diff options
Diffstat (limited to 'libs')
| -rw-r--r-- | libs/binder/fuzzer/main.cpp | 25 | ||||
| -rw-r--r-- | libs/binder/fuzzer/util.h | 33 |
2 files changed, 39 insertions, 19 deletions
diff --git a/libs/binder/fuzzer/main.cpp b/libs/binder/fuzzer/main.cpp index 31b27ab47b..929e2c3bfe 100644 --- a/libs/binder/fuzzer/main.cpp +++ b/libs/binder/fuzzer/main.cpp @@ -51,12 +51,25 @@ void doFuzz( } void fuzz(uint8_t options, const std::vector<uint8_t>& input, const std::vector<uint8_t>& instructions) { - (void) options; - - // although they will do completely different things, might as well fuzz both - doFuzz<::android::hardware::Parcel>(HWBINDER_PARCEL_READ_FUNCTIONS, input, instructions); - doFuzz<::android::Parcel>(BINDER_PARCEL_READ_FUNCTIONS, input, instructions); - doFuzz<NdkParcelAdapter>(BINDER_NDK_PARCEL_READ_FUNCTIONS, input, instructions); + uint8_t parcelType = options & 0x3; + + switch (parcelType) { + case 0x0: + doFuzz<::android::hardware::Parcel>(HWBINDER_PARCEL_READ_FUNCTIONS, input, + instructions); + break; + case 0x1: + doFuzz<::android::Parcel>(BINDER_PARCEL_READ_FUNCTIONS, input, instructions); + break; + case 0x2: + doFuzz<NdkParcelAdapter>(BINDER_NDK_PARCEL_READ_FUNCTIONS, input, instructions); + break; + case 0x3: + /*reserved for future use*/ + break; + default: + LOG_ALWAYS_FATAL("unknown parcel type %d", static_cast<int>(parcelType)); + } } extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { diff --git a/libs/binder/fuzzer/util.h b/libs/binder/fuzzer/util.h index 416c3a718e..a28cd1e129 100644 --- a/libs/binder/fuzzer/util.h +++ b/libs/binder/fuzzer/util.h @@ -23,27 +23,34 @@ #error "Must define FUZZ_LOG_TAG" #endif -#define ENABLE_LOG_FUZZ 1 -#define FUZZ_LOG() FuzzLog(FUZZ_LOG_TAG, ENABLE_LOG_FUZZ).log() +// for local debugging +#define ENABLE_LOG_FUZZ 0 +#define FUZZ_LOG() FuzzLog(FUZZ_LOG_TAG).log() + +#if ENABLE_LOG_FUZZ == 1 class FuzzLog { public: - FuzzLog(const std::string& tag, bool log) : mTag(tag), mLog(log) {} - ~FuzzLog() { - if (mLog) { - std::cout << mTag << ": " << mOs.str() << std::endl; - } - } + FuzzLog(const char* tag) : mTag(tag) {} + ~FuzzLog() { std::cout << mTag << ": " << mOs.str() << std::endl; } - std::stringstream& log() { - return mOs; - } + std::stringstream& log() { return mOs; } private: - std::string mTag; - bool mLog; + const char* mTag = nullptr; std::stringstream mOs; }; +#else +class FuzzLog { +public: + FuzzLog(const char* /*tag*/) {} + template <typename T> + FuzzLog& operator<<(const T& /*t*/) { + return *this; + } + FuzzLog& log() { return *this; } +}; +#endif std::string hexString(const void* bytes, size_t len); std::string hexString(const std::vector<uint8_t>& bytes); |