1 #include "test/vts/specification/lib/ndk/bionic/1.0/libcV1.vts.h" 2 #include <unistd.h> 3 #include <stdint.h> 4 #include <sys/types.h> 5 #include <linux/socket.h> 6 #include "vts_datatype.h" 7 #include "vts_measurement.h" 8 #include <android-base/logging.h> 9 10 11 namespace android { 12 namespace vts { 13 bool FuzzerExtended_libc::Fuzz( 14 FunctionSpecificationMessage* func_msg, 15 void** result, const string& callback_socket_name) { 16 const char* func_name = func_msg->name().c_str(); 17 LOG(INFO) << "Function: " << func_name; 18 if (!strcmp(func_name, "socket")) { 19 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 20 LOG(INFO) << "arg0 = " << arg0; 21 int32_t arg1 = (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).scalar_value().has_int32_t()) ? func_msg->arg(1).scalar_value().int32_t() : RandomInt32(); 22 LOG(INFO) << "arg1 = " << arg1; 23 int32_t arg2 = (func_msg->arg(2).type() == TYPE_SCALAR && func_msg->arg(2).scalar_value().has_int32_t()) ? func_msg->arg(2).scalar_value().int32_t() : RandomInt32(); 24 LOG(INFO) << "arg2 = " << arg2; 25 typedef void* (*func_type_socket)(...); 26 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_socket) target_loader_.GetLoaderFunction("socket"))( 27 arg0, 28 arg1, 29 arg2))); 30 return true; 31 } 32 if (!strcmp(func_name, "accept")) { 33 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 34 LOG(INFO) << "arg0 = " << arg0; 35 struct sockaddr* arg1 = (struct sockaddr*) malloc(sizeof(struct sockaddr)); 36 LOG(INFO) << "arg1 = " << arg1; 37 socklen_t* arg2 = (socklen_t*) malloc(sizeof(socklen_t)); 38 LOG(INFO) << "arg2 = " << arg2; 39 typedef void* (*func_type_accept)(...); 40 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_accept) target_loader_.GetLoaderFunction("accept"))( 41 arg0, 42 arg1, 43 arg2))); 44 return true; 45 } 46 if (!strcmp(func_name, "bind")) { 47 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 48 LOG(INFO) << "arg0 = " << arg0; 49 struct sockaddr* arg1 = (struct sockaddr*) malloc(sizeof(struct sockaddr)); 50 LOG(INFO) << "arg1 = " << arg1; 51 socklen_t* arg2 = (socklen_t*) malloc(sizeof(socklen_t)); 52 LOG(INFO) << "arg2 = " << arg2; 53 typedef void* (*func_type_bind)(...); 54 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_bind) target_loader_.GetLoaderFunction("bind"))( 55 arg0, 56 arg1, 57 arg2))); 58 return true; 59 } 60 if (!strcmp(func_name, "connect")) { 61 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 62 LOG(INFO) << "arg0 = " << arg0; 63 struct sockaddr* arg1 = (struct sockaddr*) malloc(sizeof(struct sockaddr)); 64 LOG(INFO) << "arg1 = " << arg1; 65 socklen_t* arg2 = (socklen_t*) malloc(sizeof(socklen_t)); 66 LOG(INFO) << "arg2 = " << arg2; 67 typedef void* (*func_type_connect)(...); 68 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_connect) target_loader_.GetLoaderFunction("connect"))( 69 arg0, 70 arg1, 71 arg2))); 72 return true; 73 } 74 if (!strcmp(func_name, "listen")) { 75 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 76 LOG(INFO) << "arg0 = " << arg0; 77 int32_t arg1 = (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).scalar_value().has_int32_t()) ? func_msg->arg(1).scalar_value().int32_t() : RandomInt32(); 78 LOG(INFO) << "arg1 = " << arg1; 79 typedef void* (*func_type_listen)(...); 80 