1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <commonFuzzHelpers.h>
18 #include <fuzzer/FuzzedDataProvider.h>
19 #include <functional>
20 #include <string>
21 #include <vector>
22 #include "BufferedTextOutput.h"
23 
24 namespace android {
25 
26 class FuzzBufferedTextOutput : public BufferedTextOutput {
27 public:
FuzzBufferedTextOutput(uint32_t flags)28     FuzzBufferedTextOutput(uint32_t flags) : BufferedTextOutput(flags) {}
writeLines(const struct iovec & buf,size_t)29     virtual status_t writeLines(const struct iovec& buf, size_t) {
30         size_t len = buf.iov_len;
31         void* tmp_buf = malloc(len);
32 
33         if (tmp_buf == NULL) {
34             return status_t();
35         }
36 
37         // This will attempt to read data from iov_base to ensure valid params were passed.
38         memcpy(tmp_buf, buf.iov_base, len);
39         free(tmp_buf);
40         return status_t();
41     }
42 };
43 
44 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)45 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
46     FuzzedDataProvider fdp(data, size);
47     uint32_t flags = fdp.ConsumeIntegral<uint32_t>();
48     size_t push_count = 0;
49     std::shared_ptr<BufferedTextOutput> bTextOutput(new FuzzBufferedTextOutput(flags));
50 
51     while (fdp.remaining_bytes() > 0) {
52         fdp.PickValueInArray<std::function<void()>>({
53                 [&]() -> void {
54                     bTextOutput->pushBundle();
55                     push_count++;
56                 },
57                 [&]() -> void {
58                     std::string txt = fdp.ConsumeRandomLengthString(fdp.remaining_bytes());
59                     size_t len = fdp.ConsumeIntegralInRange<size_t>(0, txt.length());
60                     bTextOutput->print(txt.c_str(), len);
61                 },
62                 [&]() -> void {
63                     if (push_count == 0) return;
64 
65                     bTextOutput->popBundle();
66                     push_count--;
67                 },
68         })();
69     }
70 
71     return 0;
72 }
73 } // namespace android
74