summaryrefslogtreecommitdiff
path: root/fuzz
diff options
context:
space:
mode:
authorDaisuke Nojiri <dnojiri@chromium.org>2021-04-10 08:22:05 -0700
committerCommit Bot <commit-bot@chromium.org>2021-06-18 16:05:25 +0000
commit21821c74d5c8ab87e0215b28786146f4261326e1 (patch)
tree0be97bf0bbab8d38bb8feb3382880738b19679c5 /fuzz
parentd998a0ddccda21d15e5e0f6e08f5d2b1effff6b5 (diff)
downloadchrome-ec-21821c74d5c8ab87e0215b28786146f4261326e1.tar.gz
PCHG: Acquire lock before wait/signal pthread condition
This patch makes test_fuzz_one_input acquire a lock before waiting on done_cond and makes irq_task acquire a lock before signaling done_cond. Otherwise, undefined behavior would result. BUG=b:190841496, chromium:1221266 BRANCH=trogdor TEST=make run-pchg_fuzz TEST=pchg_fuzz.exe -seed=1 -runs=1000000 -dict=fuzz/pchg_fuzz.corpus Change-Id: Ic5572bae7c8764d44a7872869c5f8e9b4503280b Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2971867 Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'fuzz')
-rw-r--r--fuzz/pchg_fuzz.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/fuzz/pchg_fuzz.c b/fuzz/pchg_fuzz.c
index 14bdb94566..301a592617 100644
--- a/fuzz/pchg_fuzz.c
+++ b/fuzz/pchg_fuzz.c
@@ -87,7 +87,9 @@ void irq_task(int argc, char **argv)
test_chipset_off();
+ pthread_mutex_lock(&lock);
pthread_cond_signal(&done_cond);
+ pthread_mutex_unlock(&lock);
}
}
@@ -103,13 +105,19 @@ int test_fuzz_one_input(const uint8_t *data, unsigned int size)
if (size < sizeof(struct ctn730_msg))
return 0;
+ pthread_mutex_init(&lock, NULL);
+ pthread_cond_init(&done_cond, NULL);
+
head = input;
tail = input + size;
memcpy(input, data, size);
data_available = true;
task_set_event(TASK_ID_IRQ, TASK_EVENT_FUZZ);
+
+ pthread_mutex_lock(&lock);
pthread_cond_wait(&done_cond, &lock);
+ pthread_mutex_unlock(&lock);
return 0;
}
View Lorry Controller Status