1# Fuzzer for libmedialogservice 2 3## Plugin Design Considerations 4The fuzzer plugin for libmedialogservice is designed based on the understanding of the 5service and tries to achieve the following: 6 7##### Maximize code coverage 8The configuration parameters are not hardcoded, but instead selected based on 9incoming data. This ensures more code paths are reached by the fuzzer. 10 11medialogservice supports the following parameters: 121. Writer name (parameter name: `writerNameIdx`) 132. Log size (parameter name: `logSize`) 143. Enable dump before unrgister API (parameter name: `shouldDumpBeforeUnregister`) 155. size of string for log dump (parameter name: `numberOfLines`) 16 17| Parameter| Valid Values| Configured Value| 18|------------- |-------------| ----- | 19| `writerNameIdx` | 0. `0` 1. `1` | Value obtained from FuzzedDataProvider | 20| `logSize` | In the range `256 to 65536` | Value obtained from FuzzedDataProvider | 21| `shouldDumpBeforeUnregister` | 0. `0` 1. `1` | Value obtained from FuzzedDataProvider | 22| `numberOfLines` | In the range `0 to 65535` | Value obtained from FuzzedDataProvider | 23 24This also ensures that the plugin is always deterministic for any given input. 25 26## Build 27 28This describes steps to build media_log_fuzzer binary. 29 30### Android 31 32#### Steps to build 33Build the fuzzer 34``` 35 $ mm -j$(nproc) media_log_fuzzer 36``` 37 38#### Steps to run 39Create a directory CORPUS_DIR and copy some files to that folder 40Push this directory to device. 41 42To run on device 43``` 44 $ adb sync data 45 $ adb shell /data/fuzz/arm64/media_log_fuzzer/media_log_fuzzer CORPUS_DIR 46``` 47 48## References: 49 * http://llvm.org/docs/LibFuzzer.html 50 * https://github.com/google/oss-fuzz 51