summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWill Coster <willcoster@google.com>2020-11-17 02:48:42 +0100
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2020-11-17 02:48:42 +0100
commit01e576e61acb8a2e330d3a831135864369e1edb9 (patch)
treeb328b9c27be8285926ca13ce37007cbba47f50ea
parentMerge "Import translations. DO NOT MERGE" (diff)
parentMerge "Add a fuzzer for OTA package verification" am: 6a4dbdf088 am: 923cdf3db1 am: ab1a7bb228 (diff)
downloadandroid_bootable_recovery-01e576e61acb8a2e330d3a831135864369e1edb9.tar
android_bootable_recovery-01e576e61acb8a2e330d3a831135864369e1edb9.tar.gz
android_bootable_recovery-01e576e61acb8a2e330d3a831135864369e1edb9.tar.bz2
android_bootable_recovery-01e576e61acb8a2e330d3a831135864369e1edb9.tar.lz
android_bootable_recovery-01e576e61acb8a2e330d3a831135864369e1edb9.tar.xz
android_bootable_recovery-01e576e61acb8a2e330d3a831135864369e1edb9.tar.zst
android_bootable_recovery-01e576e61acb8a2e330d3a831135864369e1edb9.zip
-rw-r--r--tests/Android.bp20
-rw-r--r--tests/fuzz/verify_package_fuzzer.cpp37
2 files changed, 57 insertions, 0 deletions
diff --git a/tests/Android.bp b/tests/Android.bp
index a9a088a32..19f2a6c64 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -201,3 +201,23 @@ cc_test_host {
},
},
}
+
+cc_fuzz {
+ name: "libinstall_verify_package_fuzzer",
+ defaults: [
+ "recovery_test_defaults",
+ ],
+
+ srcs: ["fuzz/verify_package_fuzzer.cpp"],
+
+ corpus: [
+ "testdata/otasigned*.zip",
+ ],
+
+ static_libs: [
+ "libotautil",
+ "libinstall",
+ "librecovery_ui",
+ "libminui",
+ ],
+}
diff --git a/tests/fuzz/verify_package_fuzzer.cpp b/tests/fuzz/verify_package_fuzzer.cpp
new file mode 100644
index 000000000..baa44e070
--- /dev/null
+++ b/tests/fuzz/verify_package_fuzzer.cpp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "fuzzer/FuzzedDataProvider.h"
+
+#include "install/install.h"
+#include "install/package.h"
+#include "recovery_ui/stub_ui.h"
+
+std::unique_ptr<Package> CreatePackage(std::vector<uint8_t>& content) {
+ return Package::CreateMemoryPackage(content, [](float) -> void {});
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ FuzzedDataProvider data_provider(data, size);
+ auto package_contents = data_provider.ConsumeRemainingBytes<uint8_t>();
+ if (package_contents.size() == 0) {
+ return 0;
+ }
+ auto package = CreatePackage(package_contents);
+ StubRecoveryUI ui;
+ verify_package(package.get(), &ui);
+ return 0;
+}