Fuzzing MediaPlayerService
Adding an AIDL fuzzer for MediaPlayerService using fuzzService API.
Test: m media_player_service_fuzzer && adb sync data && adb shell /data/fuzz/arm64/media_player_service_fuzzer/media_player_service_fuzzer -runs=10000
Test: m libmediaplayerservice
Bug: 232439428
Change-Id: Ibbc754a0ab3b130d552f7d81992bffb0b2863530
diff --git a/media/libmediaplayerservice/Android.bp b/media/libmediaplayerservice/Android.bp
index 81553d7..44e78d6 100644
--- a/media/libmediaplayerservice/Android.bp
+++ b/media/libmediaplayerservice/Android.bp
@@ -17,8 +17,8 @@
],
}
-cc_defaults {
- name: "libmediaplayerservice_defaults",
+filegroup {
+ name: "libmediaplayerservice_sources",
srcs: [
"ActivityManager.cpp",
@@ -31,6 +31,14 @@
"StagefrightRecorder.cpp",
"TestPlayerStub.cpp",
],
+}
+
+cc_defaults {
+ name: "libmediaplayerservice_defaults",
+
+ srcs: [
+ ":libmediaplayerservice_sources",
+ ],
shared_libs: [
"android.hardware.media.c2@1.0",
@@ -84,8 +92,6 @@
"framework-permission-aidl-cpp",
],
- local_include_dirs: ["include"],
-
cflags: [
"-Werror",
"-Wno-error=deprecated-declarations",
@@ -116,4 +122,6 @@
export_include_dirs: [
".",
],
-}
\ No newline at end of file
+
+ local_include_dirs: ["include"],
+}
diff --git a/media/libmediaplayerservice/fuzzer/Android.bp b/media/libmediaplayerservice/fuzzer/Android.bp
index 91216cb..f564efa 100644
--- a/media/libmediaplayerservice/fuzzer/Android.bp
+++ b/media/libmediaplayerservice/fuzzer/Android.bp
@@ -139,3 +139,26 @@
"libstagefright_httplive",
],
}
+
+cc_fuzz {
+ name: "media_player_service_fuzzer",
+ defaults: [
+ "service_fuzzer_defaults",
+ "libmediaplayerservice_defaults",
+ "fuzzer_disable_leaks",
+ ],
+ srcs: [
+ "media_player_service_fuzzer.cpp",
+ ],
+ fuzz_config: {
+ cc: [
+ "kyslov@google.com",
+ "ibaker@google.com",
+ ],
+ triage_assignee: "waghpawan@google.com",
+ },
+ cflags: [
+ "-DFUZZ_MODE_MEDIA_PLAYER_SERVICE",
+ ],
+ include_dirs: ["frameworks/av/media/libmediaplayerservice/"],
+}
diff --git a/media/libmediaplayerservice/fuzzer/media_player_service_fuzzer.cpp b/media/libmediaplayerservice/fuzzer/media_player_service_fuzzer.cpp
new file mode 100644
index 0000000..4e3b0fe
--- /dev/null
+++ b/media/libmediaplayerservice/fuzzer/media_player_service_fuzzer.cpp
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include <MediaPlayerService.h>
+
+using android::fuzzService;
+using android::MediaPlayerService;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto service = MediaPlayerService::createForFuzzTesting();
+ fuzzService(service, FuzzedDataProvider(data, size));
+ return 0;
+}