diff --git a/base/test/fuzztest/BUILD.gn b/base/test/fuzztest/BUILD.gn index 97ca64680145194de07b4254820f05377b3c7d80..d808cb0021ee6d369dd430ce32d89ae7438b510e 100644 --- a/base/test/fuzztest/BUILD.gn +++ b/base/test/fuzztest/BUILD.gn @@ -18,9 +18,12 @@ group("fuzztest") { deps = [] deps += [ # deps file + "ashmem_fuzzer:AshmemFuzzTest", + "directory_fuzzer:DirectoryFuzzTest", "parcel_fuzzer:ParcelFuzzTest", "refbase_fuzzer:RefbaseFuzzTest", "string_fuzzer:StringFuzzTest", + "thread_fuzzer:ThreadFuzzTest", "timer_fuzzer:TimerFuzzTest", ] } diff --git a/base/test/fuzztest/ashmem_fuzzer/BUILD.gn b/base/test/fuzztest/ashmem_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..5d0127494555196d3d8d8a6d6c0fbee5a771468c --- /dev/null +++ b/base/test/fuzztest/ashmem_fuzzer/BUILD.gn @@ -0,0 +1,33 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("AshmemFuzzTest") { + module_out_path = "c_utils/c_utils" + fuzz_config_file = "." + include_dirs = [ "../" ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + defines = [ "DEBUG_FUZZ" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog_base", + ] + sources = [ "ashmem_fuzzer.cpp" ] +} +############################################################################### diff --git a/base/test/fuzztest/ashmem_fuzzer/ashmem_fuzzer.cpp b/base/test/fuzztest/ashmem_fuzzer/ashmem_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..1c5e34b3be828bfc3c6fe724a3aacc48fa359980 --- /dev/null +++ b/base/test/fuzztest/ashmem_fuzzer/ashmem_fuzzer.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ashmem_fuzzer.h" +#include "fuzzer/FuzzedDataProvider.h" +#include "ashmem.h" + +using namespace std; + +namespace OHOS { +const int MAX_MEMORY_SIZE = 1024; +const int MAX_MEMORY_NAME_LEN = 10; + +void AshmemTestFunc(FuzzedDataProvider* dataProvider) +{ + string name = dataProvider->ConsumeRandomLengthString(MAX_MEMORY_NAME_LEN); + int memorySize = dataProvider->ConsumeIntegralInRange(0, MAX_MEMORY_SIZE); + sptr ashmem = Ashmem::CreateAshmem(name.c_str(), memorySize); + if (ashmem == nullptr) { + return; + } + + bool ret = ashmem->MapReadAndWriteAshmem(); + if (ret != true) { + return; + } + + string memoryContent = dataProvider->ConsumeRandomLengthString(MAX_MEMORY_SIZE); + ret = ashmem->WriteToAshmem(memoryContent.c_str(), sizeof(memoryContent), 0); + if (ret != true) { + return; + } + + string memoryContent2 = dataProvider->ConsumeRandomLengthString(MAX_MEMORY_SIZE); + ret = ashmem->WriteToAshmem(memoryContent2.c_str(), sizeof(memoryContent2), sizeof(memoryContent2)); + if (ret != true) { + return; + } + + auto readData = ashmem->ReadFromAshmem(sizeof(memoryContent), 0); + + const char *readContent = reinterpret_cast(readData); + + readData = ashmem->ReadFromAshmem(sizeof(memoryContent2), sizeof(memoryContent2)); + + readContent = reinterpret_cast(readData); + + int prot = dataProvider->ConsumeIntegral(); + ashmem->SetProtection(prot); + + ashmem->UnmapAshmem(); + ashmem->CloseAshmem(); +} + +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + FuzzedDataProvider dataProvider(data, size); + OHOS::AshmemTestFunc(&dataProvider); + return 0; +} diff --git a/base/test/fuzztest/ashmem_fuzzer/ashmem_fuzzer.h b/base/test/fuzztest/ashmem_fuzzer/ashmem_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e9767fc463087e19f4659273e186f59cbac6cca6 --- /dev/null +++ b/base/test/fuzztest/ashmem_fuzzer/ashmem_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ASHMEM_FUZZER_H +#define ASHMEM_FUZZER_H + +#define FUZZ_PROJECT_NAME "ashmem_fuzzer" + +#endif // ASHMEM_FUZZER_H diff --git a/base/test/fuzztest/ashmem_fuzzer/corpus/init b/base/test/fuzztest/ashmem_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/base/test/fuzztest/ashmem_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/base/test/fuzztest/ashmem_fuzzer/project.xml b/base/test/fuzztest/ashmem_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..d6679ccc2ec868b072c934ed45102d545f31f91d --- /dev/null +++ b/base/test/fuzztest/ashmem_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/base/test/fuzztest/directory_fuzzer/BUILD.gn b/base/test/fuzztest/directory_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..80ff0f20aa0e9c11166650dd60183303be1d217c --- /dev/null +++ b/base/test/fuzztest/directory_fuzzer/BUILD.gn @@ -0,0 +1,33 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DirectoryFuzzTest") { + module_out_path = "c_utils/c_utils" + fuzz_config_file = "." + include_dirs = [ "../" ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + defines = [ "DEBUG_FUZZ" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog_base", + ] + sources = [ "directory_fuzzer.cpp" ] +} +############################################################################### diff --git a/base/test/fuzztest/directory_fuzzer/corpus/init b/base/test/fuzztest/directory_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/base/test/fuzztest/directory_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/base/test/fuzztest/directory_fuzzer/directory_fuzzer.cpp b/base/test/fuzztest/directory_fuzzer/directory_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d0308bc2ece1294568d0a0d84ed9af31b0a15715 --- /dev/null +++ b/base/test/fuzztest/directory_fuzzer/directory_fuzzer.cpp @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "directory_fuzzer.h" +#include "fuzz_log.h" +#include +#include +#include "fuzzer/FuzzedDataProvider.h" +#include "directory_ex.h" + +using namespace std; + +namespace OHOS { +const uint8_t MAX_DIR_LENGTH = 15; +const uint8_t MAX_DIR_LEVEL = 10; +const uint8_t MAX_DIR_NUM = 10; + +void DirectoryTestFunc(FuzzedDataProvider* dataProvider) +{ + FUZZ_LOGI("DirectoryTestFunc start"); + GetCurrentProcPath(); + + string testDir = "/data/test_dir"; + ForceRemoveDirectory(testDir); + + string testFile = testDir + "test_file"; + ofstream file = ofstream(testFile, fstream::out); + file.close(); + + for (int i = 0; i < MAX_DIR_NUM; i++) { + string path = testDir; + int level = dataProvider->ConsumeIntegralInRange(0, MAX_DIR_LEVEL); + for (int j = 0; j < level; j++) { + string name = dataProvider->ConsumeRandomLengthString(MAX_DIR_LENGTH); + path = ExcludeTrailingPathDelimiter(path) + "/" + name; + } + ForceCreateDirectory(path); + } + + string dirName = dataProvider->ConsumeRandomLengthString(MAX_DIR_LENGTH); + string dirPath = testDir + dirName; + ForceCreateDirectory(dirPath); + + string realPath1; + string overLongPath = testDir + dataProvider->ConsumeRandomLengthString(PATH_MAX); + PathToRealPath(overLongPath, realPath1); + + string fileName = dataProvider->ConsumeRandomLengthString(MAX_DIR_LENGTH); + ExtractFileExt(fileName); + + string fileFullPath = testDir + fileName; + mode_t mode = S_IRWXU | S_IRWXG | S_IRWXO; + ChangeModeFile(fileFullPath, mode); + ChangeModeDirectory(testDir, mode); + ChangeModeDirectory("", mode); + + IsEmptyFolder(testDir); + ForceRemoveDirectory(testDir); + + FUZZ_LOGI("DirectoryTestFunc end"); +} + +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + FuzzedDataProvider dataProvider(data, size); + OHOS::DirectoryTestFunc(&dataProvider); + return 0; +} diff --git a/base/test/fuzztest/directory_fuzzer/directory_fuzzer.h b/base/test/fuzztest/directory_fuzzer/directory_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..c4ca63126403d6ff49e60049bd19df397169e48e --- /dev/null +++ b/base/test/fuzztest/directory_fuzzer/directory_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DIRECTORY_FUZZER_H +#define DIRECTORY_FUZZER_H + +#define FUZZ_PROJECT_NAME "directory_fuzzer" + +#endif // DIRECTORY_FUZZER_H diff --git a/base/test/fuzztest/directory_fuzzer/project.xml b/base/test/fuzztest/directory_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..d6679ccc2ec868b072c934ed45102d545f31f91d --- /dev/null +++ b/base/test/fuzztest/directory_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/base/test/fuzztest/thread_fuzzer/BUILD.gn