xref: /aosp_15_r20/external/perfetto/test/producer_socket_fuzzer.cc (revision 6dbdd20afdafa5e3ca9b8809fa73465d530080dc) 
1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "perfetto/base/build_config.h"
18 #include "perfetto/ext/base/unix_socket.h"
19 #include "src/base/test/test_task_runner.h"
20 #include "test/test_helper.h"
21 
22 namespace perfetto {
23 namespace socket_fuzz {
24 namespace {
25 
26 class FakeEventListener : public base::UnixSocket::EventListener {
27  public:
FakeEventListener(const uint8_t * data,size_t size,std::function<void ()> data_sent_callback)28   FakeEventListener(const uint8_t* data,
29                     size_t size,
30                     std::function<void()> data_sent_callback)
31       : data_(data), size_(size), data_sent_(data_sent_callback) {}
32 
OnNewIncomingConnection(base::UnixSocket *,std::unique_ptr<base::UnixSocket>)33   void OnNewIncomingConnection(base::UnixSocket*,
34                                std::unique_ptr<base::UnixSocket>) override {
35     PERFETTO_CHECK(false);
36   }
37 
OnConnect(base::UnixSocket * self,bool connected)38   void OnConnect(base::UnixSocket* self, bool connected) override {
39     PERFETTO_CHECK(connected && self->is_connected());
40     self->Send(data_, size_, self->fd());
41     data_sent_();
42   }
43 
OnDisconnect(base::UnixSocket *)44   void OnDisconnect(base::UnixSocket*) override { PERFETTO_CHECK(false); }
OnDataAvailable(base::UnixSocket *)45   void OnDataAvailable(base::UnixSocket*) override { PERFETTO_CHECK(false); }
46 
47  private:
48   const uint8_t* data_;
49   const size_t size_;
50   std::function<void()> data_sent_;
51 };
52 
FuzzSharedMemory(const uint8_t * data,size_t size)53 int FuzzSharedMemory(const uint8_t* data, size_t size) {
54   if (!data)
55     return 0;
56   base::TestTaskRunner task_runner;
57 
58   TestHelper helper(&task_runner);
59   helper.StartServiceIfRequired();
60 
61   FakeEventListener fake_event_listener(
62       data, size, task_runner.CreateCheckpoint("data_sent"));
63 
64   std::unique_ptr<base::UnixSocket> sock = base::UnixSocket::Connect(
65       helper.GetDefaultModeProducerSocketName(), &fake_event_listener,
66       &task_runner, base::SockFamily::kUnix, base::SockType::kStream);
67 
68   task_runner.RunUntilCheckpoint("data_sent");
69   return 0;
70 }
71 }  // namespace
72 }  // namespace socket_fuzz
73 }  // namespace perfetto
74 
75 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
76 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)77 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
78   return perfetto::socket_fuzz::FuzzSharedMemory(data, size);
79 }
80