• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <commonFuzzHelpers.h>
18 #include <fuzzer/FuzzedDataProvider.h>
19 #include <string>
20 #include <vector>
21 #include "BufferedTextOutput.h"
22 
23 namespace android {
24 
25 class FuzzBufferedTextOutput : public BufferedTextOutput {
26 public:
FuzzBufferedTextOutput(uint32_t flags)27     FuzzBufferedTextOutput(uint32_t flags) : BufferedTextOutput(flags) {}
writeLines(const struct iovec & buf,size_t)28     virtual status_t writeLines(const struct iovec& buf, size_t) {
29         size_t len = buf.iov_len;
30         void* tmp_buf = malloc(len);
31 
32         if (tmp_buf == NULL) {
33             return status_t();
34         }
35 
36         // This will attempt to read data from iov_base to ensure valid params were passed.
37         memcpy(tmp_buf, buf.iov_base, len);
38         free(tmp_buf);
39         return status_t();
40     }
41 };
42 
43 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)44 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
45     FuzzedDataProvider fdp(data, size);
46     uint32_t flags = fdp.ConsumeIntegral<uint32_t>();
47     size_t push_count = 0;
48     std::shared_ptr<BufferedTextOutput> bTextOutput(new FuzzBufferedTextOutput(flags));
49 
50     while (fdp.remaining_bytes() > 0) {
51         fdp.PickValueInArray<std::function<void()>>({
52                 [&]() -> void {
53                     bTextOutput->pushBundle();
54                     push_count++;
55                 },
56                 [&]() -> void {
57                     std::string txt = fdp.ConsumeRandomLengthString(fdp.remaining_bytes());
58                     size_t len = fdp.ConsumeIntegralInRange<size_t>(0, txt.length());
59                     bTextOutput->print(txt.c_str(), len);
60                 },
61                 [&]() -> void {
62                     if (push_count == 0) return;
63 
64                     bTextOutput->popBundle();
65                     push_count--;
66                 },
67         })();
68     }
69 
70     return 0;
71 }
72 } // namespace android
73