1*ec779b8eSAndroid Build Coastguard Worker /*
2*ec779b8eSAndroid Build Coastguard Worker * Copyright 2020 The Android Open Source Project
3*ec779b8eSAndroid Build Coastguard Worker *
4*ec779b8eSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*ec779b8eSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*ec779b8eSAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*ec779b8eSAndroid Build Coastguard Worker *
8*ec779b8eSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*ec779b8eSAndroid Build Coastguard Worker *
10*ec779b8eSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*ec779b8eSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*ec779b8eSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*ec779b8eSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*ec779b8eSAndroid Build Coastguard Worker * limitations under the License.
15*ec779b8eSAndroid Build Coastguard Worker */
16*ec779b8eSAndroid Build Coastguard Worker #include <chrono>
17*ec779b8eSAndroid Build Coastguard Worker #include <thread>
18*ec779b8eSAndroid Build Coastguard Worker
19*ec779b8eSAndroid Build Coastguard Worker #include "fuzzer/FuzzedDataProvider.h"
20*ec779b8eSAndroid Build Coastguard Worker #include "mediautils/TimeCheck.h"
21*ec779b8eSAndroid Build Coastguard Worker
22*ec779b8eSAndroid Build Coastguard Worker static constexpr int kMaxStringLen = 256;
23*ec779b8eSAndroid Build Coastguard Worker
24*ec779b8eSAndroid Build Coastguard Worker // While it might be interesting to test long-running
25*ec779b8eSAndroid Build Coastguard Worker // jobs, it seems unlikely it'd lead to the types of crashes
26*ec779b8eSAndroid Build Coastguard Worker // we're looking for, and would mean a significant increase in fuzzer time.
27*ec779b8eSAndroid Build Coastguard Worker // Therefore, we are setting a low cap.
28*ec779b8eSAndroid Build Coastguard Worker static constexpr uint32_t kMaxTimeoutMs = 1000;
29*ec779b8eSAndroid Build Coastguard Worker static constexpr uint32_t kMinTimeoutMs = 200;
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)30*ec779b8eSAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
31*ec779b8eSAndroid Build Coastguard Worker FuzzedDataProvider data_provider(data, size);
32*ec779b8eSAndroid Build Coastguard Worker
33*ec779b8eSAndroid Build Coastguard Worker // There's essentially 5 operations that we can access in this class
34*ec779b8eSAndroid Build Coastguard Worker // 1. The time it takes to run this operation. As mentioned above,
35*ec779b8eSAndroid Build Coastguard Worker // long-running tasks are not good for fuzzing, but there will be
36*ec779b8eSAndroid Build Coastguard Worker // some change in the run time.
37*ec779b8eSAndroid Build Coastguard Worker uint32_t timeoutMs =
38*ec779b8eSAndroid Build Coastguard Worker data_provider.ConsumeIntegralInRange<uint32_t>(kMinTimeoutMs, kMaxTimeoutMs);
39*ec779b8eSAndroid Build Coastguard Worker uint8_t pid_size = data_provider.ConsumeIntegral<uint8_t>();
40*ec779b8eSAndroid Build Coastguard Worker std::vector<pid_t> pids(pid_size);
41*ec779b8eSAndroid Build Coastguard Worker for (auto& pid : pids) {
42*ec779b8eSAndroid Build Coastguard Worker pid = data_provider.ConsumeIntegral<pid_t>();
43*ec779b8eSAndroid Build Coastguard Worker }
44*ec779b8eSAndroid Build Coastguard Worker
45*ec779b8eSAndroid Build Coastguard Worker // 2. We also have setAudioHalPids, which is populated with the pids set
46*ec779b8eSAndroid Build Coastguard Worker // above.
47*ec779b8eSAndroid Build Coastguard Worker android::mediautils::TimeCheck::setAudioHalPids(pids);
48*ec779b8eSAndroid Build Coastguard Worker std::string name = data_provider.ConsumeRandomLengthString(kMaxStringLen);
49*ec779b8eSAndroid Build Coastguard Worker
50*ec779b8eSAndroid Build Coastguard Worker // 3. The constructor, which is fuzzed here:
51*ec779b8eSAndroid Build Coastguard Worker android::mediautils::TimeCheck timeCheck(name.c_str(), {} /* onTimer */,
52*ec779b8eSAndroid Build Coastguard Worker std::chrono::milliseconds(timeoutMs),
53*ec779b8eSAndroid Build Coastguard Worker {} /* secondChanceDuration */, true /* crashOnTimeout */);
54*ec779b8eSAndroid Build Coastguard Worker // We will leave some buffer to avoid sleeping too long
55*ec779b8eSAndroid Build Coastguard Worker uint8_t sleep_amount_ms = data_provider.ConsumeIntegralInRange<uint8_t>(0, timeoutMs / 2);
56*ec779b8eSAndroid Build Coastguard Worker
57*ec779b8eSAndroid Build Coastguard Worker // We want to make sure we can cover the time out functionality.
58*ec779b8eSAndroid Build Coastguard Worker if (sleep_amount_ms) {
59*ec779b8eSAndroid Build Coastguard Worker auto ms = std::chrono::milliseconds(sleep_amount_ms);
60*ec779b8eSAndroid Build Coastguard Worker std::this_thread::sleep_for(ms);
61*ec779b8eSAndroid Build Coastguard Worker }
62*ec779b8eSAndroid Build Coastguard Worker
63*ec779b8eSAndroid Build Coastguard Worker // 4. Finally, the destructor on timecheck. These seem to be the only factors
64*ec779b8eSAndroid Build Coastguard Worker // in play.
65*ec779b8eSAndroid Build Coastguard Worker return 0;
66*ec779b8eSAndroid Build Coastguard Worker }
67