fuzzer_utils.cc
Go to the documentation of this file.
1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include "test/core/transport/binder/end2end/fuzzers/fuzzer_utils.h"
16 
17 namespace grpc_binder {
18 namespace fuzzing {
19 
20 namespace {
21 
22 std::thread* g_fuzzing_thread = nullptr;
23 
24 template <typename... Args>
25 void CreateFuzzingThread(Args&&... args) {
26  GPR_ASSERT(g_fuzzing_thread == nullptr);
27  g_fuzzing_thread = new std::thread(std::forward<Args>(args)...);
28 }
29 
30 } // namespace
31 
32 void JoinFuzzingThread() {
33  if (g_fuzzing_thread) {
34  g_fuzzing_thread->join();
35  delete g_fuzzing_thread;
36  g_fuzzing_thread = nullptr;
37  }
38 }
39 
40 int32_t ReadableParcelForFuzzing::GetDataSize() const {
41  return parcel_data_size_;
42 }
43 
44 absl::Status ReadableParcelForFuzzing::ReadInt32(int32_t* data) {
45  if (consumed_data_size_ >= kParcelDataSizeLimit) {
46  return absl::InternalError("Parcel size limit exceeds");
47  }
48  if (values_.empty() || !values_.front().has_i32()) {
49  return absl::InternalError("error");
50  }
51  *data = values_.front().i32();
52  values_.pop();
53  consumed_data_size_ += sizeof(int32_t);
54  return absl::OkStatus();
55 }
56 
57 absl::Status ReadableParcelForFuzzing::ReadInt64(int64_t* data) {
58  if (consumed_data_size_ >= kParcelDataSizeLimit) {
59  return absl::InternalError("Parcel size limit exceeds");
60  }
61  if (values_.empty() || !values_.front().has_i64()) {
62  return absl::InternalError("error");
63  }
64  *data = values_.front().i64();
65  values_.pop();
66  consumed_data_size_ += sizeof(int64_t);
67  return absl::OkStatus();
68 }
69 
70 absl::Status ReadableParcelForFuzzing::ReadBinder(
71  std::unique_ptr<Binder>* binder) {
72  if (consumed_data_size_ >= kParcelDataSizeLimit) {
73  return absl::InternalError("Parcel size limit exceeds");
74  }
75  if (values_.empty() || !values_.front().has_binder()) {
76  return absl::InternalError("error");
77  }
78  *binder = absl::make_unique<BinderForFuzzing>();
79  values_.pop();
80  consumed_data_size_ += sizeof(void*);
81  return absl::OkStatus();
82 }
83 
84 absl::Status ReadableParcelForFuzzing::ReadByteArray(std::string* data) {
85  if (consumed_data_size_ >= kParcelDataSizeLimit) {
86  return absl::InternalError("Parcel size limit exceeds");
87  }
88  if (values_.empty() || !values_.front().has_byte_array()) {
89  return absl::InternalError("error");
90  }
91  *data = values_.front().byte_array();
92  values_.pop();
93  consumed_data_size_ += data->size();
94  return absl::OkStatus();
95 }
96 
97 absl::Status ReadableParcelForFuzzing::ReadString(std::string* data) {
98  if (consumed_data_size_ >= kParcelDataSizeLimit) {
99  return absl::InternalError("Parcel size limit exceeds");
100  }
101  if (values_.empty() || !values_.front().has_str()) {
102  return absl::InternalError("error");
103  }
104  *data = values_.front().str();
105  values_.pop();
106  consumed_data_size_ += data->size();
107  return absl::OkStatus();
108 }
109 
110 void FuzzingLoop(
111  binder_transport_fuzzer::IncomingParcels incoming_parcels,
112  grpc_core::RefCountedPtr<grpc_binder::WireReader> wire_reader_ref,
113  grpc_binder::TransactionReceiver::OnTransactCb callback) {
114  {
115  // Send SETUP_TRANSPORT request.
116  std::unique_ptr<grpc_binder::ReadableParcel> parcel =
117  absl::make_unique<ReadableParcelForFuzzing>(
118  incoming_parcels.setup_transport_transaction().parcel());
119  callback(static_cast<transaction_code_t>(
120  grpc_binder::BinderTransportTxCode::SETUP_TRANSPORT),
121  parcel.get(),
122  /*uid=*/incoming_parcels.setup_transport_transaction().uid())
123  .IgnoreError();
124  }
125  for (const auto& tx_iter : incoming_parcels.transactions()) {
126  transaction_code_t tx_code = tx_iter.code();
127  std::unique_ptr<grpc_binder::ReadableParcel> parcel =
128  absl::make_unique<ReadableParcelForFuzzing>(tx_iter.parcel());
129  callback(tx_code, parcel.get(),
130  /*uid=*/tx_iter.uid())
131  .IgnoreError();
132  }
133  wire_reader_ref = nullptr;
134 }
135 
136 TransactionReceiverForFuzzing::TransactionReceiverForFuzzing(
137  binder_transport_fuzzer::IncomingParcels incoming_parcels,
138  grpc_core::RefCountedPtr<WireReader> wire_reader_ref,
139  TransactionReceiver::OnTransactCb cb) {
140  gpr_log(GPR_INFO, "Construct TransactionReceiverForFuzzing");
141  CreateFuzzingThread(FuzzingLoop, std::move(incoming_parcels),
142  std::move(wire_reader_ref), std::move(cb));
143 }
144 
145 std::unique_ptr<TransactionReceiver> BinderForFuzzing::ConstructTxReceiver(
146  grpc_core::RefCountedPtr<WireReader> wire_reader_ref,
