Fix bugs impacting fuzzing coverage

- Update ConvertDataToValidEnum to not use FuzzedDataProvider since it causes unexpected parsing results. - Add OEMCryptoLicenseAPIFuzz::LoadLicenseWithGenericCryptoKeys so that generic crypto fuzz tests can load appropriate keys. - Remove custom mutator from oemcrypto_generic_verify_fuzz because it provides minimal additional coverage. - Refresh affected corpus files. Merged from https://widevine-internal-review.googlesource.com/168557 Merged from https://widevine-internal-review.googlesource.com/171191 Merged from https://widevine-internal-review.googlesource.com/172170 Merged from https://widevine-internal-review.googlesource.com/172250 Change-Id: Ie676a36cbf4c12bdda9566fad3590a7b69168d9c
2023-03-21 01:45:50 +00:00
parent 55ef762c08
commit 57b391c8b9
300 changed files with 81 additions and 139 deletions
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h
@@ -5,6 +5,8 @@
 #ifndef OEMCRYPTO_FUZZ_HELPER_H_
 #define OEMCRYPTO_FUZZ_HELPER_H_

+#include <cstring>
+#include <type_traits>
 #include <vector>

 #include "FuzzedDataProvider.h"
@@ -44,7 +46,9 @@ class OEMCryptoLicenseAPIFuzz {

  void Terminate();

-  void LoadLicense();
+  void LoadLicense() { LoadLicense(false); }
+
+  void LoadLicenseWithGenericCryptoKeys() { LoadLicense(true); }

  LicenseRoundTrip& license_messages() { return license_messages_; }

@@ -55,6 +59,8 @@ class OEMCryptoLicenseAPIFuzz {
  const Session& session() const { return session_; }

 private:
+  void LoadLicense(bool generic_crypto_keys);
+
  SessionUtil session_util_;
  Session session_;
  LicenseRoundTrip license_messages_;
@@ -151,15 +157,23 @@ class LicenseWithUsageEntryFuzz {
 // Convert data from FuzzedDataProvider to valid enum value.
 template <typename T>
 T ConvertDataToValidEnum(FuzzedDataProvider& fuzzed_data, T max_enum_value) {
-  return static_cast<T>(fuzzed_data.ConsumeIntegralInRange<uint32_t>(
-      0, static_cast<uint32_t>(max_enum_value)));
+  using UnsignedT =
+      typename std::make_unsigned<typename std::underlying_type<T>::type>::type;
+  return static_cast<T>(fuzzed_data.ConsumeIntegralInRange<UnsignedT>(
+      0, static_cast<UnsignedT>(max_enum_value)));
 }

 // Convert data to valid enum value in place.
 template <typename T>
-void ConvertDataToValidEnum(T max_enum_value, T* t) {
-  FuzzedDataProvider fuzzed_enum_data(reinterpret_cast<uint8_t*>(t), sizeof(T));
-  *t = ConvertDataToValidEnum(fuzzed_enum_data, max_enum_value);
+void ConvertDataToValidEnum(T max_enum_value, T& enum_data) {
+  using UnsignedT =
+      typename std::make_unsigned<typename std::underlying_type<T>::type>::type;
+  UnsignedT data;
+  std::memcpy(&data, &enum_data, sizeof(T));
+  const auto max_value = static_cast<UnsignedT>(max_enum_value);
+  if (data > max_value) {
+    enum_data = static_cast<T>(data % (max_value + 1));
+  }
 }

 // Redirect printf and log statements from oemcrypto functions to a file to