-
Ken Rockot authored
Adds two new fuzzers: one to fuzz deserialization of port events in general, and one to fuzz user message events specifically, which have an additional layer of parsing beyond the port event header. A successfully parsed user message event is ultimately how we carry application payloads end-to-end across message pipes via the public message pipe API. With these fuzzers in addition to the Channel and NodeChannel fuzzers, we have fuzz coverage of every part of the stack between the OS and the generated bindings. This CL fixes some low-hanging fruit where we (a) weren't properly handling certain deserialization failure cases, leading to nullptr deref; and (b) weren't properly rejecting messages with far too many handles (ostensibly) attached. Finally this also ensures that Mojo core is initialized in the other existing fuzzers, since they may also end up deserializing handles and thus require the global handle table to be set up. Bug: 897743 Change-Id: Ie5d5f8025728f6e57b2ce46d3c41532bf134eb45 Reviewed-on: https://chromium-review.googlesource.com/c/1352976 Commit-Queue: Ken Rockot <rockot@google.com> Reviewed-by:
Oliver Chang <ochang@chromium.org> Cr-Commit-Position: refs/heads/master@{#612043}
092d94af
