binder/fuzzer/util.cpp @@ -21,11 +21,17 @@ #include <iomanip> #include <sstream> -std::string hexString(const std::vector<uint8_t>& hash) { +std::string hexString(const void* bytes, size_t len) { + if (bytes == nullptr) return "<null>"; + std::ostringstream s; s << std::hex << std::setfill('0'); - for (uint8_t i : hash) { - s << std::setw(2) << static_cast<int>(i); + for (size_t i = 0; i < len; i++) { + s << std::setw(2) << static_cast<int>( + static_cast<const uint8_t*>(bytes)[i]); } return s.str(); } +std::string hexString(const std::vector<uint8_t>& bytes) { + return hexString(bytes.data(), bytes.size()); +} diff --git a/libs/binder/fuzzer/util.h b/libs/binder/fuzzer/util.h index 07e68a8211..416c3a718e 100644 --- a/libs/binder/fuzzer/util.h +++ b/libs/binder/fuzzer/util.h @@ -45,4 +45,5 @@ private: std::stringstream mOs; }; -std::string hexString(const std::vector<uint8_t>& hash); +std::string hexString(const void* bytes, size_t len); +std::string hexString(const std::vector<uint8_t>& bytes); |