147  TransactionReceiver::OnTransactCb cb) const {
148  auto tx_receiver = absl::make_unique<TransactionReceiverForFuzzing>(
149  incoming_parcels_, wire_reader_ref, cb);
150  return tx_receiver;
151 }
152 
153 } // namespace fuzzing
154 } // namespace grpc_binder
GPR_INFO
#define GPR_INFO
Definition: include/grpc/impl/codegen/log.h:56
grpc_binder::BinderTransportTxCode::SETUP_TRANSPORT
@ SETUP_TRANSPORT
grpc_binder::fuzzing::ReadableParcelForFuzzing::ReadByteArray
absl::Status ReadByteArray(std::string *data) override
Definition: fuzzer_utils.cc:84
grpc_binder::fuzzing::JoinFuzzingThread
void JoinFuzzingThread()
Definition: fuzzer_utils.cc:32
grpc_binder::fuzzing::ReadableParcelForFuzzing::consumed_data_size_
size_t consumed_data_size_
Definition: fuzzer_utils.h:132
grpc_binder
Definition: connection_id_generator.cc:45
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
transaction_code_t
uint32_t transaction_code_t
Definition: binder_constants.h:24
absl::OkStatus
Status OkStatus()
Definition: third_party/abseil-cpp/absl/status/status.h:882
absl::InternalError
Status InternalError(absl::string_view message)
Definition: third_party/abseil-cpp/absl/status/status.cc:347
tx_code
int tx_code
Definition: fake_binder_test.cc:241
grpc_binder::fuzzing::TransactionReceiverForFuzzing::TransactionReceiverForFuzzing
TransactionReceiverForFuzzing(binder_transport_fuzzer::IncomingParcels incoming_parcels, grpc_core::RefCountedPtr< WireReader > wire_reader_ref, TransactionReceiver::OnTransactCb cb)
Definition: fuzzer_utils.cc:136
grpc_binder::fuzzing::BinderForFuzzing::incoming_parcels_
binder_transport_fuzzer::IncomingParcels incoming_parcels_
Definition: fuzzer_utils.h:85
asyncio_get_stats.args
args
Definition: asyncio_get_stats.py:40
grpc_core::RefCountedPtr< grpc_binder::WireReader >
absl::move
constexpr absl::remove_reference_t< T > && move(T &&t) noexcept
Definition: abseil-cpp/absl/utility/utility.h:221
GPR_ASSERT
#define GPR_ASSERT(x)
Definition: include/grpc/impl/codegen/log.h:94
hpack_encoder_fixtures::Args
Args({0, 16384})
int64_t
signed __int64 int64_t
Definition: stdint-msvc2008.h:89
grpc_binder::fuzzing::ReadableParcelForFuzzing::ReadBinder
absl::Status ReadBinder(std::unique_ptr< Binder > *binder) override
Definition: fuzzer_utils.cc:70
gpr_log
GPRAPI void gpr_log(const char *file, int line, gpr_log_severity severity, const char *format,...) GPR_PRINT_FORMAT_CHECK(4
grpc_binder::fuzzing::ReadableParcelForFuzzing::ReadInt32
absl::Status ReadInt32(int32_t *data) override
Definition: fuzzer_utils.cc:44
grpc_binder::fuzzing::ReadableParcelForFuzzing::kParcelDataSizeLimit
static constexpr size_t kParcelDataSizeLimit
Definition: fuzzer_utils.h:131
grpc_binder::fuzzing::ReadableParcelForFuzzing::values_
std::queue< binder_transport_fuzzer::Value > values_
Definition: fuzzer_utils.h:127
grpc_binder::fuzzing::ReadableParcelForFuzzing::GetDataSize
int32_t GetDataSize() const override
Definition: fuzzer_utils.cc:40
grpc_binder::fuzzing::BinderForFuzzing::ConstructTxReceiver
std::unique_ptr< TransactionReceiver > ConstructTxReceiver(grpc_core::RefCountedPtr< WireReader > wire_reader_ref, TransactionReceiver::OnTransactCb cb) const override
Definition: fuzzer_utils.cc:145
fuzzer_utils.h
data
char data[kBufferLength]
Definition: abseil-cpp/absl/strings/internal/str_format/float_conversion.cc:1006
callback
static void callback(void *arg, int status, int timeouts, struct hostent *host)
Definition: acountry.c:224
grpc_binder::TransactionReceiver::OnTransactCb
std::function< absl::Status(transaction_code_t, ReadableParcel *, int uid)> OnTransactCb
Definition: binder.h:80
absl::Status
Definition: third_party/abseil-cpp/absl/status/status.h:424
grpc_binder::fuzzing::ReadableParcelForFuzzing::parcel_data_size_
const int32_t parcel_data_size_
Definition: fuzzer_utils.h:129
grpc_binder::fuzzing::FuzzingLoop
void FuzzingLoop(binder_transport_fuzzer::IncomingParcels incoming_parcels, grpc_core::RefCountedPtr< grpc_binder::WireReader > wire_reader_ref, grpc_binder::TransactionReceiver::OnTransactCb callback)
Definition: fuzzer_utils.cc:110
int32_t
signed int int32_t
Definition: stdint-msvc2008.h:77
thread
static uv_thread_t thread
Definition: test-async-null-cb.c:29
cb
OPENSSL_EXPORT pem_password_cb * cb
Definition: pem.h:351
grpc_binder::fuzzing::ReadableParcelForFuzzing::ReadString
absl::Status ReadString(std::string *data) override
Definition: fuzzer_utils.cc:97
grpc_binder::fuzzing::ReadableParcelForFuzzing::ReadInt64
absl::Status ReadInt64(int64_t *data) override
Definition: fuzzer_utils.cc:57

grpc
Author(s):
autogenerated on Thu Mar 13 2025 02:59:23