• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright 2017 The Chromium OS Authors. All rights reserved.
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  */
5 
6 #include <assert.h>
7 #include <fuzzer/FuzzedDataProvider.h>
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 extern "C" {
12 #include "cras_apm_list.h"
13 #include "cras_bt_log.h"
14 #include "cras_dsp.h"
15 #include "cras_iodev_list.h"
16 #include "cras_mix.h"
17 #include "cras_observer.h"
18 #include "cras_rclient.h"
19 #include "cras_shm.h"
20 #include "cras_system_state.h"
21 
22 struct cras_bt_event_log* btlog;
23 }
24 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
26   cras_rclient* client = cras_rclient_create(0, 0, CRAS_CONTROL);
27   if (size < 300) {
28     /* Feeds input data directly if the given bytes is too short. */
29     cras_rclient_buffer_from_client(client, data, size, NULL, 0);
30   } else {
31     FuzzedDataProvider data_provider(data, size);
32     int fds[1] = {0};
33     int num_fds = data_provider.ConsumeIntegralInRange(0, 1);
34     std::vector<uint8_t> msg = data_provider.ConsumeRemainingBytes<uint8_t>();
35     cras_rclient_buffer_from_client(client, msg.data(), msg.size(), fds,
36                                     num_fds);
37   }
38   cras_rclient_destroy(client);
39 
40   return 0;
41 }
42 
LLVMFuzzerInitialize(int * argc,char *** argv)43 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
44   char* shm_name;
45   if (asprintf(&shm_name, "/cras-%d", getpid()) < 0)
46     exit(-ENOMEM);
47   struct cras_server_state* exp_state =
48       (struct cras_server_state*)calloc(1, sizeof(*exp_state));
49   if (!exp_state)
50     exit(-1);
51   int rw_shm_fd = open("/dev/null", O_RDWR);
52   int ro_shm_fd = open("/dev/null", O_RDONLY);
53   cras_system_state_init("/tmp", shm_name, rw_shm_fd, ro_shm_fd, exp_state,
54                          sizeof(*exp_state));
55   free(shm_name);
56 
57   cras_observer_server_init();
58   cras_mix_init(0);
59   cras_apm_list_init("/etc/cras");
60   cras_iodev_list_init();
61   /* For cros fuzz, emerge adhd with USE=fuzzer will copy dsp.ini.sample to
62    * etc/cras. For OSS-Fuzz the Dockerfile will be responsible for copying the
63    * file. This shouldn't crash CRAS even if the dsp file does not exist. */
64   cras_dsp_init("/etc/cras/dsp.ini.sample");
65   /* Initializes btlog for CRAS_SERVER_DUMP_BT path with CRAS_DBUS defined. */
66   btlog = cras_bt_event_log_init();
67   return 0;
68 }
69