From d17dc6af5262cdf5ea93457f874225af59b860a1 Mon Sep 17 00:00:00 2001
From: hamzeh <hamzeh@google.com>
Date: Wed, 25 Sep 2019 11:00:31 -0700
Subject: [PATCH] Add fuzzer for libsparse

Bug: 141129284
Test: SANITIZE_TARGET="hwaddress fuzzer' make libsparse_fuzzer
Change-Id: I54e19d399f7ea29a45734f1ddc520ceec56add09
---
 libsparse/Android.bp        | 12 ++++++++++++
 libsparse/sparse_fuzzer.cpp | 16 ++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 libsparse/sparse_fuzzer.cpp

diff --git a/libsparse/Android.bp b/libsparse/Android.bp
index 2ec47541b..88146e998 100644
--- a/libsparse/Android.bp
+++ b/libsparse/Android.bp
@@ -82,3 +82,15 @@ python_binary_host {
         },
     },
 }
+
+cc_fuzz {
+    name: "sparse_fuzzer",
+    host_supported: false,
+    srcs: [
+        "sparse_fuzzer.cpp",
+    ],
+    static_libs: [
+        "libsparse",
+        "liblog",
+    ],
+}
diff --git a/libsparse/sparse_fuzzer.cpp b/libsparse/sparse_fuzzer.cpp
new file mode 100644
index 000000000..42f331fc3
--- /dev/null
+++ b/libsparse/sparse_fuzzer.cpp
@@ -0,0 +1,16 @@
+#include "include/sparse/sparse.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  if (size < 2 * sizeof(wchar_t)) return 0;
+
+  int64_t blocksize = 4096;
+  struct sparse_file* file = sparse_file_new(size, blocksize);
+  if (!file) {
+    return 0;
+  }
+
+  unsigned int block = 1;
+  sparse_file_add_data(file, &data, size, block);
+  sparse_file_destroy(file);
+  return 0;
+}