1 //
2 // Copyright 2019 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 
16 #include <string>
17 
18 #include <base/logging.h>
19 #include <fuzzer/FuzzedDataProvider.h>
20 
21 #include "update_engine/common/download_action.h"
22 #include "update_engine/common/fake_boot_control.h"
23 #include "update_engine/common/fake_hardware.h"
24 #include "update_engine/common/prefs.h"
25 #include "update_engine/payload_consumer/delta_performer.h"
26 #include "update_engine/payload_consumer/install_plan.h"
27 
28 namespace chromeos_update_engine {
29 
30 class FakeDownloadActionDelegate : public DownloadActionDelegate {
31  public:
32   FakeDownloadActionDelegate() = default;
33   ~FakeDownloadActionDelegate() = default;
34 
35   // DownloadActionDelegate overrides;
BytesReceived(uint64_t bytes_progressed,uint64_t bytes_received,uint64_t total)36   void BytesReceived(uint64_t bytes_progressed,
37                      uint64_t bytes_received,
38                      uint64_t total) override{};
39 
ShouldCancel(ErrorCode * cancel_reason)40   bool ShouldCancel(ErrorCode* cancel_reason) override { return false; };
41 
DownloadComplete()42   void DownloadComplete() override{};
43 
44   DISALLOW_COPY_AND_ASSIGN(FakeDownloadActionDelegate);
45 };
46 
FuzzDeltaPerformer(const uint8_t * data,size_t size)47 void FuzzDeltaPerformer(const uint8_t* data, size_t size) {
48   MemoryPrefs prefs;
49   FakeBootControl boot_control;
50   FakeHardware hardware;
51   FakeDownloadActionDelegate download_action_delegate;
52 
53   FuzzedDataProvider data_provider(data, size);
54 
55   InstallPlan install_plan{
56       .target_slot = 1,
57       .partitions = {InstallPlan::Partition{
58           .source_path = "/dev/zero",
59           .source_size = 4096,
60           .target_path = "/dev/null",
61           .target_size = 4096,
62       }},
63       .hash_checks_mandatory = true,
64   };
65 
66   InstallPlan::Payload payload{
67       .size = data_provider.ConsumeIntegralInRange<uint64_t>(0, 10000),
68       .metadata_size = data_provider.ConsumeIntegralInRange<uint64_t>(0, 1000),
69       .hash = data_provider.ConsumeBytes<uint8_t>(32),
70       .type = static_cast<InstallPayloadType>(
71           data_provider.ConsumeIntegralInRange(0, 3)),
72       .already_applied = data_provider.ConsumeBool(),
73   };
74 
75   DeltaPerformer performer(&prefs,
76                            &boot_control,
77                            &hardware,
78                            &download_action_delegate,
79                            &install_plan,
80                            &payload,
81                            data_provider.ConsumeBool());
82   do {
83     auto chunk_size = data_provider.ConsumeIntegralInRange<size_t>(0, 100);
84     auto data = data_provider.ConsumeBytes<uint8_t>(chunk_size);
85     if (!performer.Write(data.data(), data.size()))
86       break;
87   } while (data_provider.remaining_bytes() > 0);
88 }
89 
90 }  // namespace chromeos_update_engine
91 
92 class Environment {
93  public:
Environment()94   Environment() { logging::SetMinLogLevel(logging::LOG_FATAL); }
95 };
96 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)97 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
98   if (size > 1000000) {
99     return 0;
100   }
101 
102   static Environment env;
103   chromeos_update_engine::FuzzDeltaPerformer(data, size);
104   return 0;
105 }
106