codec2 hal: fuzzer

Bug: 251850069
Test: adb shell /data/fuzz/arm64/libcodec2-aidl-fuzzer/vendor/libcodec2-aidl-fuzzer
Change-Id: I2698dfd3a691f070623c17a6b180cfb93dfb03ee
diff --git a/media/codec2/hal/aidl/Android.bp b/media/codec2/hal/aidl/Android.bp
index a9a00be..a4715f8 100644
--- a/media/codec2/hal/aidl/Android.bp
+++ b/media/codec2/hal/aidl/Android.bp
@@ -150,3 +150,28 @@
         "libcodec2_aidl_client",
     ],
 }
+
+cc_fuzz {
+    name: "libcodec2-aidl-fuzzer",
+    vendor: true,
+    srcs: [
+        "fuzzer.cpp",
+    ],
+    defaults: [
+        "libcodec2-aidl-defaults",
+        "service_fuzzer_defaults",
+    ],
+    shared_libs: [
+        "libcodec2_vndk",
+
+        "libcodec2_soft_avcdec",
+        "libcodec2_soft_avcenc",
+        "libcodec2_soft_aacdec",
+        "libcodec2_soft_aacenc",
+    ],
+    fuzz_config: {
+        cc: [
+            "wonsik@google.com",
+        ],
+    },
+}
diff --git a/media/codec2/hal/aidl/fuzzer.cpp b/media/codec2/hal/aidl/fuzzer.cpp
new file mode 100644
index 0000000..c1a2762
--- /dev/null
+++ b/media/codec2/hal/aidl/fuzzer.cpp
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <fuzzbinder/libbinder_ndk_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include <C2PlatformSupport.h>
+
+#include <android/binder_interface_utils.h>
+#include <codec2/aidl/ComponentStore.h>
+
+using aidl::android::hardware::media::c2::utils::ComponentStore;
+using android::fuzzService;
+using ndk::SharedRefBase;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    std::shared_ptr<C2ComponentStore> store = ::android::GetCodec2PlatformComponentStore();
+    std::shared_ptr<ComponentStore> binder = SharedRefBase::make<ComponentStore>(store);
+
+    fuzzService(binder->asBinder().get(), FuzzedDataProvider(data, size));
+
+    return 0;
+}