Add VSR 15 and 16 as options in the cxx bindings am: d0d8d70b06
Original change: https://android-review.googlesource.com/c/platform/tools/security/+/2681382
Change-Id: Ifedb65279211cc932b3226f17705b29bb48fcc42
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/fuzzing/example_fuzzer/Android.bp b/fuzzing/example_fuzzer/Android.bp
index 641cfe4..177a085 100644
--- a/fuzzing/example_fuzzer/Android.bp
+++ b/fuzzing/example_fuzzer/Android.bp
@@ -22,7 +22,7 @@
description: "Test Fuzzer",
production_date: "6/8/2019",
critical: false,
- fuzz_on_haiku_device: false,
+ fuzz_on_haiku_device: true,
fuzz_on_haiku_host: true,
triage_assignee: "davfu@google.com"
},
diff --git a/fuzzing/orphans/libskia/Android.bp b/fuzzing/orphans/libskia/Android.bp
index f0020ef..cce7ba3 100644
--- a/fuzzing/orphans/libskia/Android.bp
+++ b/fuzzing/orphans/libskia/Android.bp
@@ -5,6 +5,10 @@
cc_fuzz {
name: "libskia_image_processor_fuzzer",
+ defaults: [
+ "skia_deps",
+ ],
+
srcs: [
"libskia_image_processor_fuzzer.cpp",
],
diff --git a/fuzzing/orphans/libskia/libskia_image_processor_fuzzer.cpp b/fuzzing/orphans/libskia/libskia_image_processor_fuzzer.cpp
index 6f3f2f2..a406cd6 100644
--- a/fuzzing/orphans/libskia/libskia_image_processor_fuzzer.cpp
+++ b/fuzzing/orphans/libskia/libskia_image_processor_fuzzer.cpp
@@ -20,9 +20,13 @@
#include <cstdio>
#include <string>
+#include "SkAlphaType.h"
#include "SkAndroidCodec.h"
#include "SkBitmap.h"
#include "SkCodec.h"
+#include "SkColorType.h"
+#include "SkImageInfo.h"
+#include "SkStream.h"
#include "SkString.h"
#include "fuzzer/FuzzedDataProvider.h"
diff --git a/fuzzing/orphans/libufdt/Android.bp b/fuzzing/orphans/libufdt/Android.bp
new file mode 100644
index 0000000..92e19d1
--- /dev/null
+++ b/fuzzing/orphans/libufdt/Android.bp
@@ -0,0 +1,38 @@
+// Copyright 2022 The Android Open Source Project
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_fuzz {
+ name: "libufdt_fuzzer",
+ srcs: [
+ "libufdt_fuzzer.cpp",
+ ],
+ static_libs: [
+ "libfdt",
+ "libufdt_silent",
+ "libufdt_sysdeps",
+ ],
+ corpus: ["corpus/*"],
+ fuzz_config: {
+ cc: [ "mikemcternan@google.com" ],
+ target_modules: [ "libufdt", "libufdt_sysdeps" ],
+ description:
+ "Fuzzer that checks parsing of faulty FDT blobs and " +
+ "application of overlays to ensure no undefined or OOB " +
+ "behaviours.",
+ acknowledgement: [ "Mike McTernan of Google" ],
+ },
+ host_supported: true,
+}
+
+cc_binary {
+ name: "mkcorpus",
+ srcs: [
+ "mkcorpus.c",
+ ],
+ cflags: [
+ "-Wall",
+ ],
+ host_supported: true,
+}
diff --git a/fuzzing/orphans/libufdt/OWNERS b/fuzzing/orphans/libufdt/OWNERS
new file mode 100644
index 0000000..5b0f507
--- /dev/null
+++ b/fuzzing/orphans/libufdt/OWNERS
@@ -0,0 +1 @@
+mikemcternan@google.com
diff --git a/fuzzing/orphans/libufdt/corpus/fixups.bin b/fuzzing/orphans/libufdt/corpus/fixups.bin
new file mode 100644
index 0000000..97ae098
--- /dev/null
+++ b/fuzzing/orphans/libufdt/corpus/fixups.bin
Binary files differ
diff --git a/fuzzing/orphans/libufdt/corpus/local_fixup.bin b/fuzzing/orphans/libufdt/corpus/local_fixup.bin
new file mode 100644
index 0000000..b9d1960
--- /dev/null
+++ b/fuzzing/orphans/libufdt/corpus/local_fixup.bin
Binary files differ
diff --git a/fuzzing/orphans/libufdt/corpus/local_fixup_with_offset_memreserve.bin b/fuzzing/orphans/libufdt/corpus/local_fixup_with_offset_memreserve.bin
new file mode 100644
index 0000000..2d01d35
--- /dev/null
+++ b/fuzzing/orphans/libufdt/corpus/local_fixup_with_offset_memreserve.bin
Binary files differ
diff --git a/fuzzing/orphans/libufdt/corpus/many-nodes.bin b/fuzzing/orphans/libufdt/corpus/many-nodes.bin
new file mode 100644
index 0000000..d00f8b2
--- /dev/null
+++ b/fuzzing/orphans/libufdt/corpus/many-nodes.bin
Binary files differ
diff --git a/fuzzing/orphans/libufdt/libufdt_fuzzer.cpp b/fuzzing/orphans/libufdt/libufdt_fuzzer.cpp
new file mode 100644
index 0000000..eba75d8
--- /dev/null
+++ b/fuzzing/orphans/libufdt/libufdt_fuzzer.cpp
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cstdint>
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+extern "C" {
+#include "libufdt_sysdeps.h"
+#include "ufdt_overlay.h"
+}
+
+/* Count split value, plus 1 byte for dto and overlay each */
+constexpr uint32_t kMinData = sizeof(uint32_t) + 2;
+
+constexpr uint32_t kMaxData = 1024 * 512;
+
+/* libFuzzer driver.
