Revert "rpc_binder: Change `trusty_tipc_fuzzer` to support multiple connections and messages"
This reverts commit 589c8d1e44cff96092c943f22cc10a9c23b81c01.
Reason for revert: fuzzer crashes immediately on line 99 as vector is empty
Change-Id: I5e56a94671a43cd131c250d98f7cfae3c96f34ab
diff --git a/trusty/fuzz/tipc_fuzzer.cpp b/trusty/fuzz/tipc_fuzzer.cpp
index edc2a79..f265ced 100644
--- a/trusty/fuzz/tipc_fuzzer.cpp
+++ b/trusty/fuzz/tipc_fuzzer.cpp
@@ -14,8 +14,6 @@
* limitations under the License.
*/
-#include <android-base/result.h>
-#include <fuzzer/FuzzedDataProvider.h>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/coverage/uuid.h>
@@ -25,7 +23,6 @@
#include <iostream>
#include <memory>
-using android::base::Result;
using android::trusty::coverage::CoverageRecord;
using android::trusty::fuzz::ExtraCounters;
using android::trusty::fuzz::TrustyApp;
@@ -44,14 +41,7 @@
#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."
#endif
-#ifdef TRUSTY_APP_MAX_CONNECTIONS
-constexpr size_t MAX_CONNECTIONS = TRUSTY_APP_MAX_CONNECTIONS;
-#else
-constexpr size_t MAX_CONNECTIONS = 1;
-#endif
-
-static_assert(MAX_CONNECTIONS >= 1);
-
+static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);
static std::unique_ptr<CoverageRecord> record;
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
@@ -63,8 +53,7 @@
}
/* Make sure lazy-loaded TAs have started and connected to coverage service. */
- TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);
- auto ret = ta.Connect();
+ auto ret = kTrustyApp.Connect();
if (!ret.ok()) {
std::cerr << ret.error() << std::endl;
exit(-1);
@@ -84,56 +73,24 @@
return 0;
}
-Result<void> testOneInput(FuzzedDataProvider& provider) {
- std::vector<TrustyApp> trustyApps;
-
- while (provider.remaining_bytes() > 0) {
- if (trustyApps.size() < MAX_CONNECTIONS && provider.ConsumeBool()) {
- auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
- const auto result = ta.Connect();
- if (!result.ok()) {
- return result;
- }
- } else {
- const auto i = provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size());
- std::swap(trustyApps[i], trustyApps.back());
-
- if (provider.ConsumeBool()) {
- auto& ta = trustyApps.back();
-
- const auto data = provider.ConsumeRandomLengthString();
- auto result = ta.Write(data.data(), data.size());
- if (!result.ok()) {
- return result;
- }
-
- std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
- result = ta.Read(buf.data(), buf.size());
- if (!result.ok()) {
- return result;
- }
-
- // Reconnect to ensure that the service is still up.
- ta.Disconnect();
- result = ta.Connect();
- if (!result.ok()) {
- std::cerr << result.error() << std::endl;
- android::trusty::fuzz::Abort();
- return result;
- }
- } else {
- trustyApps.pop_back();
- }
- }
- }
- return {};
-}
-
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static uint8_t buf[TIPC_MAX_MSG_SIZE];
+
ExtraCounters counters(record.get());
counters.Reset();
- FuzzedDataProvider provider(data, size);
- const auto result = testOneInput(provider);
- return result.ok() ? 0 : -1;
+ auto ret = kTrustyApp.Write(data, size);
+ if (ret.ok()) {
+ ret = kTrustyApp.Read(&buf, sizeof(buf));
+ }
+
+ // Reconnect to ensure that the service is still up
+ kTrustyApp.Disconnect();
+ ret = kTrustyApp.Connect();
+ if (!ret.ok()) {
+ std::cerr << ret.error() << std::endl;
+ android::trusty::fuzz::Abort();
+ }
+
+ return ret.ok() ? 0 : -1;
}