commit eea5be04528879515546ccc54dd2b768ea04c572
author Aditya Wazir <aditya.wazir@ittiam.com> Mon Oct 31 12:40:10 2022 +0530
committer Ayushi Khopkar <akhopkar@google.com> Mon Dec 19 08:36:31 2022 +0000
tree 3dab35c320e10fe05fc65ea5e6157068bd8f6a48
parent abd856ff3297535893bed71dbf40764c96cfc149

inputflinger_input_reader_fuzzer: Bug Fix

Resolved OOB read getting triggered due to FuzzedDataProvider's
shared_ptr which is used among different classes. Implemented
ThreadSafe instance of FuzzedDataProvider as bug-fix.

Test: ./inputflinger_input_reader_fuzzer clusterfuzz-testcase
-minimized-inputflinger_input_reader_fuzzer-6227827124207616
Test: ./inputflinger_input_reader_fuzzer clusterfuzz-testcase
-minimized-inputflinger_input_reader_fuzzer-5394273856782336

Bug: 253728999
Bug: 254590389

Change-Id: I42d53d1d7da18c8085d381c939bedf14fe18dc87
(cherry picked from commit 08aa517eee8e7cdf65bf0bd303239e25ed1d50e8)

services/inputflinger/tests/fuzzers/SwitchInputFuzzer.cpp

diff --git a/services/inputflinger/tests/fuzzers/SwitchInputFuzzer.cpp b/services/inputflinger/tests/fuzzers/SwitchInputFuzzer.cpp
index 7416ce9..c4938f2 100644
--- a/services/inputflinger/tests/fuzzers/SwitchInputFuzzer.cpp
+++ b/services/inputflinger/tests/fuzzers/SwitchInputFuzzer.cpp
@@ -16,12 +16,12 @@
 
 #include <FuzzContainer.h>
 #include <SwitchInputMapper.h>
-#include <fuzzer/FuzzedDataProvider.h>
 
 namespace android {
 
 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
-    std::shared_ptr<FuzzedDataProvider> fdp = std::make_shared<FuzzedDataProvider>(data, size);
+    std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp =
+            std::make_shared<ThreadSafeFuzzedDataProvider>(data, size);
     FuzzContainer fuzzer(fdp);
 
     SwitchInputMapper& mapper = fuzzer.getMapper<SwitchInputMapper>();