Merge "Add a fuzzer for OTA package verification" am: 6a4dbdf088 am: 923cdf3db1 am: ab1a7bb228 am: a66580cd75

Original change: https://android-review.googlesource.com/c/platform/bootable/recovery/+/1495296

Change-Id: Ie628f4e8abaaed3609899fe9a24b80fb776b7760
diff --git a/tests/Android.bp b/tests/Android.bp
index a9a088a..19f2a6c 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -201,3 +201,23 @@
         },
     },
 }
+
+cc_fuzz {
+    name: "libinstall_verify_package_fuzzer",
+    defaults: [
+        "recovery_test_defaults",
+    ],
+
+    srcs: ["fuzz/verify_package_fuzzer.cpp"],
+
+    corpus: [
+      "testdata/otasigned*.zip",
+    ],
+
+    static_libs: [
+        "libotautil",
+        "libinstall",
+        "librecovery_ui",
+        "libminui",
+    ],
+}
diff --git a/tests/fuzz/verify_package_fuzzer.cpp b/tests/fuzz/verify_package_fuzzer.cpp
new file mode 100644
index 0000000..baa44e0
--- /dev/null
+++ b/tests/fuzz/verify_package_fuzzer.cpp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "fuzzer/FuzzedDataProvider.h"
+
+#include "install/install.h"
+#include "install/package.h"
+#include "recovery_ui/stub_ui.h"
+
+std::unique_ptr<Package> CreatePackage(std::vector<uint8_t>& content) {
+  return Package::CreateMemoryPackage(content, [](float) -> void {});
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  FuzzedDataProvider data_provider(data, size);
+  auto package_contents = data_provider.ConsumeRemainingBytes<uint8_t>();
+  if (package_contents.size() == 0) {
+    return 0;
+  }
+  auto package = CreatePackage(package_contents);
+  StubRecoveryUI ui;
+  verify_package(package.get(), &ui);
+  return 0;
+}