widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix OEMCrypto_LoadUsageEntry fuzzer

Browse Source 
- Ensure OEMCrypto is in the correct state before invoking
  OEMCrypto_LoadUsageEntry.
- Do not use FuzzedDataProvider to parse usage_entry_number since it
  causes unexpected parsing results.

Merged from https://widevine-internal-review.googlesource.com/168859
Merged from https://widevine-internal-review.googlesource.com/169293
Merged from https://widevine-internal-review.googlesource.com/169970
Merged from https://widevine-internal-review.googlesource.com/170011

Change-Id: I6c3ddfe457facef9c9d0fc524fc3cf76aba90f64
This commit is contained in:
Ian Benz
2023-03-24 00:45:20 +00:00
committed by Robert Shih
parent fb1f3af60f
commit c0c349cd28
1 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_entry_fuzz.cc
View File

@@ -2,22 +2,22 @@
// source code may only be used and distributed under the Widevine Master
// License Agreement.
#include "FuzzedDataProvider.h"
#include "OEMCryptoCENC.h"
#include "oemcrypto_fuzz_helper.h"
namespace wvoec {
LicenseWithUsageEntryFuzz entry;
OEMCryptoResult LoadUsageEntryWithFuzzedData(OEMCrypto_SESSION session,
const uint8_t* data, size_t size) {
if (size < sizeof(uint32_t)) {
uint32_t usage_entry_number;
if (size < sizeof(usage_entry_number)) {
return OEMCrypto_ERROR_SHORT_BUFFER;
}
FuzzedDataProvider fuzzed_data(data, size);
const uint32_t usage_entry_number = fuzzed_data.ConsumeIntegral<uint32_t>();
const std::vector<uint8_t> buffer =
fuzzed_data.ConsumeRemainingBytes<uint8_t>();
memcpy(&usage_entry_number, data, sizeof(usage_entry_number));
const std::vector<uint8_t> buffer(data + sizeof(usage_entry_number),
data + size);
return OEMCrypto_LoadUsageEntry(session, usage_entry_number, buffer.data(),
buffer.size());
}
@@ -25,7 +25,6 @@ OEMCryptoResult LoadUsageEntryWithFuzzedData(OEMCrypto_SESSION session,
// The custom mutator to mutate created encrypted usage entry.
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
size_t max_size, unsigned int seed) {
LicenseWithUsageEntryFuzz entry;
entry.CreateUsageTableHeader();
Session* s = entry.license_messages().session();
s->open();