Merge "trusty: Adapt to Confirmationui Corpus Format"
diff --git a/trusty/confirmationui/fuzz/Android.bp b/trusty/confirmationui/fuzz/Android.bp
index 0819c21..635966f 100644
--- a/trusty/confirmationui/fuzz/Android.bp
+++ b/trusty/confirmationui/fuzz/Android.bp
@@ -16,4 +16,8 @@
name: "trusty_confirmationui_fuzzer",
defaults: ["trusty_fuzzer_defaults"],
srcs: ["fuzz.cpp"],
+
+ // The initial corpus for this fuzzer was derived by dumping bytes from
+ // ConfirmationUI VTS.
+ corpus: ["corpus/*"],
}
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-2ekYc2 b/trusty/confirmationui/fuzz/corpus/confirmationui-2ekYc2
new file mode 100644
index 0000000..53fe0c9
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-2ekYc2
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-5yTG3f b/trusty/confirmationui/fuzz/corpus/confirmationui-5yTG3f
new file mode 100644
index 0000000..d627b01
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-5yTG3f
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-6l8Soq b/trusty/confirmationui/fuzz/corpus/confirmationui-6l8Soq
new file mode 100644
index 0000000..bda80fd
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-6l8Soq
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-7kFpGO b/trusty/confirmationui/fuzz/corpus/confirmationui-7kFpGO
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-7kFpGO
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-92m2f3 b/trusty/confirmationui/fuzz/corpus/confirmationui-92m2f3
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-92m2f3
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-ALYIzO b/trusty/confirmationui/fuzz/corpus/confirmationui-ALYIzO
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-ALYIzO
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-AcIMhR b/trusty/confirmationui/fuzz/corpus/confirmationui-AcIMhR
new file mode 100644
index 0000000..f5854f8
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-AcIMhR
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-AieaIi b/trusty/confirmationui/fuzz/corpus/confirmationui-AieaIi
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-AieaIi
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-BdqX5j b/trusty/confirmationui/fuzz/corpus/confirmationui-BdqX5j
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-BdqX5j
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-JBPIGs b/trusty/confirmationui/fuzz/corpus/confirmationui-JBPIGs
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-JBPIGs
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-MWHw4T b/trusty/confirmationui/fuzz/corpus/confirmationui-MWHw4T
new file mode 100644
index 0000000..0dc6e91
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-MWHw4T
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-TZzVLO b/trusty/confirmationui/fuzz/corpus/confirmationui-TZzVLO
new file mode 100644
index 0000000..927d64d
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-TZzVLO
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-WwdA3B b/trusty/confirmationui/fuzz/corpus/confirmationui-WwdA3B
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-WwdA3B
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-globJV b/trusty/confirmationui/fuzz/corpus/confirmationui-globJV
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-globJV
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-hzUgjD b/trusty/confirmationui/fuzz/corpus/confirmationui-hzUgjD
new file mode 100644
index 0000000..87870ca
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-hzUgjD
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-jXC78o b/trusty/confirmationui/fuzz/corpus/confirmationui-jXC78o
new file mode 100644
index 0000000..0b274bf
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-jXC78o
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-kykxni b/trusty/confirmationui/fuzz/corpus/confirmationui-kykxni
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-kykxni
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-npHe8t b/trusty/confirmationui/fuzz/corpus/confirmationui-npHe8t
new file mode 100644
index 0000000..87870ca
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-npHe8t
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-rPgnyI b/trusty/confirmationui/fuzz/corpus/confirmationui-rPgnyI
new file mode 100644
index 0000000..87870ca
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-rPgnyI
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-uCJ1Me b/trusty/confirmationui/fuzz/corpus/confirmationui-uCJ1Me
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-uCJ1Me
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-wAQEjK b/trusty/confirmationui/fuzz/corpus/confirmationui-wAQEjK
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-wAQEjK
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-xjtOks b/trusty/confirmationui/fuzz/corpus/confirmationui-xjtOks
new file mode 100644
index 0000000..b4a1c49
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-xjtOks
Binary files differ
diff --git a/trusty/confirmationui/fuzz/corpus/confirmationui-zKFIjN b/trusty/confirmationui/fuzz/corpus/confirmationui-zKFIjN
new file mode 100644
index 0000000..5adf905
--- /dev/null
+++ b/trusty/confirmationui/fuzz/corpus/confirmationui-zKFIjN
Binary files differ
diff --git a/trusty/confirmationui/fuzz/fuzz.cpp b/trusty/confirmationui/fuzz/fuzz.cpp
index aa132e8..9d3008b 100644
--- a/trusty/confirmationui/fuzz/fuzz.cpp
+++ b/trusty/confirmationui/fuzz/fuzz.cpp
@@ -39,6 +39,15 @@
{0xb0, 0x86, 0xdf, 0x0f, 0x6c, 0x23, 0x3c, 0x1b},
};
+/* The format of the packets is as following:
+ * 16 bits (uint16_t, header) + payload bytes
+ * The 16 bits header spicify the number of bytes of payload (header excluded).
+ */
+struct data_packet {
+ uint16_t header;
+ uint8_t payload[];
+};
+
static CoverageRecord record(TIPC_DEV, &confirmationui_uuid);
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
@@ -47,8 +56,10 @@
return 0;
}
+/* Each corpus contains one or more data packets. */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
static uint8_t buf[TIPC_MAX_MSG_SIZE];
+ size_t data_idx = 0;
ExtraCounters counters(&record);
counters.Reset();
@@ -59,16 +70,22 @@
android::trusty::fuzz::Abort();
}
- /* Write message to confirmationui server */
- ret = ta.Write(data, size);
- if (!ret.ok()) {
- return -1;
- }
+ while (data_idx < size) {
+ struct data_packet* data_packet_ptr = (struct data_packet*)&data[data_idx];
+ size_t payload_size = data_packet_ptr->header;
+ data_idx += data_packet_ptr->header + sizeof(data_packet_ptr->header);
- /* Read message from confirmationui server */
- ret = ta.Read(&buf, sizeof(buf));
- if (!ret.ok()) {
- return -1;
+ /* Write message to confirmationui server */
+ ret = ta.Write(data_packet_ptr->payload, payload_size);
+ if (!ret.ok()) {
+ return -1;
+ }
+
+ /* Read message from confirmationui server */
+ ret = ta.Read(&buf, sizeof(buf));
+ if (!ret.ok()) {
+ return -1;
+ }
}
return 0;