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_listen) target_loader_.GetLoaderFunction("listen"))( 81 arg0, 82 arg1))); 83 return true; 84 } 85 if (!strcmp(func_name, "recv")) { 86 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 87 LOG(INFO) << "arg0 = " << arg0; 88 void* arg1 = (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).scalar_value().has_void_pointer()) ? reinterpret_cast<void*>(func_msg->arg(1).scalar_value().void_pointer()) : RandomVoidPointer(); 89 LOG(INFO) << "arg1 = " << arg1; 90 uint32_t arg2 = (func_msg->arg(2).type() == TYPE_SCALAR && func_msg->arg(2).scalar_value().has_uint32_t()) ? func_msg->arg(2).scalar_value().uint32_t() : RandomUint32(); 91 LOG(INFO) << "arg2 = " << arg2; 92 int32_t arg3 = (func_msg->arg(3).type() == TYPE_SCALAR && func_msg->arg(3).scalar_value().has_int32_t()) ? func_msg->arg(3).scalar_value().int32_t() : RandomInt32(); 93 LOG(INFO) << "arg3 = " << arg3; 94 typedef void* (*func_type_recv)(...); 95 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_recv) target_loader_.GetLoaderFunction("recv"))( 96 arg0, 97 arg1, 98 arg2, 99 arg3))); 100 return true; 101 } 102 if (!strcmp(func_name, "send")) { 103 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 104 LOG(INFO) << "arg0 = " << arg0; 105 void* arg1 = (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).scalar_value().has_void_pointer()) ? reinterpret_cast<void*>(func_msg->arg(1).scalar_value().void_pointer()) : RandomVoidPointer(); 106 LOG(INFO) << "arg1 = " << arg1; 107 uint32_t arg2 = (func_msg->arg(2).type() == TYPE_SCALAR && func_msg->arg(2).scalar_value().has_uint32_t()) ? func_msg->arg(2).scalar_value().uint32_t() : RandomUint32(); 108 LOG(INFO) << "arg2 = " << arg2; 109 int32_t arg3 = (func_msg->arg(3).type() == TYPE_SCALAR && func_msg->arg(3).scalar_value().has_int32_t()) ? func_msg->arg(3).scalar_value().int32_t() : RandomInt32(); 110 LOG(INFO) << "arg3 = " << arg3; 111 typedef void* (*func_type_send)(...); 112 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_send) target_loader_.GetLoaderFunction("send"))( 113 arg0, 114 arg1, 115 arg2, 116 arg3))); 117 return true; 118 } 119 if (!strcmp(func_name, "fopen")) { 120 char arg0[func_msg->arg(0).string_value().length() + 1]; 121 if (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).string_value().has_message()) { 122 strcpy(arg0, func_msg->arg(0).string_value().message().c_str()); 123 } else { 124 strcpy(arg0, RandomCharPointer()); 125 } 126 ; 127 LOG(INFO) << "arg0 = " << arg0; 128 char arg1[func_msg->arg(1).string_value().length() + 1]; 129 if (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).string_value().has_message()) { 130 strcpy(arg1, func_msg->arg(1).string_value().message().c_str()); 131 } else { 132 strcpy(arg1, RandomCharPointer()); 133 } 134 ; 135 LOG(INFO) << "arg1 = " << arg1; 136 typedef void* (*func_type_fopen)(...); 137 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_fopen) target_loader_.GetLoaderFunction("fopen"))( 138 arg0, 139 arg1))); 140 return true; 141 } 142 if (!strcmp(func_name, "read")) { 143 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 144 LOG(INFO) << "arg0 = " << arg0; 145 void* arg1 = (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).scalar_value().has_void_pointer()) ? reinterpret_cast<void*>(func_msg->arg(1).scalar_value().void_pointer()) : RandomVoidPointer(); 146 LOG(INFO) << "arg1 = " << arg1; 147 uint32_t arg2 = (func_msg->arg(2).type() == TYPE_SCALAR && func_msg->arg(2).scalar_value().has_uint32_t()) ? func_msg->arg(2).scalar_value().uint32_t() : RandomUint32(); 148 LOG(INFO) << "arg2 = " << arg2; 149 typedef void* (*func_type_read)(...); 150 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_read) target_loader_.GetLoaderFunction("read"))( 151 arg0, 152 arg1, 153 arg2))); 154 return true; 155 } 156 if (!strcmp(func_name, "write")) { 157 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 158 LOG(INFO) << "arg0 = " << arg0; 159 void* arg1 = (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).scalar_value().has_void_pointer()) ? reinterpret_cast<void*>(func_msg->arg(1).scalar_value().void_pointer()) : RandomVoidPointer(); 160 LOG(INFO) << "arg1 = " << arg1; 161 int32_t arg2 = (func_msg->arg(2).type() == TYPE_SCALAR && func_msg->arg(2).scalar_value().has_int32_t()) ? func_msg->arg(2).scalar_value().int32_t() : RandomInt32(); 162 LOG(INFO) << "arg2 = " << arg2; 163 typedef void* (*func_type_write)(...); 164 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_write) target_loader_.GetLoaderFunction("write"))( 165 arg0, 166 arg1, 167 arg2))); 168 return true; 169 } 170 if (!strcmp(func_name, "lseek")) { 171 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 172 LOG(INFO) << "arg0 = " << arg0; 173 int32_t arg1 = (func_msg->arg(1).type() == TYPE_SCALAR && func_msg->arg(1).scalar_value().has_int32_t()) ? func_msg->arg(1).scalar_value().int32_t() : RandomInt32(); 174 LOG(INFO) << "arg1 = " << arg1; 175 int32_t arg2 = (func_msg->arg(2).type() == TYPE_SCALAR && func_msg->arg(2).scalar_value().has_int32_t()) ? func_msg->arg(2).scalar_value().int32_t() : RandomInt32(); 176 LOG(INFO) << "arg2 = " << arg2; 177 typedef void* (*func_type_lseek)(...); 178 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_lseek) target_loader_.GetLoaderFunction("lseek"))( 179 arg0, 180 arg1, 181 arg2))); 182 return true; 183 } 184 if (!strcmp(func_name, "close")) { 185 int32_t arg0 = (func_msg->arg(0).type() == TYPE_SCALAR && func_msg->arg(0).scalar_value().has_int32_t()) ? func_msg->arg(0).scalar_value().int32_t() : RandomInt32(); 186 LOG(INFO) << "arg0 = " << arg0; 187 typedef void* (*func_type_close)(...); 188 *result = const_cast<void*>(reinterpret_cast<const void*>( ((func_type_close) target_loader_.GetLoaderFunction("close"))( 189 arg0))); 190 return true; 191 } 192 return false; 193 } 194 bool FuzzerExtended_libc::GetAttribute( 195 FunctionSpecificationMessage* func_msg, 196 void** result) { 197 const char* func_name = func_msg->name().c_str(); 198 LOG(INFO) << " '" << func_name << "'"; 199 LOG(ERROR) << "attribute not supported for shared lib yet."; 200 return false; 201 } 202 bool FuzzerExtended_libc::CallFunction(const FunctionSpecificationMessage&, const string&, FunctionSpecificationMessage* ) { 203 /* No implementation yet. */ 204 return true; 205 } 206 bool FuzzerExtended_libc::VerifyResults(const FunctionSpecificationMessage&, const FunctionSpecificationMessage&) { 207 /* No implementation yet. */ 208 return true; 209 } 210 extern "C" { 211 android::vts::DriverBase* vts_func_11_1002_V1_0_() { 212 return (android::vts::DriverBase*) new android::vts::FuzzerExtended_libc(); 213 } 214 215 } 216 } // namespace vts 217 } // namespace android 218
