1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package parcelfuzzer;
17 
18 import android.os.Parcel;
19 
20 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
21 
22 import randomparcel.FuzzBinder;
23 
24 public class FuzzUtils {
25     public static FuzzOperation[] FUZZ_OPERATIONS =
26             new FuzzOperation[] {
27                 new FuzzOperation() {
28                     @java.lang.Override
29                     public void doFuzz(FuzzedDataProvider provider) {
30                         // Fuzz Append
31                         int start = provider.consumeInt();
32                         int len = provider.consumeInt();
33                         Parcel p1 = null;
34                         Parcel p2 = null;
35 
36                         try {
37                             p1 = Parcel.obtain();
38                             p2 = Parcel.obtain();
39 
40                             byte[] data =
41                                     provider.consumeBytes(
42                                             provider.consumeInt(0, provider.remainingBytes()));
43                             FuzzBinder.fillRandomParcel(p1, data);
44                             FuzzBinder.fillRandomParcel(p2, provider.consumeRemainingAsBytes());
45 
46                             p1.appendFrom(p2, start, len);
47 
48                         } catch (Exception e) {
49                             // Rethrow exception as runtime exceptions are catched
50                             // at highest level.
51                             throw e;
52                         } finally {
53                             p1.recycle();
54                             p2.recycle();
55                         }
56                     }
57                 },
58                 new FuzzOperation() {
59                     @java.lang.Override
60                     public void doFuzz(FuzzedDataProvider provider) {
61                         // Fuzz Read
62                         // Use maximum bytes to generate read instructions and remaining for parcel
63                         // creation
64                         int maxParcelBytes = provider.remainingBytes() / 3;
65                         byte[] data = provider.consumeBytes(maxParcelBytes);
66                         Parcel randomParcel = null;
67 
68                         try {
69                             randomParcel = Parcel.obtain();
70                             FuzzBinder.fillRandomParcel(randomParcel, data);
71 
72                             while (provider.remainingBytes() > 0) {
73                                 provider.pickValue(ReadUtils.READ_OPERATIONS)
74                                         .readParcel(randomParcel, provider);
75                             }
76 
77                         } catch (Exception e) {
78                             // Rethrow exception as runtime exceptions are catched
79                             // at highest level.
80                             throw e;
81                         } finally {
82                             randomParcel.recycle();
83                         }
84                     }
85                 },
86             };
87 }
88