+ * We need two dtb's to test merging, so split the input data block, using
+ * the first 4 bytes to give the dtb length, the rest being overlay.
+ * The mkcorpus helper program can construct these files.
+ */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ /* Bound input size */
+ if (size < kMinData || size > kMaxData) {
+ return 0;
+ }
+
+ FuzzedDataProvider fdp(data, size);
+
+ /* Read fixed length header */
+ auto hdr = fdp.ConsumeBytes<uint8_t>(4);
+
+ /* Extract the length, network byte order */
+ const uint32_t dtb_len = hdr[0] << 24 | hdr[1] << 16 | hdr[2] << 8 | hdr[3];
+
+ /* Ensure the dtb and overlay are non-zero length */
+ if (dtb_len == 0 || dtb_len >= size - 1) {
+ return 0;
+ }
+
+ auto dtb = fdp.ConsumeBytes<uint8_t>(dtb_len);
+ auto overlay = fdp.ConsumeRemainingBytes<uint8_t>();
+
+ /* Check headers */
+ auto fdt_dtb = ufdt_install_blob(dtb.data(), dtb.size());
+ auto fdt_overlay = ufdt_install_blob(overlay.data(), overlay.size());
+
+ if (!fdt_dtb || !fdt_overlay) {
+ return 0;
+ }
+
+ struct fdt_header *res =
+ ufdt_apply_overlay(fdt_dtb, dtb.size(), fdt_overlay, overlay.size());
+
+ if (res) {
+ dto_free(res);
+ }
+
+ return 0;
+}
diff --git a/fuzzing/orphans/libufdt/mkcorpus.c b/fuzzing/orphans/libufdt/mkcorpus.c
new file mode 100644
index 0000000..d9d2b00
--- /dev/null
+++ b/fuzzing/orphans/libufdt/mkcorpus.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <arpa/inet.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+static uint32_t get_file_length(const char *filename) {
+ struct stat sb;
+
+ if (stat(filename, &sb) == -1) {
+ fprintf(stderr, "stat(%s) failed: %m\n", filename);
+ exit(EXIT_FAILURE);
+ }
+
+ return sb.st_size;
+}
+
+static void append_file(FILE *out, const char *filename) {
+ FILE *f = fopen(filename, "rbe");
+ uint8_t buf[1024 * 8];
+
+ if (!f) {
+ fprintf(stderr, "fopen(%s) failed: %m\n", filename);
+ exit(EXIT_FAILURE);
+ }
+
+ while (!feof(f)) {
+ size_t n = fread(buf, 1, sizeof(buf), f);
+
+ if (fwrite(buf, n, 1, out) != 1) {
+ fprintf(stderr, "fwrite() failed: %m\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ fclose(f);
+}
+
+int main(int argc, char *argv[]) {
+ FILE *out;
+
+ if (argc != 4) {
+ fprintf(stderr,
+ "Usage: mkcorpus <dtb> <dto> <output>\n"
+ "\n"
+ " This concatenates base and overlay file and adds a header to "
+ "create an\n"
+ " input that can be used for fuzzing.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (strcmp(argv[3], "-") == 0) {
+ out = stdout;
+ } else {
+ out = fopen(argv[3], "wbe");
+ if (!out) {
+ fprintf(stderr, "fopen(%s) failed: %m\n", argv[1]);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ uint32_t len = htonl(get_file_length(argv[1]));
+
+ if (fwrite(&len, sizeof(uint32_t), 1, out) != 1) {
+ fprintf(stderr, "fwrite() failed: %m\n");
+ exit(EXIT_FAILURE);
+ }
+
+ append_file(out, argv[1]);
+ append_file(out, argv[2]);
+
+ if (out != stdout) {
+ fclose(out);
+ }
+
+ return EXIT_SUCCESS;
+}
+
+/* END OF FILE */
diff --git a/fuzzing/system_fuzzers/libwatchdog_perf_service/libwatchdog_perf_service_fuzzer.cpp b/fuzzing/system_fuzzers/libwatchdog_perf_service/libwatchdog_perf_service_fuzzer.cpp
index 2781ce0..fb245b8 100644
--- a/fuzzing/system_fuzzers/libwatchdog_perf_service/libwatchdog_perf_service_fuzzer.cpp
+++ b/fuzzing/system_fuzzers/libwatchdog_perf_service/libwatchdog_perf_service_fuzzer.cpp
@@ -19,7 +19,7 @@
#include <iostream>
-#include "IoPerfCollection.h"
+#include "PerformanceProfiler.h"
#include "ProcStatCollector.h"
#include "UidIoStatsCollector.h"
@@ -81,15 +81,15 @@
// Test UidIoStatsCollector
TemporaryFile tf1;
WriteStringToFile(uidIoStatsSnapshot, tf1.path);
- UidIoStatsCollector uidIoStatsCollector(tf1.path);
- assert(uidIoStatsCollector.enabled() == true);
- uidIoStatsCollector.collect();
- // Test ProcStat
+ sp<UidIoStatsCollector> uidIoStatsCollector =
+ sp<UidIoStatsCollector>::make(tf1.path);
+ uidIoStatsCollector->collect();
+ // Test procStatCollector
TemporaryFile tf2;
WriteStringToFile(procStatsSnapshot, tf2.path);
- ProcStatCollector procStatCollector(tf2.path);
- assert(procStatCollector.enabled() == true);
- procStatCollector.collect();
+ sp<ProcStatCollector> procStatCollector =
+ sp<ProcStatCollector>::make(tf2.path);
+ procStatCollector->collect();
}
return 0;
}