1 //
2 // Copyright 2019 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15
16 #include <string>
17
18 #include <base/logging.h>
19 #include <fuzzer/FuzzedDataProvider.h>
20
21 #include "update_engine/common/download_action.h"
22 #include "update_engine/common/fake_boot_control.h"
23 #include "update_engine/common/fake_hardware.h"
24 #include "update_engine/common/prefs.h"
25 #include "update_engine/payload_consumer/delta_performer.h"
26 #include "update_engine/payload_consumer/install_plan.h"
27
28 namespace chromeos_update_engine {
29
30 class FakeDownloadActionDelegate : public DownloadActionDelegate {
31 public:
32 FakeDownloadActionDelegate() = default;
33 ~FakeDownloadActionDelegate() = default;
34
35 // DownloadActionDelegate overrides;
BytesReceived(uint64_t bytes_progressed,uint64_t bytes_received,uint64_t total)36 void BytesReceived(uint64_t bytes_progressed,
37 uint64_t bytes_received,
38 uint64_t total) override{};
39
ShouldCancel(ErrorCode * cancel_reason)40 bool ShouldCancel(ErrorCode* cancel_reason) override { return false; };
41
DownloadComplete()42 void DownloadComplete() override{};
43
44 DISALLOW_COPY_AND_ASSIGN(FakeDownloadActionDelegate);
45 };
46
FuzzDeltaPerformer(const uint8_t * data,size_t size)47 void FuzzDeltaPerformer(const uint8_t* data, size_t size) {
48 MemoryPrefs prefs;
49 FakeBootControl boot_control;
50 FakeHardware hardware;
51 FakeDownloadActionDelegate download_action_delegate;
52
53 FuzzedDataProvider data_provider(data, size);
54
55 InstallPlan install_plan{
56 .target_slot = 1,
57 .partitions = {InstallPlan::Partition{
58 .source_path = "/dev/zero",
59 .source_size = 4096,
60 .target_path = "/dev/null",
61 .target_size = 4096,
62 }},
63 .hash_checks_mandatory = true,
64 };
65
66 InstallPlan::Payload payload{
67 .size = data_provider.ConsumeIntegralInRange<uint64_t>(0, 10000),
68 .metadata_size = data_provider.ConsumeIntegralInRange<uint64_t>(0, 1000),
69 .hash = data_provider.ConsumeBytes<uint8_t>(32),
70 .type = static_cast<InstallPayloadType>(
71 data_provider.ConsumeIntegralInRange(0, 3)),
72 .already_applied = data_provider.ConsumeBool(),
73 };
74
75 DeltaPerformer performer(&prefs,
76 &boot_control,
77 &hardware,
78 &download_action_delegate,
79 &install_plan,
80 &payload,
81 data_provider.ConsumeBool());
82 do {
83 auto chunk_size = data_provider.ConsumeIntegralInRange<size_t>(0, 100);
84 auto data = data_provider.ConsumeBytes<uint8_t>(chunk_size);
85 if (!performer.Write(data.data(), data.size()))
86 break;
87 } while (data_provider.remaining_bytes() > 0);
88 }
89
90 } // namespace chromeos_update_engine
91
92 class Environment {
93 public:
Environment()94 Environment() { logging::SetMinLogLevel(logging::LOG_FATAL); }
95 };
96
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)97 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
98 if (size > 1000000) {
99 return 0;
100 }
101
102 static Environment env;
103 chromeos_update_engine::FuzzDeltaPerformer(data, size);
104 return 0;
105 }
106