diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 03890cdbe0855ddbc3f04913c117a68b4fb0021d..9d9faa56b7fc8bd3b2ee8aa8173bb17994d4ead6 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -61,11 +61,13 @@ group("fuzztest") { "abilityautostartupdatamanagerthird_fuzzer:fuzztest", "abilityautostartupservicea_fuzzer:fuzztest", "abilityautostartupserviceb_fuzzer:fuzztest", + "abilityautostartupservicefirst_fuzzer:fuzztest", "abilitybackgroundconnection_fuzzer:fuzztest", "abilitycachemanagera_fuzzer:fuzztest", "abilityconnectionstub_fuzzer:fuzztest", "abilitycontext_fuzzer:fuzztest", "abilitydebugdeal_fuzzer:fuzztest", + "abilitydebugdealfirst_fuzzer:fuzztest", "abilitydebugresponseproxy_fuzzer:fuzztest", "abilitydebugresponsestub_fuzzer:fuzztest", "abilityecologicalrulemgrservicefirst_fuzzer:fuzztest", diff --git a/test/fuzztest/abilityautostartupservicefirst_fuzzer/BUILD.gn b/test/fuzztest/abilityautostartupservicefirst_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..ab0d1d7be62005e014ec4fc684903222ebd80b59 --- /dev/null +++ b/test/fuzztest/abilityautostartupservicefirst_fuzzer/BUILD.gn @@ -0,0 +1,115 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +import("//foundation/ability/ability_runtime/ability_runtime.gni") +module_output_path = "ability_runtime/abilitymgr" + +##############################fuzztest########################################## +ohos_fuzztest("AbilityAutoStartupServiceFirstFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = + "${ability_runtime_test_path}/fuzztest/abilityautostartupservicefirst_fuzzer" + include_dirs = [ + "${ability_runtime_innerkits_path}/ability_manager/include", + "${ability_runtime_innerkits_path}/dataobs_manager/include", + "${ability_runtime_services_path}/abilitymgr/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ + "${ability_runtime_services_path}/abilitymgr/src/ability_auto_startup_data_manager.cpp", + "${ability_runtime_services_path}/abilitymgr/src/ability_auto_startup_service.cpp", + "abilityautostartupservicefirst_fuzzer.cpp", + ] + + configs = [ + "${ability_runtime_innerkits_path}/ability_manager:ability_manager_public_config", + "${ability_runtime_services_path}/abilitymgr:abilityms_config", + ] + + deps = [ + "${ability_runtime_innerkits_path}/ability_manager:ability_manager", + "${ability_runtime_innerkits_path}/ability_manager:ability_start_options", + "${ability_runtime_innerkits_path}/deps_wrapper:ability_deps_wrapper", + "${ability_runtime_native_path}/ability/native:abilitykit_native", + "${ability_runtime_native_path}/ability/native:auto_startup_callback", + "${ability_runtime_native_path}/appkit:appkit_manager_helper", + "${ability_runtime_services_path}/abilitymgr:abilityms", + "${ability_runtime_services_path}/common:app_util", + "${ability_runtime_services_path}/common:perm_verification", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "access_token:libaccesstoken_sdk", + "access_token:libtokenid_sdk", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "bundle_framework:libappexecfwk_common", + "c_utils:utils", + "common_event_service:cesfwk_core", + "common_event_service:cesfwk_innerkits", + "eventhandler:libeventhandler", + "ffrt:libffrt", + "hilog:libhilog", + "hisysevent:libhisysevent", + "input:libmmi-client", + "ipc:ipc_core", + "kv_store:distributeddata_inner", + "napi:ace_napi", + "os_account:os_account_innerkits", + "relational_store:native_dataability", + "relational_store:native_rdb", + "safwk:api_cache_manager", + "samgr:samgr_proxy", + ] + + if (ability_runtime_graphics) { + deps += [] + external_deps += [ + "i18n:intl_util", + "window_manager:libwm", + ] + } + if (ability_runtime_upms) { + deps += [ + "${ability_runtime_innerkits_path}/uri_permission:uri_permission_mgr", + ] + } + cflags_cc = [] + if (os_dlp_part_enabled) { + cflags_cc += [ "-DWITH_DLP" ] + } +} + +############################################################################### +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":AbilityAutoStartupServiceFirstFuzzTest", + ] +} +############################################################################### diff --git a/test/fuzztest/abilityautostartupservicefirst_fuzzer/abilityautostartupservicefirst_fuzzer.cpp b/test/fuzztest/abilityautostartupservicefirst_fuzzer/abilityautostartupservicefirst_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..daa4609781b3c5674289e4c89518251a4c41f4dc --- /dev/null +++ b/test/fuzztest/abilityautostartupservicefirst_fuzzer/abilityautostartupservicefirst_fuzzer.cpp @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "abilityautostartupservicefirst_fuzzer.h" + +#include +#include +#include + +#define private public +#define protected public +#include "ability_auto_startup_service.h" +#undef protected +#undef private + +#include "ability_auto_startup_data_manager.h" +#include "ability_record.h" + +using namespace OHOS::AAFwk; +using namespace OHOS::AppExecFwk; +using namespace OHOS::AbilityRuntime; + +namespace OHOS { +namespace { +constexpr size_t STRING_MAX_LENGTH = 128; +} +sptr GetFuzzAbilityToken() +{ + sptr token = nullptr; + AbilityRequest abilityRequest; + abilityRequest.appInfo.bundleName = "com.example.fuzzTest"; + abilityRequest.abilityInfo.name = "MainAbility"; + abilityRequest.abilityInfo.type = AbilityType::DATA; + std::shared_ptr abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest); + if (abilityRecord) { + token = abilityRecord->GetToken(); + } + return token; +} + +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) +{ + std::string abilityTypeName; + std::string accessTokenId; + int32_t int32Param; + int32_t userId; + bool isSet; + bool flag; + bool isVisible; + FuzzedDataProvider fdp(data, size); + abilityTypeName = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + accessTokenId = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + int32Param = fdp.ConsumeIntegral(); + userId = fdp.ConsumeIntegral(); + isSet = fdp.ConsumeBool(); + flag = fdp.ConsumeBool(); + isVisible = fdp.ConsumeBool(); + std::shared_ptr service = std::make_shared(); + sptr token1 = GetFuzzAbilityToken(); + service->RegisterAutoStartupSystemCallback(token1); // branch + service->RegisterAutoStartupSystemCallback(token1); // branch duplicate regist + service->UnregisterAutoStartupSystemCallback(token1); // branch + sptr token2 = GetFuzzAbilityToken(); + service->UnregisterAutoStartupSystemCallback(token2); // branch unregister not exist. + + AutoStartupInfo info; + info.bundleName = "com.example.fuzztest"; + info.moduleName = "stringParam"; + info.abilityName = "MainAbility"; + info.appCloneIndex = int32Param; + info.accessTokenId = "accessTokenId"; + info.setterUserId = int32Param; + info.userId = int32Param; + + AutoStartupAbilityData abilityData; + abilityData.isVisible = isVisible; + abilityData.abilityTypeName = abilityTypeName; + abilityData.accessTokenId = accessTokenId; + abilityData.setterUserId = int32Param; + bool isFlag = service->GetAbilityData(info, abilityData); + service->SetApplicationAutoStartup(info); + if (isFlag) { + AutoStartupInfo fullInfo(info); + fullInfo.abilityTypeName = abilityData.abilityTypeName; + fullInfo.setterUserId = abilityData.setterUserId; + fullInfo.accessTokenId = abilityData.accessTokenId; + fullInfo.userId = abilityData.userId; + fullInfo.canUserModify = true; + fullInfo.setterType = AutoStartupSetterType::USER; + } + service->SetApplicationAutoStartup(info); + service->CancelApplicationAutoStartup(info); + service->InnerCancelApplicationAutoStartup(info); + service->SetApplicationAutoStartupByEDM(info, flag); + service->CancelApplicationAutoStartupByEDM(info, flag); + + AutoStartupStatus status = + DelayedSingleton::GetInstance()->QueryAutoStartupData(info); + status.code = int32Param; + service->InnerApplicationAutoStartupByEDM(info, isSet, flag); + status.code = ERR_NAME_NOT_FOUND; + service->InnerApplicationAutoStartupByEDM(info, isSet, flag); + isSet = true; + service->InnerApplicationAutoStartupByEDM(info, isSet, flag); + isSet = false; + service->InnerApplicationAutoStartupByEDM(info, isSet, flag); + return true; +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/abilityautostartupservicefirst_fuzzer/abilityautostartupservicefirst_fuzzer.h b/test/fuzztest/abilityautostartupservicefirst_fuzzer/abilityautostartupservicefirst_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..44b771c6082f070e8a95fb1f0a1bcabb8c6db61d --- /dev/null +++ b/test/fuzztest/abilityautostartupservicefirst_fuzzer/abilityautostartupservicefirst_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FUZZTEST_OHOS_ABILITY_RUNTIME_ABILITYAUTOSTARTUPSERVICE_FIRST_FUZZER_H +#define FUZZTEST_OHOS_ABILITY_RUNTIME_ABILITYAUTOSTARTUPSERVICE_FIRST_FUZZER_H + +#define FUZZ_PROJECT_NAME "abilityautostartupservicefirst_fuzzer" + +#endif // FUZZTEST_OHOS_ABILITY_RUNTIME_ABILITYAUTOSTARTUPSERVICE_FIRST_FUZZER_H diff --git a/test/fuzztest/abilityautostartupservicefirst_fuzzer/corpus/init b/test/fuzztest/abilityautostartupservicefirst_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/abilityautostartupservicefirst_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/abilityautostartupservicefirst_fuzzer/project.xml b/test/fuzztest/abilityautostartupservicefirst_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..4a9e5e0e8a11651fe5994c426bebaa63a1c7a980 --- /dev/null +++ b/test/fuzztest/abilityautostartupservicefirst_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 600 + + 4096 + + diff --git a/test/fuzztest/abilitydebugdealfirst_fuzzer/BUILD.gn b/test/fuzztest/abilitydebugdealfirst_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..8910a19686d82e2767cd688708652d0a258c7bd7 --- /dev/null +++ b/test/fuzztest/abilitydebugdealfirst_fuzzer/BUILD.gn @@ -0,0 +1,92 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +import("//foundation/ability/ability_runtime/ability_runtime.gni") +module_output_path = "ability_runtime/abilitymgr" + +##############################fuzztest########################################## +ohos_fuzztest("AbilityDebugDealFirstFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = + "${ability_runtime_test_path}/fuzztest/abilitydebugdealfirst_fuzzer" + include_dirs = [ + "${ability_runtime_innerkits_path}/ability_manager/include", + "${ability_runtime_services_path}/abilitymgr/include/utils", + "${ability_runtime_services_path}/abilitymgr/include", + "${ability_runtime_innerkits_path}/app_manager/include/appmgr", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "${ability_runtime_innerkits_path}/app_manager/src/appmgr/ability_debug_response_stub.cpp", + "${ability_runtime_services_path}/abilitymgr/src/ability_debug_deal.cpp", + "abilitydebugdealfirst_fuzzer.cpp", + ] + + configs = [ "${ability_runtime_innerkits_path}/ability_manager:ability_manager_public_config" ] + cflags = [] + if (target_cpu == "arm") { + cflags += [ "-DBINDER_IPC_32BIT" ] + } + deps = [ + "${ability_runtime_innerkits_path}/ability_manager:ability_manager", + "${ability_runtime_innerkits_path}/ability_manager:ability_start_options", + "${ability_runtime_native_path}/ability/native:abilitykit_native", + "${ability_runtime_services_path}/abilitymgr:abilityms", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "common_event_service:cesfwk_innerkits", + "ffrt:libffrt", + "hilog:libhilog", + "hitrace:hitrace_meter", + "ipc:ipc_core", + "napi:ace_napi", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] + + if (ability_runtime_graphics) { + external_deps += [ "input:libmmi-client" ] + } + + cflags_cc = [] + if (os_dlp_part_enabled) { + cflags_cc += [ "-DWITH_DLP" ] + } +} + +############################################################################### +group("fuzztest") { + testonly = true + deps = [] + deps += [ + #deps file + ":AbilityDebugDealFirstFuzzTest", + ] +} +############################################################################## # diff --git a/test/fuzztest/abilitydebugdealfirst_fuzzer/abilitydebugdealfirst_fuzzer.cpp b/test/fuzztest/abilitydebugdealfirst_fuzzer/abilitydebugdealfirst_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..bb95eacd80da6d4cc90c22a0d6dad431083699a8 --- /dev/null +++ b/test/fuzztest/abilitydebugdealfirst_fuzzer/abilitydebugdealfirst_fuzzer.cpp @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "abilitydebugdealfirst_fuzzer.h" + +#include +#include +#include + +#define private public +#include "ability_debug_deal.h" +#undef private +#include "ability_record.h" +#include "ability_debug_response_stub.h" +#include "securec.h" + +using namespace OHOS::AAFwk; +using namespace OHOS::AppExecFwk; + +namespace OHOS { +namespace { +constexpr size_t STRING_MAX_LENGTH = 128; +} +std::shared_ptr GetFuzzAbilityRecord() +{ + sptr token = nullptr; + AbilityRequest abilityRequest; + abilityRequest.appInfo.bundleName = "com.example.fuzzTest"; + abilityRequest.abilityInfo.name = "MainAbility"; + abilityRequest.abilityInfo.type = AbilityType::DATA; + std::shared_ptr abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest); + if (!abilityRecord) { + return