b/base/test/fuzztest/thread_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..ed8abcc1c05cde57fe346e9797cfcd5ccf84d41c --- /dev/null +++ b/base/test/fuzztest/thread_fuzzer/BUILD.gn @@ -0,0 +1,33 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("ThreadFuzzTest") { + module_out_path = "c_utils/c_utils" + fuzz_config_file = "." + include_dirs = [ "../" ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + defines = [ "DEBUG_FUZZ" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog_base", + ] + sources = [ "thread_fuzzer.cpp" ] +} +############################################################################### diff --git a/base/test/fuzztest/thread_fuzzer/corpus/init b/base/test/fuzztest/thread_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/base/test/fuzztest/thread_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/base/test/fuzztest/thread_fuzzer/project.xml b/base/test/fuzztest/thread_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..d6679ccc2ec868b072c934ed45102d545f31f91d --- /dev/null +++ b/base/test/fuzztest/thread_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/base/test/fuzztest/thread_fuzzer/thread_fuzzer.cpp b/base/test/fuzztest/thread_fuzzer/thread_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ddeef6a9ea29ea42c2f542f335e3061d31698ddd --- /dev/null +++ b/base/test/fuzztest/thread_fuzzer/thread_fuzzer.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "thread_fuzzer.h" +#include "fuzz_log.h" +#include +#include +#include +#include +#include +#include +#include "fuzzer/FuzzedDataProvider.h" +#include "thread_ex.h" + +using namespace std; + +namespace OHOS { +const std::string& DEFAULT_THREAD_NAME = "default"; +const int MAX_STACK_SIZE = 4096; +const int MAX_PRIORITY = 10; +using ThreadRunFunc = bool (*)(int& data); + +bool TestRun(int &data) +{ + sleep(1); + ++data; + return false; +} + +class TestThread : public OHOS::Thread { +public: + TestThread(const int data, const bool readyToWork, int priority, ThreadRunFunc runFunc) + : data_(data), priority_(priority), name_(DEFAULT_THREAD_NAME), readyToWork_(readyToWork), runFunc_(runFunc) + {}; + + TestThread() = delete; + ~TestThread() {} + + bool ReadyToWork() override; + + int data_; + int priority_; + std::string name_; +protected: + bool Run() override; + +private: + bool readyToWork_; + ThreadRunFunc runFunc_; +}; + +bool TestThread::ReadyToWork() +{ + return readyToWork_; +} + +bool TestThread::Run() +{ + priority_ = getpriority(PRIO_PROCESS, 0); + char threadName[MAX_THREAD_NAME_LEN] = {0}; + prctl(PR_GET_NAME, threadName, 0, 0); + name_ = threadName; + + if (runFunc_ != nullptr) { + return (*runFunc_)(data_); + } + + return false; +} + +void ThreadTestFunc(FuzzedDataProvider* dataProvider) +{ + bool readyToWork = dataProvider->ConsumeBool(); + bool priority = dataProvider->ConsumeIntegralInRange(0, MAX_PRIORITY); + auto t = std::make_unique(0, readyToWork, priority, TestRun); + + int stacksize = dataProvider->ConsumeIntegralInRange(0, MAX_STACK_SIZE); + string name = dataProvider->ConsumeRandomLengthString(MAX_THREAD_NAME_LEN); + bool newPriority = dataProvider->ConsumeIntegralInRange(0, MAX_PRIORITY); + auto result = t->Start(name, newPriority, stacksize); + if (result != ThreadStatus::OK) { + return; + } + t->ReadyToWork(); + t->IsExitPending(); + t->IsRunning(); + t->NotifyExitSync(); +} + +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + FuzzedDataProvider dataProvider(data, size); + OHOS::ThreadTestFunc(&dataProvider); + return 0; +} diff --git a/base/test/fuzztest/thread_fuzzer/thread_fuzzer.h b/base/test/fuzztest/thread_fuzzer/thread_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..a3bba3a098478c1051c5aa599dfe2623e5f115d6 --- /dev/null +++ b/base/test/fuzztest/thread_fuzzer/thread_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef THREAD_FUZZER_H +#define THREAD_FUZZER_H + +#define FUZZ_PROJECT_NAME "thread_fuzzer" + +#endif // THREAD_FUZZER_H