• Home
Name Date Size #Lines LOC

..--

Android.bpD03-May-20242.1 KiB7370

README.mdD03-May-20243.3 KiB6654

oboeservice_fuzzer.cppD03-May-202413.2 KiB371290

README.md

1# Fuzzer for libaaudioservice
2
3## Plugin Design Considerations
4The fuzzer plugin for libaaudioservice is designed based on the
5understanding of the service and tries to achieve the following:
6
7##### Maximize code coverage
8The configuration parameters are not hardcoded, but instead selected based on
9incoming data. This ensures more code paths are reached by the fuzzer.
10
11AAudio Service request contains the following parameters:
121. AAudioFormat
132. UserId
143. ProcessId
154. InService
165. DeviceId
176. SampleRate
187. SamplesPerFrame
198. Direction
209. SharingMode
2110. Usage
2211. ContentType
2312. InputPreset
2413. BufferCapacity
25
26| Parameter| Valid Input Values| Configured Value|
27|------------- |-------------| ----- |
28| `AAudioFormat` | `AAUDIO_FORMAT_UNSPECIFIED`, `AAUDIO_FORMAT_PCM_I16`, `AAUDIO_FORMAT_PCM_FLOAT` | Value chosen from valid values by obtaining index from FuzzedDataProvider |
29| `UserId`   | `INT32_MIN` to `INT32_MAX` | Value obtained from getuid() |
30| `ProcessId`   | `INT32_MIN` to `INT32_MAX` | Value obtained from getpid() |
31| `InService`   | `bool` | Value obtained from FuzzedDataProvider |
32| `DeviceId`   | `INT32_MIN` to `INT32_MAX` | Value obtained from FuzzedDataProvider |
33| `SampleRate`   | `INT32_MIN` to `INT32_MAX` | Value obtained from FuzzedDataProvider |
34| `SamplesPerFrame` | `INT32_MIN` to `INT32_MAX` | Value obtained from FuzzedDataProvider |
35| `Direction` | `AAUDIO_DIRECTION_OUTPUT`, `AAUDIO_DIRECTION_INPUT` | Value chosen from valid values by obtaining index from FuzzedDataProvider |
36| `SharingMode` | `AAUDIO_SHARING_MODE_EXCLUSIVE`, `AAUDIO_SHARING_MODE_SHARED` | Value chosen from valid values by obtaining index from FuzzedDataProvider |
37| `Usage` | `AAUDIO_USAGE_MEDIA`, `AAUDIO_USAGE_VOICE_COMMUNICATION`, `AAUDIO_USAGE_VOICE_COMMUNICATION_SIGNALLING`, `AAUDIO_USAGE_ALARM`, `AAUDIO_USAGE_NOTIFICATION`, `AAUDIO_USAGE_NOTIFICATION_RINGTONE`, `AAUDIO_USAGE_NOTIFICATION_EVENT`, `AAUDIO_USAGE_ASSISTANCE_ACCESSIBILITY`, `AAUDIO_USAGE_ASSISTANCE_NAVIGATION_GUIDANCE`, `AAUDIO_USAGE_ASSISTANCE_SONIFICATION`, `AAUDIO_USAGE_GAME`, `AAUDIO_USAGE_ASSISTANT`, `AAUDIO_SYSTEM_USAGE_EMERGENCY`, `AAUDIO_SYSTEM_USAGE_SAFETY`, `AAUDIO_SYSTEM_USAGE_VEHICLE_STATUS`, `AAUDIO_SYSTEM_USAGE_ANNOUNCEMENT` | Value chosen from valid values by obtaining index from FuzzedDataProvider |
38| `ContentType` | `AAUDIO_CONTENT_TYPE_SPEECH`, `AAUDIO_CONTENT_TYPE_MUSIC`, `AAUDIO_CONTENT_TYPE_MOVIE`, `AAUDIO_CONTENT_TYPE_SONIFICATION` | Value chosen from valid values by obtaining index from FuzzedDataProvider |
39| `InputPreset` | `AAUDIO_INPUT_PRESET_GENERIC`, `AAUDIO_INPUT_PRESET_CAMCORDER`, `AAUDIO_INPUT_PRESET_VOICE_RECOGNITION`, `AAUDIO_INPUT_PRESET_VOICE_COMMUNICATION`, `AAUDIO_INPUT_PRESET_UNPROCESSED`, `AAUDIO_INPUT_PRESET_VOICE_PERFORMANCE` | Value chosen from valid values by obtaining index from FuzzedDataProvider |
40| `BufferCapacity` | `INT32_MIN` to `INT32_MAX` | Value obtained from FuzzedDataProvider |
41
42This also ensures that the plugin is always deterministic for any given input.
43
44## Build
45
46This describes steps to build oboeservice_fuzzer binary.
47
48### Android
49
50#### Steps to build
51Build the fuzzer
52```
53  $ mm -j$(nproc) oboeservice_fuzzer
54```
55
56#### Steps to run
57To run on device
58```
59  $ adb sync data
60  $ adb shell /data/fuzz/arm64/oboeservice_fuzzer/oboeservice_fuzzer
61```
62
63## References:
64 * http://llvm.org/docs/LibFuzzer.html
65 * https://github.com/google/oss-fuzz
66