widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve fuzzers with FuzzedDataProvider inputs

Browse Source 
- Remove redundant input size checks handled by FuzzedDataProvider.
- Allow passing null when buffer size is used as an in/out parameter.

Merged from https://widevine-internal-review.googlesource.com/168637
Merged from https://widevine-internal-review.googlesource.com/171190
Merged from https://widevine-internal-review.googlesource.com/172090
Merged from https://widevine-internal-review.googlesource.com/172251

Change-Id: Ib5779ab969f646f306088b3d75d513e1f07a3886
This commit is contained in:
Ian Benz
2023-03-22 15:52:29 +00:00
committed by Robert Shih
parent 53fe55cb72
commit 55ef762c08
2 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_report_usage_fuzz.cc
View File

@@ -16,10 +16,6 @@ constexpr size_t MAX_FUZZ_PST_REPORT_BUFFER_LENGTH = 5 * wvoec::MB;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
wvoec::RedirectStdoutToFile();
if (size < sizeof(size_t)) {
return 0;
}
wvoec::LicenseWithUsageEntryFuzz entry;
entry.Initialize();
entry.CreateUsageTableHeader();
@@ -35,14 +31,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
entry.LoadLicense();
FuzzedDataProvider fuzzed_data(data, size);
size_t pst_report_buffer_length = fuzzed_data.ConsumeIntegralInRange<size_t>(
0, MAX_FUZZ_PST_REPORT_BUFFER_LENGTH);
size_t pst_report_buffer_length_data =
fuzzed_data.ConsumeIntegralInRange<size_t>(
0, MAX_FUZZ_PST_REPORT_BUFFER_LENGTH);
std::vector<uint8_t> pst_report_buffer(pst_report_buffer_length_data);
size_t* const pst_report_buffer_length =
fuzzed_data.ConsumeBool() ? &pst_report_buffer_length_data : nullptr;
const std::vector<uint8_t> pst = fuzzed_data.ConsumeRemainingBytes<uint8_t>();
std::vector<uint8_t> pst_report_buffer(pst_report_buffer_length);
// Call API with fuzzed pst_buffer_length, pst.
OEMCrypto_ReportUsage(session->session_id(), pst.data(), pst.size(),
pst_report_buffer.data(), &pst_report_buffer_length);
pst_report_buffer.data(), pst_report_buffer_length);
session->close();
OEMCrypto_Terminate();
return 0;
}

12
libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_shrink_usage_table_header_fuzz.cc
View File

@@ -11,20 +11,18 @@
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
wvoec::RedirectStdoutToFile();
if (size < sizeof(uint32_t) + sizeof(size_t)) {
return 0;
}
wvoec::LicenseWithUsageEntryFuzz entry;
entry.Initialize();
entry.CreateUsageTableHeader();
FuzzedDataProvider fuzzed_data(data, size);
const uint32_t new_entry_count = fuzzed_data.ConsumeIntegral<uint32_t>();
size_t header_buffer_length = fuzzed_data.ConsumeIntegralInRange<size_t>(
size_t header_buffer_length_data = fuzzed_data.ConsumeIntegralInRange<size_t>(
0, wvoec::MAX_FUZZ_OUTPUT_LENGTH);
std::vector<uint8_t> header_buffer(header_buffer_length);
std::vector<uint8_t> header_buffer(header_buffer_length_data);
size_t* const header_buffer_length =
fuzzed_data.ConsumeBool() ? &header_buffer_length_data : nullptr;
OEMCrypto_ShrinkUsageTableHeader(new_entry_count, header_buffer.data(),
&header_buffer_length);
header_buffer_length);
OEMCrypto_Terminate();
return 0;
}