1 // Copyright 2019 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/mac/mach_port_rendezvous.h" 6 7 #include "base/logging.h" 8 #include "base/mac/mach_logging.h" 9 #include "base/synchronization/lock.h" 10 #include "testing/libfuzzer/fuzzers/mach/mach_message_converter.h" 11 #include "testing/libfuzzer/proto/lpm_interface.h" 12 13 namespace base { 14 15 struct MachPortRendezvousFuzzer { MachPortRendezvousFuzzerbase::MachPortRendezvousFuzzer16 MachPortRendezvousFuzzer() { 17 logging::SetMinLogLevel(logging::LOG_FATAL); 18 19 mach_port_t port = 20 base::MachPortRendezvousServer::GetInstance()->server_port_.get(); 21 kern_return_t kr = mach_port_insert_right(mach_task_self(), port, port, 22 MACH_MSG_TYPE_MAKE_SEND); 23 MACH_CHECK(kr == KERN_SUCCESS, kr) << "mach_port_insert_right"; 24 25 server_send_right.reset(port); 26 } 27 ClearClientDatabase::MachPortRendezvousFuzzer28 void ClearClientData() EXCLUSIVE_LOCKS_REQUIRED( 29 base::MachPortRendezvousServer::GetInstance()->GetLock()) { 30 base::MachPortRendezvousServer::GetInstance()->client_data_.clear(); 31 } 32 33 base::mac::ScopedMachSendRight server_send_right; 34 }; 35 36 } // namespace base 37 DEFINE_BINARY_PROTO_FUZZER(const mach_fuzzer::MachMessage & message)38DEFINE_BINARY_PROTO_FUZZER(const mach_fuzzer::MachMessage& message) { 39 static base::MachPortRendezvousFuzzer environment; 40 41 { 42 base::AutoLock lock( 43 base::MachPortRendezvousServer::GetInstance()->GetLock()); 44 environment.ClearClientData(); 45 base::MachPortRendezvousServer::GetInstance()->RegisterPortsForPid( 46 getpid(), {std::make_pair(0xbadbeef, base::MachRendezvousPort{ 47 mach_task_self(), 48 MACH_MSG_TYPE_COPY_SEND})}); 49 } 50 51 SendMessage(environment.server_send_right.get(), message); 52 } 53