1*ec779b8eSAndroid Build Coastguard Worker# Fuzzer for libmedialogservice 2*ec779b8eSAndroid Build Coastguard Worker 3*ec779b8eSAndroid Build Coastguard Worker## Plugin Design Considerations 4*ec779b8eSAndroid Build Coastguard WorkerThe fuzzer plugin for libmedialogservice is designed based on the understanding of the 5*ec779b8eSAndroid Build Coastguard Workerservice and tries to achieve the following: 6*ec779b8eSAndroid Build Coastguard Worker 7*ec779b8eSAndroid Build Coastguard Worker##### Maximize code coverage 8*ec779b8eSAndroid Build Coastguard WorkerThe configuration parameters are not hardcoded, but instead selected based on 9*ec779b8eSAndroid Build Coastguard Workerincoming data. This ensures more code paths are reached by the fuzzer. 10*ec779b8eSAndroid Build Coastguard Worker 11*ec779b8eSAndroid Build Coastguard Workermedialogservice supports the following parameters: 12*ec779b8eSAndroid Build Coastguard Worker1. Writer name (parameter name: `writerNameIdx`) 13*ec779b8eSAndroid Build Coastguard Worker2. Log size (parameter name: `logSize`) 14*ec779b8eSAndroid Build Coastguard Worker3. Enable dump before unrgister API (parameter name: `shouldDumpBeforeUnregister`) 15*ec779b8eSAndroid Build Coastguard Worker5. size of string for log dump (parameter name: `numberOfLines`) 16*ec779b8eSAndroid Build Coastguard Worker 17*ec779b8eSAndroid Build Coastguard Worker| Parameter| Valid Values| Configured Value| 18*ec779b8eSAndroid Build Coastguard Worker|------------- |-------------| ----- | 19*ec779b8eSAndroid Build Coastguard Worker| `writerNameIdx` | 0. `0` 1. `1` | Value obtained from FuzzedDataProvider | 20*ec779b8eSAndroid Build Coastguard Worker| `logSize` | In the range `256 to 65536` | Value obtained from FuzzedDataProvider | 21*ec779b8eSAndroid Build Coastguard Worker| `shouldDumpBeforeUnregister` | 0. `0` 1. `1` | Value obtained from FuzzedDataProvider | 22*ec779b8eSAndroid Build Coastguard Worker| `numberOfLines` | In the range `0 to 65535` | Value obtained from FuzzedDataProvider | 23*ec779b8eSAndroid Build Coastguard Worker 24*ec779b8eSAndroid Build Coastguard WorkerThis also ensures that the plugin is always deterministic for any given input. 25*ec779b8eSAndroid Build Coastguard Worker 26*ec779b8eSAndroid Build Coastguard Worker## Build 27*ec779b8eSAndroid Build Coastguard Worker 28*ec779b8eSAndroid Build Coastguard WorkerThis describes steps to build media_log_fuzzer binary. 29*ec779b8eSAndroid Build Coastguard Worker 30*ec779b8eSAndroid Build Coastguard Worker### Android 31*ec779b8eSAndroid Build Coastguard Worker 32*ec779b8eSAndroid Build Coastguard Worker#### Steps to build 33*ec779b8eSAndroid Build Coastguard WorkerBuild the fuzzer 34*ec779b8eSAndroid Build Coastguard Worker``` 35*ec779b8eSAndroid Build Coastguard Worker $ mm -j$(nproc) media_log_fuzzer 36*ec779b8eSAndroid Build Coastguard Worker``` 37*ec779b8eSAndroid Build Coastguard Worker 38*ec779b8eSAndroid Build Coastguard Worker#### Steps to run 39*ec779b8eSAndroid Build Coastguard WorkerCreate a directory CORPUS_DIR and copy some files to that folder 40*ec779b8eSAndroid Build Coastguard WorkerPush this directory to device. 41*ec779b8eSAndroid Build Coastguard Worker 42*ec779b8eSAndroid Build Coastguard WorkerTo run on device 43*ec779b8eSAndroid Build Coastguard Worker``` 44*ec779b8eSAndroid Build Coastguard Worker $ adb sync data 45*ec779b8eSAndroid Build Coastguard Worker $ adb shell /data/fuzz/arm64/media_log_fuzzer/media_log_fuzzer CORPUS_DIR 46*ec779b8eSAndroid Build Coastguard Worker``` 47*ec779b8eSAndroid Build Coastguard Worker 48*ec779b8eSAndroid Build Coastguard Worker## References: 49*ec779b8eSAndroid Build Coastguard Worker * http://llvm.org/docs/LibFuzzer.html 50*ec779b8eSAndroid Build Coastguard Worker * https://github.com/google/oss-fuzz 51