From d870b67f26bf9d5978a9903a54eb31ad7aff9a85 Mon Sep 17 00:00:00 2001
From: huangshiwei <huangshiwei4@huawei.com>
Date: Mon, 11 Aug 2025 11:05:25 +0800
Subject: [PATCH] huangshiwei4@huawei.com

Signed-off-by: huangshiwei <huangshiwei4@huawei.com>
---
 .../BUILD.gn                                  |  4 ++
 ...itystartwithwaitobservermanager_fuzzer.cpp | 42 +++++--------------
 ...ilitystartwithwaitobserverproxy_fuzzer.cpp | 38 ++++-------------
 3 files changed, 22 insertions(+), 62 deletions(-)

diff --git a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/BUILD.gn b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/BUILD.gn
index b221bc90050..d4103835f8f 100644
--- a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/BUILD.gn
+++ b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/BUILD.gn
@@ -25,6 +25,7 @@ ohos_fuzztest("AbilityStartWithWaitObserverManagerFuzzTest") {
     "${ability_runtime_services_path}/abilitymgr/include",
     "${ability_runtime_services_path}/abilitymgr/include/utils",
     "${ability_runtime_innerkits_path}/app_manager/include/appmgr",
+    "${ability_runtime_test_path}/fuzztest",
   ]
 
   cflags = [
@@ -53,11 +54,14 @@ ohos_fuzztest("AbilityStartWithWaitObserverManagerFuzzTest") {
     "bundle_framework:appexecfwk_base",
     "bundle_framework:appexecfwk_core",
     "c_utils:utils",
+    "eventhandler:libeventhandler",
     "ffrt:libffrt",
     "hilog:libhilog",
+    "hisysevent:libhisysevent",
     "hitrace:hitrace_meter",
     "init:libbegetutil",
     "ipc:ipc_core",
+    "safwk:system_ability_fwk",
     "samgr:samgr_proxy",
     "window_manager:libwm",
   ]
diff --git a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp
index 37375e592e8..fc52af8a2ed 100644
--- a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp
+++ b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp
@@ -25,6 +25,7 @@
 #undef protected
 #undef private
 #include "securec.h"
+#include "ability_fuzz_util.h"
 #include "ability_record.h"
 
 using namespace OHOS::AAFwk;
@@ -35,13 +36,16 @@ namespace {
 constexpr size_t U32_AT_SIZE = 4;
 }
 
-bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
+bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
 {
     Want want;
+    AbilityRequest info;
     sptr<IAbilityStartWithWaitObserver> observer = nullptr;
-    std::shared_ptr<AbilityRecord> abilityRecord = nullptr;
+    FuzzedDataProvider fdp(data, size);
+    AbilityFuzzUtil::GetRandomAbilityRequestInfo(fdp, info);
+    std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(info);
     std::shared_ptr<AbilityStartWithWaitObserverManager> infos =
-    std::make_shared<AbilityStartWithWaitObserverManager>();
+        std::make_shared<AbilityStartWithWaitObserverManager>();
     infos->RegisterObserver(want, observer);
     infos->UnregisterObserver(observer);
     infos->NotifyAATerminateWait(want);
@@ -55,33 +59,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 /* Fuzzer entry point */
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
-    /* Run your code on data */
-    if (data == nullptr) {
-        std::cout << "invalid data" << std::endl;
-        return 0;
-    }
-
-    /* Validate the length of size */
-    if (size < OHOS::U32_AT_SIZE) {
-        return 0;
-    }
-
-    char* ch = static_cast<char*>(malloc(size + 1));
-    if (ch == nullptr) {
-        std::cout << "malloc failed." << std::endl;
-        return 0;
-    }
-
-    (void)memset_s(ch, size + 1, 0x00, size + 1);
-    if (memcpy_s(ch, size + 1, data, size) != EOK) {
-        std::cout << "copy failed." << std::endl;
-        free(ch);
-        ch = nullptr;
-        return 0;
-    }
-
-    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
-    free(ch);
-    ch = nullptr;
+    // Run your code on data.
+    OHOS::DoSomethingInterestingWithMyAPI(data, size);
     return 0;
-}
+}
\ No newline at end of file
diff --git a/test/fuzztest/abilitystartwithwaitobserverproxy_fuzzer/abilitystartwithwaitobserverproxy_fuzzer.cpp b/test/fuzztest/abilitystartwithwaitobserverproxy_fuzzer/abilitystartwithwaitobserverproxy_fuzzer.cpp
index 301be150515..13183f4629c 100644
--- a/test/fuzztest/abilitystartwithwaitobserverproxy_fuzzer/abilitystartwithwaitobserverproxy_fuzzer.cpp
+++ b/test/fuzztest/abilitystartwithwaitobserverproxy_fuzzer/abilitystartwithwaitobserverproxy_fuzzer.cpp
@@ -41,6 +41,7 @@ constexpr size_t OFFSET_ZERO = 24;
 constexpr size_t OFFSET_ONE = 16;
 constexpr size_t OFFSET_TWO = 8;
 constexpr uint8_t ENABLE = 2;
+constexpr size_t STRING_MAX_LENGTH = 128;
 }
 uint32_t GetU32Data(const char* ptr)
 {
@@ -63,7 +64,7 @@ sptr<Token> GetFuzzAbilityToken()
     return token;
 }
 
-bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
+bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
 {
     sptr<IRemoteObject> impl;
     std::shared_ptr<AbilityStartWithWaitObserverProxy> infos =
@@ -72,6 +73,9 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
         return false;
     }
     MessageParcel parcel;
+    FuzzedDataProvider fdp(data, size);
+    parcel.WriteString(fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH));
+    parcel.WriteInt32(fdp.ConsumeIntegral<int32_t>());
     infos->WriteInterfaceToken(parcel);
     AbilityStartWithWaitObserverData abilityStartWithWaitObserverData;
     infos->NotifyAATerminateWait(abilityStartWithWaitObserverData);
@@ -82,33 +86,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 /* Fuzzer entry point */
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
-    /* Run your code on data */
-    if (data == nullptr) {
-        std::cout << "invalid data" << std::endl;
-        return 0;
-    }
-
-    /* Validate the length of size */
-    if (size < OHOS::U32_AT_SIZE) {
-        return 0;
-    }
-
-    char* ch = static_cast<char*>(malloc(size + 1));
-    if (ch == nullptr) {
-        std::cout << "malloc failed." << std::endl;
-        return 0;
-    }
-
-    (void)memset_s(ch, size + 1, 0x00, size + 1);
-    if (memcpy_s(ch, size + 1, data, size) != EOK) {
-        std::cout << "copy failed." << std::endl;
-        free(ch);
-        ch = nullptr;
-        return 0;
-    }
-
-    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
-    free(ch);
-    ch = nullptr;
+    // Run your code on data.
+    OHOS::DoSomethingInterestingWithMyAPI(data, size);
     return 0;
-}
+}
\ No newline at end of file
-- 
Gitee