mtp_host_property_fuzzer: Bug Fix
Resolved NPD caused due to use of unallocated pointer
Test: ./mtp_host_property_fuzzer
Bug: 243573670
Change-Id: I852d67703f78390d34f391de8c32136cf5561549
diff --git a/media/mtp/tests/MtpFuzzer/mtp_property_fuzzer.cpp b/media/mtp/tests/MtpFuzzer/mtp_property_fuzzer.cpp
index 8577e62..b4e659c 100644
--- a/media/mtp/tests/MtpFuzzer/mtp_property_fuzzer.cpp
+++ b/media/mtp/tests/MtpFuzzer/mtp_property_fuzzer.cpp
@@ -33,7 +33,11 @@
class MtpPropertyFuzzer : MtpPacketFuzzerUtils {
public:
- MtpPropertyFuzzer(const uint8_t* data, size_t size) : mFdp(data, size){};
+ MtpPropertyFuzzer(const uint8_t* data, size_t size) : mFdp(data, size) {
+ mUsbDevFsUrb = (struct usbdevfs_urb*)malloc(sizeof(struct usbdevfs_urb) +
+ sizeof(struct usbdevfs_iso_packet_desc));
+ };
+ ~MtpPropertyFuzzer() { free(mUsbDevFsUrb); };
void process();
private:
@@ -41,7 +45,7 @@
};
void MtpPropertyFuzzer::process() {
- MtpProperty* mtpProperty;
+ MtpProperty* mtpProperty = nullptr;
if (mFdp.ConsumeBool()) {
mtpProperty = new MtpProperty();
} else {
@@ -75,6 +79,7 @@
fillFilePath(&mFdp);
int32_t fd = memfd_create(mPath.c_str(), MFD_ALLOW_SEALING);
fillUsbRequest(fd, &mFdp);
+ mUsbRequest.dev = usb_device_new(mPath.c_str(), fd);
mtpDataPacket.write(&mUsbRequest,
mFdp.PickValueInArray<UrbPacketDivisionMode>(
kUrbPacketDivisionModes),