commit eea5be04528879515546ccc54dd2b768ea04c572
author Aditya Wazir <aditya.wazir@ittiam.com> Mon Oct 31 12:40:10 2022 +0530
committer Ayushi Khopkar <akhopkar@google.com> Mon Dec 19 08:36:31 2022 +0000
tree 3dab35c320e10fe05fc65ea5e6157068bd8f6a48
parent abd856ff3297535893bed71dbf40764c96cfc149

inputflinger_input_reader_fuzzer: Bug Fix

Resolved OOB read getting triggered due to FuzzedDataProvider's
shared_ptr which is used among different classes. Implemented
ThreadSafe instance of FuzzedDataProvider as bug-fix.

Test: ./inputflinger_input_reader_fuzzer clusterfuzz-testcase
-minimized-inputflinger_input_reader_fuzzer-6227827124207616
Test: ./inputflinger_input_reader_fuzzer clusterfuzz-testcase
-minimized-inputflinger_input_reader_fuzzer-5394273856782336

Bug: 253728999
Bug: 254590389

Change-Id: I42d53d1d7da18c8085d381c939bedf14fe18dc87
(cherry picked from commit 08aa517eee8e7cdf65bf0bd303239e25ed1d50e8)

services/inputflinger/tests/fuzzers/FuzzContainer.h

diff --git a/services/inputflinger/tests/fuzzers/FuzzContainer.h b/services/inputflinger/tests/fuzzers/FuzzContainer.h
index 1e0764f..76d2bcd 100644
--- a/services/inputflinger/tests/fuzzers/FuzzContainer.h
+++ b/services/inputflinger/tests/fuzzers/FuzzContainer.h
@@ -20,7 +20,6 @@
 #include <InputMapper.h>
 #include <InputReader.h>
 #include <MapperHelpers.h>
-#include <fuzzer/FuzzedDataProvider.h>
 
 namespace android {
 
@@ -31,10 +30,10 @@
     std::unique_ptr<FuzzInputReaderContext> mFuzzContext;
     std::unique_ptr<InputDevice> mFuzzDevice;
     InputReaderConfiguration mPolicyConfig;
-    std::shared_ptr<FuzzedDataProvider> mFdp;
+    std::shared_ptr<ThreadSafeFuzzedDataProvider> mFdp;
 
 public:
-    FuzzContainer(std::shared_ptr<FuzzedDataProvider> fdp) : mFdp(fdp) {
+    FuzzContainer(std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp) : mFdp(fdp) {
         // Setup parameters.
         std::string deviceName = mFdp->ConsumeRandomLengthString(16);
         std::string deviceLocation = mFdp->ConsumeRandomLengthString(12);