werunplugged/unplugged-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
unplugged-system/frameworks/av/media/mtp/tests/MtpFuzzer
History
ziv-gabel 06ee9615ad Initial commit: AOSP 14 with modifications for Unplugged OS
2025-10-06 13:59:42 +00:00
..
corpus Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
Android.bp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_data_packet_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_device_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_event_packet_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_fuzzer.dict Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_handle_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_packet_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_property_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_request_packet_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
mtp_response_packet_fuzzer.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
MtpMockDatabase.cpp Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
MtpMockDatabase.h Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
MtpMockHandle.h Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
MtpPacketFuzzerUtils.h Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00
README.md Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00

README.md

Fuzzers for libmtp

Table of contents

Fuzzer for MtpServer

MtpServer supports the following parameters:

  1. PacketData (parameter name: "packetData")
Parameter Valid Values Configured Value
packetData String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_fuzzer/mtp_fuzzer corpus/ -dict=mtp_fuzzer.dict

Fuzzer for MtpHostProperty

MtpHostProperty supports the following parameters:

  1. Feasible Type (parameter name: "kFeasibleTypes")
  2. UrbPacket Division Mode (parameter name: "kUrbPacketDivisionModes")
Parameter Valid Values Configured Value
kFeasibleType 1. MTP_TYPE_UNDEFINED, 2. MTP_TYPE_INT8, 3.MTP_TYPE_UINT8, 4.MTP_TYPE_INT16, 5.MTP_TYPE_UINT16, 6.MTP_TYPE_INT32, 7.MTP_TYPE_UINT32, 8.MTP_TYPE_INT64, 9.MTP_TYPE_UINT64, 10.MTP_TYPE_INT128, 11.MTP_TYPE_UINT128, 12.MTP_TYPE_AINT8, 13.MTP_TYPE_AUINT8, 14.MTP_TYPE_AINT16, 15.MTP_TYPE_AUINT16, 16.MTP_TYPE_AINT32, 17.MTP_TYPE_AUINT32, 18.MTP_TYPE_AINT64, 19.MTP_TYPE_AUINT64, 20.MTP_TYPE_AINT128, 21.MTP_TYPE_AUINT128, 22.MTP_TYPE_STR, Value obtained from FuzzedDataProvider
kUrbPacketDivisionMode 1. FIRST_PACKET_ONLY_HEADER, 2. FIRST_PACKET_HAS_PAYLOAD, Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_host_property_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_host_property_fuzzer/mtp_host_property_fuzzer

Fuzzer for MtpDeviceProperty

MtpDeviceProperty supports the following parameters:

  1. Feasible Type (parameter name: "kFeasibleType")
Parameter Valid Values Configured Value
kFeasibleType 1. MTP_TYPE_UNDEFINED, 2. MTP_TYPE_INT8, 3.MTP_TYPE_UINT8, 4.MTP_TYPE_INT16, 5.MTP_TYPE_UINT16, 6.MTP_TYPE_INT32, 7.MTP_TYPE_UINT32, 8.MTP_TYPE_INT64, 9.MTP_TYPE_UINT64, 10.MTP_TYPE_INT128, 11.MTP_TYPE_UINT128, 12.MTP_TYPE_AINT8, 13.MTP_TYPE_AUINT8, 14.MTP_TYPE_AINT16, 15.MTP_TYPE_AUINT16, 16.MTP_TYPE_AINT32, 17.MTP_TYPE_AUINT32, 18.MTP_TYPE_AINT64, 19.MTP_TYPE_AUINT64, 20.MTP_TYPE_AINT128, 21.MTP_TYPE_AUINT128, 22.MTP_TYPE_STR, Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_device_property_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_device_property_fuzzer/mtp_device_property_fuzzer

Fuzzer for MtpHandle

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_handle_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_handle_fuzzer/mtp_handle_fuzzer

Fuzzer for MtpPacket

MtpPacket supports the following parameters:

  1. bufferSize (parameter name: "size")
Parameter Valid Values Configured Value
bufferSize Integer 1 to 1000, Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_packet_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_packet_fuzzer/mtp_packet_fuzzer

Fuzzer for MtpDevice

MtpDevice supports the following parameters:

  1. Device Name (parameter name: "deviceName")
Parameter Valid Values Configured Value
deviceName String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_device_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_device_fuzzer/mtp_device_fuzzer

Fuzzer for MtpRequestPacket

MtpRequestPacket supports the following parameters:

  1. Data (parameter name: "data")
Parameter Valid Values Configured Value
data Vector of positive Integer Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_request_packet_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_request_packet_fuzzer/mtp_request_packet_fuzzer

Fuzzer for MtpEventPacket

MtpEventPacket supports the following parameters:

  1. Size (parameter name: "size")
Parameter Valid Values Configured Value
size Integer 1 to 1000, Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_event_packet_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_event_packet_fuzzer/mtp_event_packet_fuzzer

Fuzzer for MtpResponsePacket

MtpResponsePacket supports the following parameters:

  1. Size (parameter name: "size")
Parameter Valid Values Configured Value
size Integer 1 to 1000, Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_response_packet_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_response_packet_fuzzer/mtp_response_packet_fuzzer

Fuzzer for MtpDataPacket

MtpDataPacket supports the following parameters:

  1. UrbPacket Division Mode (parameter name: "kUrbPacketDivisionModes")
  2. Size (parameter name: "size")
Parameter Valid Values Configured Value
kUrbPacketDivisionMode 1. FIRST_PACKET_ONLY_HEADER, 2. FIRST_PACKET_HAS_PAYLOAD, Value obtained from FuzzedDataProvider
size Integer 1 to 1000, Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) mtp_data_packet_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/mtp_data_packet_fuzzer/mtp_data_packet_fuzzer