1 /* 2 * Copyright 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #include <iostream> 17 18 #include "android-base/file.h" 19 #include "fuzzer/FuzzedDataProvider.h" 20 #include "utils/FileMap.h" 21 22 static constexpr uint16_t MAX_STR_SIZE = 256; 23 static constexpr uint8_t MAX_FILENAME_SIZE = 32; 24 25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 26 FuzzedDataProvider dataProvider(data, size); 27 TemporaryFile tf; 28 // Generate file contents 29 std::string contents = dataProvider.ConsumeRandomLengthString(MAX_STR_SIZE); 30 // If we have string contents, dump them into the file. 31 // Otherwise, just leave it as an empty file. 32 if (contents.length() > 0) { 33 const char* bytes = contents.c_str(); 34 android::base::WriteStringToFd(bytes, tf.fd); 35 } 36 android::FileMap m; 37 // Generate create() params 38 std::string orig_name = dataProvider.ConsumeRandomLengthString(MAX_FILENAME_SIZE); 39 size_t length = dataProvider.ConsumeIntegralInRange<size_t>(1, SIZE_MAX); 40 off64_t offset = dataProvider.ConsumeIntegralInRange<off64_t>(1, INT64_MAX); 41 bool read_only = dataProvider.ConsumeBool(); 42 m.create(orig_name.c_str(), tf.fd, offset, length, read_only); 43 m.getDataOffset(); 44 m.getFileName(); 45 m.getDataLength(); 46 m.getDataPtr(); 47 int enum_index = dataProvider.ConsumeIntegral<int>(); 48 m.advise(static_cast<android::FileMap::MapAdvice>(enum_index)); 49 return 0; 50 } 51