1 /* 2 * Copyright 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <fuzzer/FuzzedDataProvider.h> 20 21 #include <binder/Parcel.h> 22 #include <binder/Status.h> 23 #include <stdio.h> 24 #include <utils/String8.h> 25 #include <cstdint> 26 #include <sstream> 27 #include <string> 28 29 namespace android { 30 /* This is a vector of lambda functions the fuzzer will pull from. 31 * This is done so new functions can be added to the fuzzer easily 32 * without requiring modifications to the main fuzzer file. This also 33 * allows multiple fuzzers to include this file, if functionality is needed. 34 */ 35 static const std::vector<std::function<void(FuzzedDataProvider*, binder::Status*, Parcel*)>> 36 gStatusOperations = { 37 [](FuzzedDataProvider*, binder::Status* status, Parcel* parcel) -> void { 38 parcel->setDataPosition(0); 39 status->readFromParcel(*parcel); 40 }, 41 [](FuzzedDataProvider*, binder::Status* status, Parcel* parcel) -> void { 42 status->writeToParcel(parcel); 43 }, 44 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void { 45 std::string message_str = 46 fdp->ConsumeRandomLengthString(fdp->remaining_bytes()); 47 String8 message(message_str.c_str()); 48 status->setServiceSpecificError(fdp->ConsumeIntegral<int32_t>(), message); 49 }, 50 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void { 51 std::string message_str = 52 fdp->ConsumeRandomLengthString(fdp->remaining_bytes()); 53 String8 message(message_str.c_str()); 54 status->setException(fdp->ConsumeIntegral<int32_t>(), message); 55 }, 56 [](FuzzedDataProvider*, binder::Status* status, Parcel*) -> void { status->ok(); }, 57 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void { 58 std::string message_str = 59 fdp->ConsumeRandomLengthString(fdp->remaining_bytes()); 60 String8 message(message_str.c_str()); 61 *status = binder::Status::fromExceptionCode(fdp->ConsumeIntegral<int32_t>(), 62 message); 63 }, 64 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void { 65 *status = binder::Status::fromServiceSpecificError( 66 fdp->ConsumeIntegral<int32_t>()); 67 }, 68 [](FuzzedDataProvider* fdp, binder::Status*, Parcel*) -> void { 69 binder::Status::exceptionToString(fdp->ConsumeIntegral<int32_t>()); 70 }, 71 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void { 72 std::string message_str = 73 fdp->ConsumeRandomLengthString(fdp->remaining_bytes()); 74 String8 message(message_str.c_str()); 75 *status = binder::Status::fromServiceSpecificError(fdp->ConsumeIntegral< 76 int32_t>(), 77 message); 78 }, 79 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void { 80 *status = binder::Status::fromStatusT(fdp->ConsumeIntegral<status_t>()); 81 }, 82 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void { 83 status->setFromStatusT(fdp->ConsumeIntegral<status_t>()); 84 }, 85 [](FuzzedDataProvider*, binder::Status* status, Parcel*) -> void { 86 std::stringstream ss; 87 ss << *status; 88 }, 89 }; 90 91 } // namespace android 92