nullptr; + } + return abilityRecord; +} + +sptr GetFuzzAbilityToken() +{ + sptr token = nullptr; + std::shared_ptr abilityRecord = GetFuzzAbilityRecord(); + if (abilityRecord) { + token = abilityRecord->GetToken(); + } + return token; +} + +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) +{ + bool boolParam; + sptr token = GetFuzzAbilityToken(); + std::vector> tokens; + std::weak_ptr deal; + FuzzedDataProvider fdp(data, size); + boolParam = fdp.ConsumeBool(); + auto abilityDebugDeal = std::make_shared(); + abilityDebugDeal->RegisterAbilityDebugResponse(); + abilityDebugDeal->OnAbilitysDebugStarted(tokens); + abilityDebugDeal->OnAbilitysDebugStoped(tokens); + abilityDebugDeal->OnAbilitysAssertDebugChange(tokens, boolParam); + Token::GetAbilityRecordByToken(token) = nullptr; + abilityDebugDeal->OnAbilitysDebugStarted(tokens); + abilityDebugDeal->OnAbilitysDebugStoped(tokens); + abilityDebugDeal->OnAbilitysAssertDebugChange(tokens, boolParam); + + auto abilityDebugResponse = std::make_shared(deal); + abilityDebugResponse->OnAbilitysDebugStarted(tokens); + abilityDebugResponse->OnAbilitysDebugStoped(tokens); + abilityDebugResponse->OnAbilitysAssertDebugChange(tokens, boolParam); + abilityDebugResponse->abilityDebugDeal_.lock() = nullptr; + abilityDebugResponse->OnAbilitysDebugStarted(tokens); + abilityDebugResponse->OnAbilitysDebugStoped(tokens); + abilityDebugResponse->OnAbilitysAssertDebugChange(tokens, boolParam); + return true; +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/abilitydebugdealfirst_fuzzer/abilitydebugdealfirst_fuzzer.h b/test/fuzztest/abilitydebugdealfirst_fuzzer/abilitydebugdealfirst_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..542817c545df083d5020135c17a40a80b126be4f --- /dev/null +++ b/test/fuzztest/abilitydebugdealfirst_fuzzer/abilitydebugdealfirst_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FUZZTEST_OHOS_ABILITY_RUNTIME_ABILITYDEBUGDEAL_FIRST_FUZZER_H +#define FUZZTEST_OHOS_ABILITY_RUNTIME_ABILITYDEBUGDEAL_FIRST_FUZZER_H + +#define FUZZ_PROJECT_NAME "abilitydebugdealfirst_fuzzer" + +#endif diff --git a/test/fuzztest/abilitydebugdealfirst_fuzzer/corpus/init b/test/fuzztest/abilitydebugdealfirst_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/abilitydebugdealfirst_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/abilitydebugdealfirst_fuzzer/project.xml b/test/fuzztest/abilitydebugdealfirst_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..4a9e5e0e8a11651fe5994c426bebaa63a1c7a980 --- /dev/null +++ b/test/fuzztest/abilitydebugdealfirst_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 600 + + 4096 + + diff --git a/test/fuzztest/abilityunlockscreencallback_fuzzer/abilityunlockscreencallback_fuzzer.cpp b/test/fuzztest/abilityunlockscreencallback_fuzzer/abilityunlockscreencallback_fuzzer.cpp index 30d1eebd3fe2ce3edfab5abeaa5d8dfe68e1976e..3b6fac5367b95d4a4b6e3806238ed3084e8ea184 100644 --- a/test/fuzztest/abilityunlockscreencallback_fuzzer/abilityunlockscreencallback_fuzzer.cpp +++ b/test/fuzztest/abilityunlockscreencallback_fuzzer/abilityunlockscreencallback_fuzzer.cpp @@ -36,6 +36,8 @@ bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) return false; } callback->OnCallBack(screenLockResult); + callback->screenLockResult_ = nullptr; + callback->OnCallBack(screenLockResult); return true; } } diff --git a/test/fuzztest/connectionobserverclientimplfourth_fuzzer/connectionobserverclientimplfourth_fuzzer.cpp b/test/fuzztest/connectionobserverclientimplfourth_fuzzer/connectionobserverclientimplfourth_fuzzer.cpp index e8f777315841e1cf469b712506b241ed29658f9f..c0b65f60f7c80a91dea9e47b11b2464aa7233a96 100644 --- a/test/fuzztest/connectionobserverclientimplfourth_fuzzer/connectionobserverclientimplfourth_fuzzer.cpp +++ b/test/fuzztest/connectionobserverclientimplfourth_fuzzer/connectionobserverclientimplfourth_fuzzer.cpp @@ -51,6 +51,10 @@ bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) connectionObserverClientImpl->RegisterObserverToServiceLocked(proxy); connectionObserverClientImpl->UnregisterFromServiceLocked(proxy); connectionObserverClientImpl->AddObserversLocked(observer); + sptr remoteObj; + proxy = std::make_shared(remoteObj); + connectionObserverClientImpl->RegisterObserverToServiceLocked(proxy); + connectionObserverClientImpl->UnregisterFromServiceLocked(proxy); return true; } }