diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-04-05 01:35:34 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-04-05 01:35:34 +0000 |
| commit | 402965835af2c47a755c71a9f5426d86f06a20a8 (patch) | |
| tree | d7cbce41f295bdea394bcb923ef94a87e29c43d1 | |
| parent | 9afe720f0e88c8356de359ce84833cd95dfb69a7 (diff) | |
| parent | 4a1993fed2a4f9709693a13411d7dfcc73734181 (diff) | |
| download | libfmq-402965835af2c47a755c71a9f5426d86f06a20a8.tar.gz | |
Snap for 9884336 from 4a1993fed2a4f9709693a13411d7dfcc73734181 to udc-d1-release
Change-Id: I4dfbca895141183930467c20b3887d3ecee03560
| -rw-r--r-- | fuzzer/fmq_fuzzer.cpp | 10 | ||||
| -rw-r--r-- | include/fmq/MessageQueueBase.h | 5 |
2 files changed, 7 insertions, 8 deletions
diff --git a/fuzzer/fmq_fuzzer.cpp b/fuzzer/fmq_fuzzer.cpp index 246b79f..1c92814 100644 --- a/fuzzer/fmq_fuzzer.cpp +++ b/fuzzer/fmq_fuzzer.cpp @@ -123,7 +123,7 @@ void reader(const Desc& desc, std::vector<uint8_t> readerData, bool userFd) { return; } FuzzedDataProvider fdp(&readerData[0], readerData.size()); - payload_t* ring = nullptr; + payload_t* ring = reinterpret_cast<payload_t*>(readMq.getRingBufferPtr()); while (fdp.remaining_bytes()) { typename Queue::MemTransaction tx; size_t numElements = fdp.ConsumeIntegralInRange<size_t>(0, kMaxNumElements); @@ -136,9 +136,6 @@ void reader(const Desc& desc, std::vector<uint8_t> readerData, bool userFd) { // the ring buffer is only next to the read/write counters when there is // no user supplied fd if (!userFd) { - if (ring == nullptr) { - ring = firstStart; - } if (fdp.ConsumeIntegral<uint8_t>() == 1) { uint64_t* writeCounter = getCounterPtr(ring, desc, android::hardware::details::WRITEPTRPOS); @@ -184,7 +181,7 @@ void readerBlocking<MessageQueueUnsync, MQDescUnsync>(const MQDescUnsync&, std:: template <typename Queue, typename Desc> void writer(const Desc& desc, Queue& writeMq, FuzzedDataProvider& fdp, bool userFd) { - payload_t* ring = nullptr; + payload_t* ring = reinterpret_cast<payload_t*>(writeMq.getRingBufferPtr()); while (fdp.remaining_bytes()) { typename Queue::MemTransaction tx; size_t numElements = 1; @@ -199,9 +196,6 @@ void writer(const Desc& desc, Queue& writeMq, FuzzedDataProvider& fdp, bool user // the ring buffer is only next to the read/write counters when there is // no user supplied fd if (!userFd) { - if (ring == nullptr) { - ring = firstStart; - } if (fdp.ConsumeIntegral<uint8_t>() == 1) { uint64_t* readCounter = getCounterPtr(ring, desc, android::hardware::details::READPTRPOS); diff --git a/include/fmq/MessageQueueBase.h b/include/fmq/MessageQueueBase.h index 9eb36fe..f99e335 100644 --- a/include/fmq/MessageQueueBase.h +++ b/include/fmq/MessageQueueBase.h @@ -421,6 +421,11 @@ struct MessageQueueBase { */ bool commitRead(size_t nMessages); + /** + * Get the pointer to the ring buffer. Useful for debugging and fuzzing. + */ + uint8_t* getRingBufferPtr() const { return mRing; } + private: size_t availableToWriteBytes() const; size_t availableToReadBytes() const; |