From 935178e2fdfb08cca31da985846fb2a01f712b2e Mon Sep 17 00:00:00 2001
From: Eduardo Rocha <edro@google.com>
Date: Thu, 16 Jul 2020 18:35:06 +0000
Subject: [PATCH] Fuzzer for libandroidfw

Bug: 161463861
Test: Builds and runs on host and device.

Change-Id: I78b19376275dc5a29afcab48c70eea479bff8728
---
 .../fuzz/resourcefile_fuzzer/Android.bp       |  46 ++++++++++++++++++
 .../resourcefile_fuzzer/corpus/resources.arsc | Bin 0 -> 724 bytes
 .../resourcefile_fuzzer.cpp                   |  39 +++++++++++++++
 3 files changed, 85 insertions(+)
 create mode 100644 libs/androidfw/fuzz/resourcefile_fuzzer/Android.bp
 create mode 100644 libs/androidfw/fuzz/resourcefile_fuzzer/corpus/resources.arsc
 create mode 100644 libs/androidfw/fuzz/resourcefile_fuzzer/resourcefile_fuzzer.cpp

diff --git a/libs/androidfw/fuzz/resourcefile_fuzzer/Android.bp b/libs/androidfw/fuzz/resourcefile_fuzzer/Android.bp
new file mode 100644
index 0000000000000..77ef8dfb9725a
--- /dev/null
+++ b/libs/androidfw/fuzz/resourcefile_fuzzer/Android.bp
@@ -0,0 +1,46 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_fuzz {
+    name: "resourcefile_fuzzer",
+    srcs: [
+        "resourcefile_fuzzer.cpp",
+    ],
+    host_supported: true,
+    corpus: ["corpus/*"],
+    static_libs: ["libgmock"],
+    target: {
+        android: {
+            shared_libs:[
+                "libandroidfw",
+                "libbase",
+                "libcutils",
+                "libutils",
+                "libziparchive",
+                "libui",
+            ],
+        },
+        host: {
+            static_libs: [
+                "libandroidfw",
+                "libbase",
+                "libcutils",
+                "libutils",
+                "libziparchive",
+                "liblog",
+                "libz",
+            ],
+        },
+    },
+}
diff --git a/libs/androidfw/fuzz/resourcefile_fuzzer/corpus/resources.arsc b/libs/androidfw/fuzz/resourcefile_fuzzer/corpus/resources.arsc
new file mode 100644
index 0000000000000000000000000000000000000000..3cf2ea733d28031f33a70a9a996976b59f03c58e
GIT binary patch
literal 724
zcmdr|I}XAy41KXmMJ0v|j0_!^djf{ufTaT?zepg_f&vUoy%5LYKs>iJRID&zEAsRI
z#exwY0vPC<P<z5)@Fg{O*40dJa72j=D^%FR)7#Ukf1>`sq<SpM@?{n4?Q&Y4D9AJ*
z@XA2M3tgz5cz`p}4F|ZUO8aL-p`Ww+{Rwk%TwTkx^GK3n=Sr8&tEO4RV$8hK=_nZ~
pIR7165a)c~iVYjWE;9sd#K9d8{lh1ZF7`_v?G7=mHMR0k`~*s_7r+1j

literal 0
HcmV?d00001

diff --git a/libs/androidfw/fuzz/resourcefile_fuzzer/resourcefile_fuzzer.cpp b/libs/androidfw/fuzz/resourcefile_fuzzer/resourcefile_fuzzer.cpp
new file mode 100644
index 0000000000000..96d44ab8e45ca
--- /dev/null
+++ b/libs/androidfw/fuzz/resourcefile_fuzzer/resourcefile_fuzzer.cpp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+#include <string>
+#include <memory>
+
+#include <androidfw/ApkAssets.h>
+#include <androidfw/LoadedArsc.h>
+#include <androidfw/StringPiece.h>
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+using android::ApkAssets;
+using android::LoadedArsc;
+using android::StringPiece;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+
+  std::unique_ptr<const LoadedArsc> loaded_arsc =
+      LoadedArsc::Load(StringPiece(reinterpret_cast<const char*>(data), size));
+
+  return 0;
+}
\ No newline at end of file