Optimize OEMCrypto_ShrinkUsageTableHeader fuzzing

Merge from Widevine repo of http://go/wvgerrit/159057 Increase fuzzing efficiency by generating the header_buffer_length parameter from the input data and pre-creating a usage table header. Test: tested with http://go/ag/20420224 Change-Id: Idab4c3d0ae879854202e5ffd24bf031b946aeb6a
2022-11-08 13:53:09 -08:00
parent 2e9cbaf30f
commit e88bcf51c8
4 changed files with 14 additions and 10 deletions
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h
@@ -20,9 +20,10 @@ extern "C" size_t LLVMFuzzerMutate(uint8_t* Data, size_t Size, size_t MaxSize)
    __attribute__((weak));
 const size_t KB = 1024;
-// Maximum signature length. If fuzzed signature length is greater that this,
+
-// this value will be used for signature length.
+// Default maximum length of fuzzing output parameters.
-const size_t MAX_FUZZ_SIGNATURE_LENGTH = 5 * KB;
+const size_t MAX_FUZZ_OUTPUT_LENGTH = 5 * KB;
 // Initial setup to create a valid OEMCrypto state such as initializing crypto
 // firmware/hardware, installing golden key box etc. in order to fuzz
 // OEMCrypto APIs.
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc
@@ -23,7 +23,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // We cannot allocate buffers of random huge lengths in memory.
  // This also slows down the fuzzer.
  size_t signature_length =
-      std::min(MAX_FUZZ_SIGNATURE_LENGTH, fuzzed_structure.signature_length);
+      std::min(MAX_FUZZ_OUTPUT_LENGTH, fuzzed_structure.signature_length);
  vector<uint8_t> signature(signature_length);
  OEMCrypto_GenerateRSASignature(
      license_api_fuzz.session()->session_id(), data + sizeof(fuzzed_structure),
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc
@@ -57,7 +57,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
                      session->license().keys[0].key_id_length,
                      fuzzed_structure.cipher_mode);
  signature_length =
-      std::min(MAX_FUZZ_SIGNATURE_LENGTH, fuzzed_structure.signature_length);
+      std::min(MAX_FUZZ_OUTPUT_LENGTH, fuzzed_structure.signature_length);
  signature.resize(signature_length);
  OEMCrypto_Generic_Verify(session->session_id(), in_buffer.data(),
                           in_buffer.size(), fuzzed_structure.algorithm,
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_shrink_usage_table_header_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_shrink_usage_table_header_fuzz.cc
@@ -2,6 +2,7 @@
 // source code may only be used and distributed under the Widevine
 // License Agreement.
 #include "FuzzedDataProvider.h"
 #include "OEMCryptoCENC.h"
 #include "oemcrypto_fuzz_helper.h"
@@ -11,15 +12,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // reduce noise
  RedirectStdoutToFile();
-  if (size < sizeof(uint32_t)) {
+  if (size < sizeof(uint32_t) + sizeof(size_t)) {
    return 0;
  }
  LicenseWithUsageEntryFuzz entry;
-  uint32_t new_entry_count = 0;
+  entry.CreateUsageTableHeader();
-  memcpy(&new_entry_count, data, sizeof(uint32_t));
+  FuzzedDataProvider fuzzed_data(data, size);
-  std::vector<uint8_t> header_buffer(size - sizeof(uint32_t));
+  const uint32_t new_entry_count = fuzzed_data.ConsumeIntegral<uint32_t>();
-  size_t header_buffer_length = header_buffer.size();
+  size_t header_buffer_length =
      fuzzed_data.ConsumeIntegralInRange<size_t>(0, MAX_FUZZ_OUTPUT_LENGTH);
  std::vector<uint8_t> header_buffer(header_buffer_length);
  OEMCrypto_ShrinkUsageTableHeader(new_entry_count, header_buffer.data(),
                                   &header_buffer_length);