commit d115f8398b9c9f281f6d76be763030565f92b470
author Steven Moreland <smoreland@google.com> Tue Sep 22 21:01:35 2020 +0000
committer Steven Moreland <smoreland@google.com> Tue Sep 22 21:01:35 2020 +0000
tree 2ba6c7bffb92815d6e068ec0a2e81699ae718dc5
parent b3f953a7bfb7299954e95f64b3edecf5eb04be8a

libbinder: core parcelables in fuzzer

ParcelableHolder/PersistableBundle are core-ish objects, so adding them
to binder parcel fuzzer.

Fixes: 167566728
Test: run binder_parcel_fuzzer for a few minutes
Change-Id: I89b3decb29d1fc278c57860d06a113f4eadb8cba

libs/binder/fuzzer/binder.cpp

diff --git a/libs/binder/fuzzer/binder.cpp b/libs/binder/fuzzer/binder.cpp
index 52c730c..c2d4a3f 100644
--- a/libs/binder/fuzzer/binder.cpp
+++ b/libs/binder/fuzzer/binder.cpp
@@ -19,6 +19,8 @@
 #include "util.h"
 
 #include <android/os/IServiceManager.h>
+#include <binder/ParcelableHolder.h>
+#include <binder/PersistableBundle.h>
 
 using ::android::status_t;
 
@@ -251,5 +253,20 @@
     PARCEL_READ_NO_STATUS(uid_t, readCallingWorkSourceUid),
     PARCEL_READ_NO_STATUS(size_t, getBlobAshmemSize),
     PARCEL_READ_NO_STATUS(size_t, getOpenAshmemSize),
+
+    // additional parcelable objects defined in libbinder
+    [] (const ::android::Parcel& p, uint8_t data) {
+        using ::android::os::ParcelableHolder;
+        using ::android::Parcelable;
+        FUZZ_LOG() << "about to read ParcelableHolder using readParcelable with status";
+        Parcelable::Stability stability = Parcelable::Stability::STABILITY_LOCAL;
+        if ( (data & 1) == 1 ) {
+            stability = Parcelable::Stability::STABILITY_VINTF;
+        }
+        ParcelableHolder t = ParcelableHolder(stability);
+        status_t status = p.readParcelable(&t);
+        FUZZ_LOG() << "ParcelableHolder status: " << status;
+    },
+    PARCEL_READ_WITH_STATUS(android::os::PersistableBundle, readParcelable),
 };
 // clang-format on