trace_processor: Add fuzzer for trace parser
Change-Id: Id0018f702ce8cf95347f4dd40c5bbedf5ba3f5ec
diff --git a/.travis.yml b/.travis.yml
index ef32e17..75b6e76 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -184,6 +184,7 @@
out/dist/end_to_end_shared_memory_fuzzer -runs=1
out/dist/buffered_frame_deserializer_fuzzer -runs=1
out/dist/unwinding_fuzzer -runs=1
+ out/dist/trace_processor_fuzzer -runs=1
fi
fi
diff --git a/BUILD.gn b/BUILD.gn
index 78027f6..eebb27b 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -276,6 +276,7 @@
"src/ipc:buffered_frame_deserializer_fuzzer",
"src/profiling/memory:shared_ring_buffer_fuzzer",
"src/profiling/memory:unwinding_fuzzer",
+ "src/trace_processor:trace_processor_fuzzer",
"src/traced/probes/ftrace:cpu_reader_fuzzer",
"test:end_to_end_shared_memory_fuzzer",
]
diff --git a/src/trace_processor/BUILD.gn b/src/trace_processor/BUILD.gn
index c64b392..9ff5c6c 100644
--- a/src/trace_processor/BUILD.gn
+++ b/src/trace_processor/BUILD.gn
@@ -14,6 +14,7 @@
import("../../gn/perfetto.gni")
import("../../gn/wasm.gni")
+import("../../gn/fuzzer.gni")
wasm_lib("trace_processor_wasm") {
name = "trace_processor"
@@ -220,3 +221,21 @@
"../base:test_support",
]
}
+
+perfetto_fuzzer_test("trace_processor_fuzzer") {
+ testonly = true
+ sources = [
+ "trace_parsing_fuzzer.cc",
+ ]
+ deps = [
+ ":lib",
+ "../../../../gn:default_deps",
+ "../../buildtools:sqlite",
+ "../../gn:default_deps",
+ "../../gn:gtest_deps",
+ "../../protos/perfetto/trace:lite",
+ "../../protos/perfetto/trace_processor:lite",
+ "../base",
+ "../base:test_support",
+ ]
+}
diff --git a/src/trace_processor/trace_parsing_fuzzer.cc b/src/trace_processor/trace_parsing_fuzzer.cc
new file mode 100644
index 0000000..19ef03d
--- /dev/null
+++ b/src/trace_processor/trace_parsing_fuzzer.cc
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "perfetto/base/logging.h"
+#include "perfetto/trace_processor/trace_processor.h"
+
+#include "perfetto/trace_processor/raw_query.pb.h"
+
+namespace perfetto {
+namespace trace_processor {
+
+void FuzzTraceProcessor(const uint8_t* data, size_t size);
+
+void FuzzTraceProcessor(const uint8_t* data, size_t size) {
+ std::unique_ptr<TraceProcessor> processor =
+ TraceProcessor::CreateInstance(Config());
+ std::unique_ptr<uint8_t[]> buf(new uint8_t[size]);
+ memcpy(buf.get(), data, size);
+ if (!processor->Parse(std::move(buf), size))
+ return;
+ processor->NotifyEndOfFile();
+}
+
+} // namespace trace_processor
+} // namespace perfetto
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ perfetto::trace_processor::FuzzTraceProcessor(data, size);
+ return 0;
+}