libavb_aftl: enable fuzzer for parser
Define a fuzzer for the parse_aftl_image function. It covers the
subfunctions parse_icp_entry, parse_trillian_log_root_descriptor,
parse_signature, parse_annotation and parse_annotation_leaf. Include an
inclusion proof as base corpus, manually extracted from
test/data/aftl_output_vbmeta_with_1_icp.img.
Test: SANITIZE_HOST=address m libavb_aftl_fuzzer
Change-Id: Ia65c053f729773b6c231372311cc9768a9cf0f9c
diff --git a/Android.bp b/Android.bp
index 6a80a62..5e99b47 100644
--- a/Android.bp
+++ b/Android.bp
@@ -258,6 +258,26 @@
],
}
+cc_fuzz {
+ name: "libavb_aftl_fuzzer",
+ defaults: ["avb_defaults"],
+ // The fuzzing entry point is declared and defined in the same file.
+ // Overwrite the behaviour introduced by avb_defaults.
+ cflags: [
+ "-Wno-missing-prototypes",
+ ],
+ srcs: [
+ "test/avb_aftl_fuzz.cc",
+ ],
+ static_libs: ["libavb", "libavb_aftl"],
+ host_supported: true,
+ corpus: ["test/corpus/*"],
+ fuzz_config: {
+ cc: ["tweek@google.com", "jpm@google.com"],
+ componentid: 685985,
+ }
+}
+
cc_library_host_static {
name: "libavb_atx_host",
defaults: ["avb_defaults"],
diff --git a/test/avb_aftl_fuzz.cc b/test/avb_aftl_fuzz.cc
new file mode 100644
index 0000000..89b59d8
--- /dev/null
+++ b/test/avb_aftl_fuzz.cc
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "libavb_aftl/avb_aftl_types.h"
+#include "libavb_aftl/avb_aftl_util.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const char* data, size_t size) {
+ AftlImage* image = parse_aftl_image((uint8_t*)data, size);
+ free_aftl_image(image);
+ return 0;
+}
diff --git a/test/corpus/icp.bin b/test/corpus/icp.bin
new file mode 100644
index 0000000..19125fe
--- /dev/null
+++ b/test/corpus/icp.bin
Binary files differ
