a3b72067de
Sparse file can come from an untrusted source.
Need more checking to ensure that it is not a malformed
file and would not cause any OOB read access.
Update fuzz test for decoding also.
Test: adb reboot fastboot
fuzzy_fastboot --gtest_filter=Fuzz.Sparse*
fuzzy_fastboot --gtest_filter=Conformance.Sparse*
sparse_fuzzer
Bug: 212705418
Change-Id: I7622df307bb00e59faaba8bb2c67cb474cffed8e
27 lines
682 B
C++
27 lines
682 B
C++
#include "include/sparse/sparse.h"
|
|
|
|
static volatile int count;
|
|
|
|
int WriteCallback(void* priv __attribute__((__unused__)), const void* data, size_t len) {
|
|
if (!data) {
|
|
return 0;
|
|
}
|
|
if (len == 0) {
|
|
return 0;
|
|
}
|
|
|
|
const char* p = (const char*)data;
|
|
// Just to make sure the data is accessible
|
|
// We only check the head and tail to save time
|
|
count += *p;
|
|
count += *(p+len-1);
|
|
return 0;
|
|
}
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
struct sparse_file* file = sparse_file_import_buf((char*)data, size, true, false);
|
|
if (!file) {
|
|
return 0;
|
|
}
|
|
return sparse_file_callback(file, false, false, WriteCallback, nullptr);
|
|
}
|