binder_parcel_fuzzer: remove rlimit
Originally I was going for a model where too big of allocations are
actually sent to malloc and they fail, but this wasn't really a good
plan:
- allocations which are near the maximum can cause arbitrary threads
to fail even if they allocate just one byte
- Android doesn't use C++ exceptions and the libbinder API freezes
its use of std::vector. I was looking at forking libc++ to fix
that, but it's overkill
- rlimit doesn't play well with crash_dump* in Android or with the
fuzzing infrastructure (prevents crash stack from happening)
Instead, going with this model of only making "reasonable" allocations
to begin with (reject too-big allocations without letting them fail).
This is probably not the "best way" to do things or the best way to
design a programming language environment (C++), but it works!
Bug: 131868573
Test: binder_parcel_fuzzer for a few minutes
Change-Id: Ie487b34e3277edecbf4d913dc1a42a3e82b5cd42
diff --git a/libs/binder/tests/parcel_fuzzer/main.cpp b/libs/binder/tests/parcel_fuzzer/main.cpp
index a47b753..f426fd3 100644
--- a/libs/binder/tests/parcel_fuzzer/main.cpp
+++ b/libs/binder/tests/parcel_fuzzer/main.cpp
@@ -95,25 +95,7 @@
}
}
-size_t getHardMemoryLimit() {
- struct rlimit limit;
- CHECK(0 == getrlimit(RLIMIT_AS, &limit)) << errno;
- return limit.rlim_max;
-}
-
-void setMemoryLimit(size_t cur, size_t max) {
- const struct rlimit kLimit = {
- .rlim_cur = cur,
- .rlim_max = max,
- };
- CHECK(0 == setrlimit(RLIMIT_AS, &kLimit)) << errno;
-}
-
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
- static constexpr size_t kMemLimit = 1 * 1024 * 1024;
- size_t hardLimit = getHardMemoryLimit();
- setMemoryLimit(std::min(kMemLimit, hardLimit), hardLimit);
-
if (size <= 1) return 0; // no use
// avoid timeouts, see b/142617274, b/142473153
@@ -138,7 +120,5 @@
provider.PickValueInArray(fuzzBackend)(std::move(provider));
- setMemoryLimit(hardLimit, hardLimit);
-
return 0;
}