inputflinger_input_classifier_fuzzer: Bug Fix
Resolved signed integer overflow. A range for eventTime has been set to prevent integer overflow in the readTime variable
exec/sec: 7000
Test: ./inputflinger_input_classifier_fuzzer clusterfuzz-testcase-minimized-inputflinger_input_classifier_fuzzer-5773122447933440
Bug: 289471463
Change-Id: I5cff2468b81ac8dc2f0773638d13a0d7e25f7038
(cherry picked from commit 6f6c88f12f57633047b32ce98498367c40a4b891)
diff --git a/services/inputflinger/tests/fuzzers/InputClassifierFuzzer.cpp b/services/inputflinger/tests/fuzzers/InputClassifierFuzzer.cpp
index f8ebc97..3b3ed9b 100644
--- a/services/inputflinger/tests/fuzzers/InputClassifierFuzzer.cpp
+++ b/services/inputflinger/tests/fuzzers/InputClassifierFuzzer.cpp
@@ -73,9 +73,11 @@
},
[&]() -> void {
// SendToNextStage_NotifyKeyArgs
- const nsecs_t eventTime = fdp.ConsumeIntegral<nsecs_t>();
- const nsecs_t readTime =
- eventTime + fdp.ConsumeIntegralInRange<nsecs_t>(0, 1E8);
+ const nsecs_t eventTime =
+ fdp.ConsumeIntegralInRange<nsecs_t>(0,
+ systemTime(SYSTEM_TIME_MONOTONIC));
+ const nsecs_t readTime = fdp.ConsumeIntegralInRange<
+ nsecs_t>(eventTime, std::numeric_limits<nsecs_t>::max());
mClassifier->notifyKey({/*sequenceNum=*/fdp.ConsumeIntegral<int32_t>(),
eventTime, readTime,
/*deviceId=*/fdp.ConsumeIntegral<int32_t>(),