Merge "Revert "rpc_binder: Change trusty_tipc_fuzzer
to support multiple connections and messages"" into main am: 81190566f9
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2907204 Change-Id: I465fbbd890c5f401fdd4201f8c268df7505a017b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
c4d82f3d84
1 changed files with 18 additions and 61 deletions
|
@ -14,8 +14,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <android-base/result.h>
|
||||
#include <fuzzer/FuzzedDataProvider.h>
|
||||
#include <stdlib.h>
|
||||
#include <trusty/coverage/coverage.h>
|
||||
#include <trusty/coverage/uuid.h>
|
||||
|
@ -25,7 +23,6 @@
|
|||
#include <iostream>
|
||||
#include <memory>
|
||||
|
||||
using android::base::Result;
|
||||
using android::trusty::coverage::CoverageRecord;
|
||||
using android::trusty::fuzz::ExtraCounters;
|
||||
using android::trusty::fuzz::TrustyApp;
|
||||
|
@ -44,14 +41,7 @@ using android::trusty::fuzz::TrustyApp;
|
|||
#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."
|
||||
#endif
|
||||
|
||||
#ifdef TRUSTY_APP_MAX_CONNECTIONS
|
||||
constexpr size_t MAX_CONNECTIONS = TRUSTY_APP_MAX_CONNECTIONS;
|
||||
#else
|
||||
constexpr size_t MAX_CONNECTIONS = 1;
|
||||
#endif
|
||||
|
||||
static_assert(MAX_CONNECTIONS >= 1);
|
||||
|
||||
static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);
|
||||
static std::unique_ptr<CoverageRecord> record;
|
||||
|
||||
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
|
||||
|
@ -63,8 +53,7 @@ extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
|
|||
}
|
||||
|
||||
/* Make sure lazy-loaded TAs have started and connected to coverage service. */
|
||||
TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);
|
||||
auto ret = ta.Connect();
|
||||
auto ret = kTrustyApp.Connect();
|
||||
if (!ret.ok()) {
|
||||
std::cerr << ret.error() << std::endl;
|
||||
exit(-1);
|
||||
|
@ -84,56 +73,24 @@ extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
Result<void> testOneInput(FuzzedDataProvider& provider) {
|
||||
std::vector<TrustyApp> trustyApps;
|
||||
|
||||
while (provider.remaining_bytes() > 0) {
|
||||
if (trustyApps.size() < MAX_CONNECTIONS && provider.ConsumeBool()) {
|
||||
auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
|
||||
const auto result = ta.Connect();
|
||||
if (!result.ok()) {
|
||||
return result;
|
||||
}
|
||||
} else {
|
||||
const auto i = provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size());
|
||||
std::swap(trustyApps[i], trustyApps.back());
|
||||
|
||||
if (provider.ConsumeBool()) {
|
||||
auto& ta = trustyApps.back();
|
||||
|
||||
const auto data = provider.ConsumeRandomLengthString();
|
||||
auto result = ta.Write(data.data(), data.size());
|
||||
if (!result.ok()) {
|
||||
return result;
|
||||
}
|
||||
|
||||
std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
|
||||
result = ta.Read(buf.data(), buf.size());
|
||||
if (!result.ok()) {
|
||||
return result;
|
||||
}
|
||||
|
||||
// Reconnect to ensure that the service is still up.
|
||||
ta.Disconnect();
|
||||
result = ta.Connect();
|
||||
if (!result.ok()) {
|
||||
std::cerr << result.error() << std::endl;
|
||||
android::trusty::fuzz::Abort();
|
||||
return result;
|
||||
}
|
||||
} else {
|
||||
trustyApps.pop_back();
|
||||
}
|
||||
}
|
||||
}
|
||||
return {};
|
||||
}
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
static uint8_t buf[TIPC_MAX_MSG_SIZE];
|
||||
|
||||
ExtraCounters counters(record.get());
|
||||
counters.Reset();
|
||||
|
||||
FuzzedDataProvider provider(data, size);
|
||||
const auto result = testOneInput(provider);
|
||||
return result.ok() ? 0 : -1;
|
||||
auto ret = kTrustyApp.Write(data, size);
|
||||
if (ret.ok()) {
|
||||
ret = kTrustyApp.Read(&buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// Reconnect to ensure that the service is still up
|
||||
kTrustyApp.Disconnect();
|
||||
ret = kTrustyApp.Connect();
|
||||
if (!ret.ok()) {
|
||||
std::cerr << ret.error() << std::endl;
|
||||
android::trusty::fuzz::Abort();
|
||||
}
|
||||
|
||||
return ret.ok() ? 0 : -1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue