diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 3bff21b9ec7e4ce55e62804996bb5ca81145b188..b1beb55229b36b87313321701d1172489bfe763b 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -29,7 +29,7 @@ group("fuzztest") { "ipc/native/src/core/dbindersessionobject_fuzzer:DBinderSessionObjectFuzzTest", "ipc/native/src/core/dbindersoftbusclient_fuzzer:DBinderSoftbusClientFuzzTest", "ipc/native/src/mock/dbindersoftbusclientmock_fuzzer:DBinderSoftbusClientMockFuzzTest", - "ipc/native/src/core/dbinderservicestub_fuzzer:DBinderServiceStubFuzzTest", + "ipc/native/src/core/dbinderservicestub:dbinderservicestubfuzz", "ipc/native/src/core/getlocalnodedeviceid_fuzzer:GetLocalNodeDeviceIdFuzzTest", "ipc/native/src/core/invokerfactory_fuzzer:InvokerFactoryFuzzTest", "ipc/native/src/core/ipcfiledescriptor_fuzzer:IPCFileDescriptorFuzzTest", @@ -59,7 +59,7 @@ group("fuzztest") { "ipc/native/src/core/ipcthreadpoolnew_fuzzer:IPCThreadPoolNewFuzzTest", "ipc/native/src/core/binderconnector_fuzzer:BinderConnectorFuzzTest", "ipc/native/src/core/ipcobjectproxynew_fuzzer:IPCObjectProxyNewFuzzTest", - "ipc/native/src/core/ipcobjectstubnew_fuzzer:IPCObjectStubNewFuzzTest", + "ipc/native/src/core/ipcobjectstubnew:ipcobjectstubnewfuzz", "ipc/native/src/core/ipcpayloadstatisticsimpl_fuzzer:IPCPayloadStatisticsImplFuzzTest", "ipc/native/src/core/ipcpayloadstatisticsnew_fuzzer:IPCPayloadStatisticsNewFuzzTest", "ipc/native/src/core/iremotebroker_fuzzer:IRemoteBrokerFuzzTest", diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbinderservicestub/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..6083a46f0f5b4d7a35dd2e3e85404fd78d7aeb5c --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/BUILD.gn @@ -0,0 +1,22 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +group("dbinderservicestubfuzz") { + testonly = true + deps = [ + "dbinderservicestub001_fuzzer:DBinderServiceStub001FuzzTest", + "dbinderservicestub002_fuzzer:DBinderServiceStub002FuzzTest", + "dbinderservicestub003_fuzzer:DBinderServiceStub003FuzzTest", + "dbinderservicestub004_fuzzer:DBinderServiceStub004FuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/BUILD.gn similarity index 82% rename from test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/BUILD.gn index 6a06d352e4e497b11555fbd826c1834d509657fd..8510712f1a69e4909a3228169caeac1be65a3907 100644 --- a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/BUILD.gn @@ -17,18 +17,19 @@ import("//build/test.gni") SUBSYSTEM_DIR = "//foundation/communication/ipc" ##############################fuzztest########################################## -ohos_fuzztest("DBinderServiceStubFuzzTest") { +ohos_fuzztest("DBinderServiceStub001FuzzTest") { module_out_path = "ipc/ipc" include_dirs = [ "$SUBSYSTEM_DIR/interfaces/innerkits/ipc_core/include", + "../include", ] - fuzz_config_file = "../dbinderservicestub_fuzzer" + fuzz_config_file = "../dbinderservicestub001_fuzzer" defines = [ "private = public", "protected = public", ] - sources = [ "dbinderservicestub_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + sources = [ "dbinderservicestub001_fuzzer.cpp" ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/dbinderservicestub001_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/dbinderservicestub001_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..792a3c1fac215d280784e0962bc15e28d5123cda --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/dbinderservicestub001_fuzzer.cpp @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dbinderservicestub_fuzzer.h" + +#include +#include +#include +#include "dbinder_service.h" +#include "dbinder_service_stub.h" +#include "ipc_skeleton.h" +#include "string_ex.h" + +namespace OHOS { +static constexpr uint32_t DBINDER_HANDLE_BASE = 100000 * 6872; +static constexpr uint32_t MAX_STRING_LEN = 100; + +void OnRemoteRequestTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + MessageParcel data; + MessageParcel reply; + MessageOption option; + int32_t code = provider.ConsumeIntegralInRange(FIRST_CALL_TRANSACTION, LAST_CALL_TRANSACTION); + dBinderServiceStub.OnRemoteRequest(code, data, reply, option); +} + +void ProcessProtoOneTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + binder_uintptr_t key = provider.ConsumeIntegral(); + sptr dBinderService = DBinderService::GetInstance(); + if (dBinderService == nullptr) { + return; + } + std::shared_ptr sessionInfo = std::make_shared(); + if (sessionInfo == nullptr) { + return; + } + dBinderService->AttachSessionObject(sessionInfo, key); + uint32_t code = provider.ConsumeIntegralInRange(FIRST_CALL_TRANSACTION, LAST_CALL_TRANSACTION); + MessageParcel data; + MessageParcel reply; + MessageOption option; + dBinderServiceStub.ProcessProto(code, data, reply, option); +} + +void ProcessProtoTwoTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + binder_uintptr_t key = reinterpret_cast(&dBinderServiceStub); + sptr dBinderService = DBinderService::GetInstance(); + if (dBinderService == nullptr) { + return; + } + std::shared_ptr sessionInfo = std::make_shared(); + if (sessionInfo == nullptr) { + return; + } + sessionInfo->type = provider.ConsumeIntegral(); + dBinderService->AttachSessionObject(sessionInfo, key); + uint32_t code = provider.ConsumeIntegralInRange(FIRST_CALL_TRANSACTION, LAST_CALL_TRANSACTION); + + MessageParcel data; + MessageParcel reply; + MessageOption option; + dBinderServiceStub.ProcessProto(code, data, reply, option); +} + +void ProcessDeathRecipientTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + MessageParcel data; + MessageParcel reply; + MessageOption option; + int32_t processType = provider.ConsumeIntegral(); + data.WriteInt32(processType); + dBinderServiceStub.ProcessDeathRecipient(data); +} + +void AddDbinderDeathRecipientOneTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + + MessageParcel data; + dBinderServiceStub.AddDbinderDeathRecipient(data); + + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + uint32_t handle = provider.ConsumeIntegralInRange(0, DBINDER_HANDLE_BASE); + sptr callbackProxy = new (std::nothrow) IPCObjectProxy(handle, Str8ToStr16(descriptor)); + if (callbackProxy == nullptr) { + return; + } + callbackProxy->SetObjectDied(true); + MessageParcel dataOne; + dataOne.WriteRemoteObject(callbackProxy); + dBinderServiceStub.AddDbinderDeathRecipient(dataOne); +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestTest(provider); + OHOS::ProcessProtoOneTest(provider); + OHOS::ProcessProtoTwoTest(provider); + OHOS::ProcessDeathRecipientTest(provider); + OHOS::AddDbinderDeathRecipientOneTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub001_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..0c2e5c77ba239d72ce086de1897b823638369800 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/BUILD.gn @@ -0,0 +1,39 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +SUBSYSTEM_DIR = "//foundation/communication/ipc" + +##############################fuzztest########################################## +ohos_fuzztest("DBinderServiceStub002FuzzTest") { + module_out_path = "ipc/ipc" + include_dirs = [ + "$SUBSYSTEM_DIR/interfaces/innerkits/ipc_core/include", + "../include", + ] + fuzz_config_file = "../dbinderservicestub002_fuzzer" + defines = [ + "private = public", + "protected = public", + ] + sources = [ "dbinderservicestub002_fuzzer.cpp" ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:libdbinder", + "ipc:ipc_core", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/dbinderservicestub_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/dbinderservicestub002_fuzzer.cpp similarity index 41% rename from test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/dbinderservicestub_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/dbinderservicestub002_fuzzer.cpp index f746f59c4ddc2c2993ba4c4de9626b32b2d70637..1c67eac3a27fdddccf72b6ebf8ee227bb25ff6b5 100644 --- a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/dbinderservicestub_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/dbinderservicestub002_fuzzer.cpp @@ -26,112 +26,16 @@ namespace OHOS { static constexpr uint32_t DBINDER_HANDLE_BASE = 100000 * 6872; static constexpr uint32_t INVALID_HANDLE_VALUE = 0xFFFFFFFF; - -void OnRemoteRequestTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - MessageParcel data; - MessageParcel reply; - MessageOption option; - int32_t code = provider.ConsumeIntegralInRange(FIRST_CALL_TRANSACTION, LAST_CALL_TRANSACTION); - dBinderServiceStub.OnRemoteRequest(code, data, reply, option); -} - -void ProcessProtoOneTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - binder_uintptr_t key = provider.ConsumeIntegral(); - sptr dBinderService = DBinderService::GetInstance(); - if (dBinderService == nullptr) { - return; - } - std::shared_ptr sessionInfo = std::make_shared(); - if (sessionInfo == nullptr) { - return; - } - dBinderService->AttachSessionObject(sessionInfo, key); - uint32_t code = provider.ConsumeIntegralInRange(FIRST_CALL_TRANSACTION, LAST_CALL_TRANSACTION); - MessageParcel data; - MessageParcel reply; - MessageOption option; - dBinderServiceStub.ProcessProto(code, data, reply, option); -} - -void ProcessProtoTwoTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - binder_uintptr_t key = reinterpret_cast(&dBinderServiceStub); - sptr dBinderService = DBinderService::GetInstance(); - if (dBinderService == nullptr) { - return; - } - std::shared_ptr sessionInfo = std::make_shared(); - if (sessionInfo == nullptr) { - return; - } - sessionInfo->type = provider.ConsumeIntegral(); - dBinderService->AttachSessionObject(sessionInfo, key); - uint32_t code = provider.ConsumeIntegralInRange(FIRST_CALL_TRANSACTION, LAST_CALL_TRANSACTION); - - MessageParcel data; - MessageParcel reply; - MessageOption option; - dBinderServiceStub.ProcessProto(code, data, reply, option); -} - -void ProcessDeathRecipientTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - MessageParcel data; - MessageParcel reply; - MessageOption option; - int32_t processType = provider.ConsumeIntegral(); - data.WriteInt32(processType); - dBinderServiceStub.ProcessDeathRecipient(data); -} - -void AddDbinderDeathRecipientOneTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - - MessageParcel data; - dBinderServiceStub.AddDbinderDeathRecipient(data); - - std::string descriptor = provider.ConsumeRandomLengthString(); - uint32_t handle = provider.ConsumeIntegralInRange(0, DBINDER_HANDLE_BASE); - sptr callbackProxy = new (std::nothrow) IPCObjectProxy(handle, Str8ToStr16(descriptor)); - if (callbackProxy == nullptr) { - return; - } - callbackProxy->SetObjectDied(true); - MessageParcel dataOne; - dataOne.WriteRemoteObject(callbackProxy); - dBinderServiceStub.AddDbinderDeathRecipient(dataOne); -} +static constexpr uint32_t MAX_STRING_LEN = 100; void AddDbinderDeathRecipientTwoTest(FuzzedDataProvider &provider) { - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); binder_uintptr_t object = provider.ConsumeIntegral(); DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - std::string descriptor = provider.ConsumeRandomLengthString(); + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); uint32_t handle = provider.ConsumeIntegralInRange(DBINDER_HANDLE_BASE, INVALID_HANDLE_VALUE); sptr callbackProxy = new (std::nothrow) IPCObjectProxy(handle, Str8ToStr16(descriptor)); if (callbackProxy == nullptr) { @@ -152,15 +56,15 @@ void AddDbinderDeathRecipientTwoTest(FuzzedDataProvider &provider) void RemoveDbinderDeathRecipientOneTest(FuzzedDataProvider &provider) { - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); binder_uintptr_t object = provider.ConsumeIntegral(); DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); MessageParcel data; dBinderServiceStub.RemoveDbinderDeathRecipient(data); - std::string descriptor = provider.ConsumeRandomLengthString(); + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); uint32_t handle = provider.ConsumeIntegralInRange(DBINDER_HANDLE_BASE, INVALID_HANDLE_VALUE); sptr callbackProxy = new (std::nothrow) IPCObjectProxy(handle, Str8ToStr16(descriptor)); if (callbackProxy == nullptr) { @@ -176,12 +80,12 @@ void RemoveDbinderDeathRecipientOneTest(FuzzedDataProvider &provider) void RemoveDbinderDeathRecipientTwoTest(FuzzedDataProvider &provider) { - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); binder_uintptr_t object = provider.ConsumeIntegral(); DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - std::string descriptor = provider.ConsumeRandomLengthString(); + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); uint32_t handle = provider.ConsumeIntegralInRange(DBINDER_HANDLE_BASE, INVALID_HANDLE_VALUE); sptr callbackProxy = new (std::nothrow) IPCObjectProxy(handle, Str8ToStr16(descriptor)); if (callbackProxy == nullptr) { @@ -201,8 +105,8 @@ void RemoveDbinderDeathRecipientTwoTest(FuzzedDataProvider &provider) void MarshallingOneTest(FuzzedDataProvider &provider) { - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); binder_uintptr_t object = provider.ConsumeIntegral(); sptr stubObject = new (std::nothrow) DBinderServiceStub(Str8ToStr16(service), device, object); if (stubObject == nullptr) { @@ -214,8 +118,8 @@ void MarshallingOneTest(FuzzedDataProvider &provider) void GetAndSaveDBinderDataTest(FuzzedDataProvider &provider) { - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); binder_uintptr_t object = provider.ConsumeIntegral(); DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); @@ -238,104 +142,6 @@ void GetAndSaveDBinderDataTest(FuzzedDataProvider &provider) sessionInfo->type = provider.ConsumeIntegral(); dBinderServiceStub.GetAndSaveDBinderData(pid, uid); } - -void SaveDBinderDataTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - - std::string localBusName = provider.ConsumeRandomLengthString(); - dBinderServiceStub.SaveDBinderData(localBusName); - - binder_uintptr_t key = reinterpret_cast(&dBinderServiceStub); - sptr dBinderService = DBinderService::GetInstance(); - if (dBinderService == nullptr) { - return; - } - std::shared_ptr sessionInfo = std::make_shared(); - if (sessionInfo == nullptr) { - return; - } - dBinderService->AttachSessionObject(sessionInfo, key); - dBinderServiceStub.SaveDBinderData(localBusName); -} - -void GetServiceNameTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - - dBinderServiceStub.GetServiceName(); -} - -void GetDeviceIDTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - - dBinderServiceStub.GetDeviceID(); -} - -void GetBinderObjectTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - - dBinderServiceStub.GetBinderObject(); -} - -void GetPeerPidTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - - dBinderServiceStub.GetPeerPid(); -} - -void GetPeerUidTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - - dBinderServiceStub.GetPeerUid(); -} - -void SetOrGetSeqNumberTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - uint32_t seqNum = provider.ConsumeIntegral(); - dBinderServiceStub.SetSeqNumber(seqNum); - dBinderServiceStub.GetSeqNumber(); -} - -void SetOrGetNegoStatusAndTimeTest(FuzzedDataProvider &provider) -{ - const std::string service = provider.ConsumeRandomLengthString(); - const std::string device = provider.ConsumeRandomLengthString(); - binder_uintptr_t object = provider.ConsumeIntegral(); - DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); - NegotiationStatus status = static_cast(provider.ConsumeIntegral()); - uint64_t time = provider.ConsumeIntegral(); - - dBinderServiceStub.SetNegoStatusAndTime(status, time); - dBinderServiceStub.GetNegoStatusAndTime(status, time); -} - } /* Fuzzer entry point */ @@ -343,23 +149,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ FuzzedDataProvider provider(data, size); - OHOS::OnRemoteRequestTest(provider); - OHOS::ProcessProtoOneTest(provider); - OHOS::ProcessProtoTwoTest(provider); - OHOS::ProcessDeathRecipientTest(provider); - OHOS::AddDbinderDeathRecipientOneTest(provider); OHOS::AddDbinderDeathRecipientTwoTest(provider); OHOS::RemoveDbinderDeathRecipientOneTest(provider); OHOS::RemoveDbinderDeathRecipientTwoTest(provider); OHOS::MarshallingOneTest(provider); OHOS::GetAndSaveDBinderDataTest(provider); - OHOS::SaveDBinderDataTest(provider); - OHOS::GetServiceNameTest(provider); - OHOS::GetDeviceIDTest(provider); - OHOS::GetBinderObjectTest(provider); - OHOS::GetPeerPidTest(provider); - OHOS::GetPeerUidTest(provider); - OHOS::SetOrGetSeqNumberTest(provider); - OHOS::SetOrGetNegoStatusAndTimeTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/project.xml similarity index 97% rename from test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/project.xml index 66e1dcac475475fb101b6f8670ec699e6e9696aa..226522bd2ad3eaf2db4f710f1924d82d2912c235 100644 --- a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/project.xml +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub002_fuzzer/project.xml @@ -16,7 +16,7 @@ - 1000 + 10000 300 diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..83b35d5d9775f22d725f6c04dc6ae9dd0f703030 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/BUILD.gn @@ -0,0 +1,39 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +SUBSYSTEM_DIR = "//foundation/communication/ipc" + +##############################fuzztest########################################## +ohos_fuzztest("DBinderServiceStub003FuzzTest") { + module_out_path = "ipc/ipc" + include_dirs = [ + "$SUBSYSTEM_DIR/interfaces/innerkits/ipc_core/include", + "../include", + ] + fuzz_config_file = "../dbinderservicestub003_fuzzer" + defines = [ + "private = public", + "protected = public", + ] + sources = [ "dbinderservicestub003_fuzzer.cpp" ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:libdbinder", + "ipc:ipc_core", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/dbinderservicestub003_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/dbinderservicestub003_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..442eb0ef72db0e12f00d43cee0d7c5eb89a0b569 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/dbinderservicestub003_fuzzer.cpp @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dbinderservicestub_fuzzer.h" + +#include +#include +#include +#include "dbinder_service.h" +#include "dbinder_service_stub.h" +#include "ipc_skeleton.h" +#include "string_ex.h" + +namespace OHOS { +static constexpr uint32_t MAX_STRING_LEN = 100; + +void SaveDBinderDataTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + + std::string localBusName = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + dBinderServiceStub.SaveDBinderData(localBusName); + + binder_uintptr_t key = reinterpret_cast(&dBinderServiceStub); + sptr dBinderService = DBinderService::GetInstance(); + if (dBinderService == nullptr) { + return; + } + std::shared_ptr sessionInfo = std::make_shared(); + if (sessionInfo == nullptr) { + return; + } + dBinderService->AttachSessionObject(sessionInfo, key); + dBinderServiceStub.SaveDBinderData(localBusName); +} + +void GetServiceNameTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + + dBinderServiceStub.GetServiceName(); +} + +void GetDeviceIDTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + + dBinderServiceStub.GetDeviceID(); +} + +void GetBinderObjectTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + + dBinderServiceStub.GetBinderObject(); +} + +void GetPeerPidTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + + dBinderServiceStub.GetPeerPid(); +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::SaveDBinderDataTest(provider); + OHOS::GetServiceNameTest(provider); + OHOS::GetDeviceIDTest(provider); + OHOS::GetBinderObjectTest(provider); + OHOS::GetPeerPidTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub003_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..4475709cda89bbf0f655bce276ac4893c92123ad --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/BUILD.gn @@ -0,0 +1,39 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +SUBSYSTEM_DIR = "//foundation/communication/ipc" + +##############################fuzztest########################################## +ohos_fuzztest("DBinderServiceStub004FuzzTest") { + module_out_path = "ipc/ipc" + include_dirs = [ + "$SUBSYSTEM_DIR/interfaces/innerkits/ipc_core/include", + "../include", + ] + fuzz_config_file = "../dbinderservicestub004_fuzzer" + defines = [ + "private = public", + "protected = public", + ] + sources = [ "dbinderservicestub004_fuzzer.cpp" ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:libdbinder", + "ipc:ipc_core", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/dbinderservicestub004_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/dbinderservicestub004_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..03bff9e0dcbb6fee1f0bc700aee9012ca5363181 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/dbinderservicestub004_fuzzer.cpp @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dbinderservicestub_fuzzer.h" + +#include +#include +#include +#include "dbinder_service.h" +#include "dbinder_service_stub.h" +#include "ipc_skeleton.h" +#include "string_ex.h" + +namespace OHOS { +static constexpr uint32_t MAX_STRING_LEN = 100; + +void GetPeerUidTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + + dBinderServiceStub.GetPeerUid(); +} + +void SetOrGetSeqNumberTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + uint32_t seqNum = provider.ConsumeIntegral(); + dBinderServiceStub.SetSeqNumber(seqNum); + dBinderServiceStub.GetSeqNumber(); +} + +void SetOrGetNegoStatusAndTimeTest(FuzzedDataProvider &provider) +{ + const std::string service = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + const std::string device = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + binder_uintptr_t object = provider.ConsumeIntegral(); + DBinderServiceStub dBinderServiceStub(Str8ToStr16(service), device, object); + NegotiationStatus status = static_cast(provider.ConsumeIntegral()); + uint64_t time = provider.ConsumeIntegral(); + + dBinderServiceStub.SetNegoStatusAndTime(status, time); + dBinderServiceStub.GetNegoStatusAndTime(status, time); +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::GetPeerUidTest(provider); + OHOS::SetOrGetSeqNumberTest(provider); + OHOS::SetOrGetNegoStatusAndTimeTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbinderservicestub/dbinderservicestub004_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/dbinderservicestub_fuzzer.h b/test/fuzztest/ipc/native/src/core/dbinderservicestub/include/dbinderservicestub_fuzzer.h similarity index 100% rename from test/fuzztest/ipc/native/src/core/dbinderservicestub_fuzzer/dbinderservicestub_fuzzer.h rename to test/fuzztest/ipc/native/src/core/dbinderservicestub/include/dbinderservicestub_fuzzer.h diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..e07805ed66d62fa00d2b20f059df04c47fd51a30 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn @@ -0,0 +1,22 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +group("ipcobjectstubnewfuzz") { + testonly = true + deps = [ + "ipcobjectstubnew001_fuzzer:IPCObjectStubNew001FuzzTest", + "ipcobjectstubnew002_fuzzer:IPCObjectStubNew002FuzzTest", + "ipcobjectstubnew003_fuzzer:IPCObjectStubNew003FuzzTest", + "ipcobjectstubnew004_fuzzer:IPCObjectStubNew004FuzzTest", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/ipcobjectstubnew_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/ipcobjectstubnew_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn similarity index 79% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn index 119da252996d32603a299efa77a516750cebabde..4cba9d7e20706e12110c4219be8bfe84b45ef934 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn @@ -16,13 +16,13 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNewFuzzTest") { +ohos_fuzztest("IPCObjectStubNew001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew_fuzzer" + fuzz_config_file = "../ipcobjectstubnew001_fuzzer" + include_dirs = [ "../include" ] + sources = [ "ipcobjectstubnew001_fuzzer.cpp" ] - sources = [ "ipcobjectstubnew_fuzzer.cpp" ] - - deps = [ "../../../../../../../test:ipc_single_test_static" ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] defines = [ "private = public", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..e2618e3bbf84c629e22dac2c98a38aa34879b6d8 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstubnew_fuzzer.h" +#include "ipc_object_stub.h" +#include "ipc_skeleton.h" +#include "message_parcel.h" +#include + +namespace OHOS { +static constexpr uint32_t MAX_STRING_LEN = 100; + +sptr CreateIPCObjectStub(FuzzedDataProvider &provider) +{ + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + std::u16string descriptor16(descriptor.begin(), descriptor.end()); + bool serialInvokeFlag = provider.ConsumeBool(); + return sptr::MakeSptr(descriptor16, serialInvokeFlag); +} + +void DBinderPingTransactionFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->DBinderPingTransaction(code, data, reply, option); +} + +void DBinderSearchDescriptorFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->DBinderSearchDescriptor(code, data, reply, option); +} + +void DBinderSearchRefCountFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->DBinderSearchRefCount(code, data, reply, option); +} + +void DBinderDumpTransactionFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->DBinderDumpTransaction(code, data, reply, option); +} + +void DBinderInvokeListenThreadFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->DBinderInvokeListenThread(code, data, reply, option); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::DBinderPingTransactionFuzzTest(provider); + OHOS::DBinderSearchDescriptorFuzzTest(provider); + OHOS::DBinderSearchRefCountFuzzTest(provider); + OHOS::DBinderDumpTransactionFuzzTest(provider); + OHOS::DBinderInvokeListenThreadFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..05df95bfad537665ab55b1e4d5bf964a41d71494 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStubNew002FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstubnew002_fuzzer" + include_dirs = [ "../include" ] + sources = [ "ipcobjectstubnew002_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/ipcobjectstubnew_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp similarity index 37% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/ipcobjectstubnew_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp index c5c6e256763efb29c99c99052695473929581da5..833e9fdd586594d92743b9a5b2e1a6decec758c1 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew_fuzzer/ipcobjectstubnew_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp @@ -20,79 +20,16 @@ #include namespace OHOS { +static constexpr uint32_t MAX_STRING_LEN = 100; + sptr CreateIPCObjectStub(FuzzedDataProvider &provider) { - std::string descriptor = provider.ConsumeRandomLengthString(); + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); std::u16string descriptor16(descriptor.begin(), descriptor.end()); bool serialInvokeFlag = provider.ConsumeBool(); return sptr::MakeSptr(descriptor16, serialInvokeFlag); } -void DBinderPingTransactionFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->DBinderPingTransaction(code, data, reply, option); -} - -void DBinderSearchDescriptorFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->DBinderSearchDescriptor(code, data, reply, option); -} - -void DBinderSearchRefCountFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->DBinderSearchRefCount(code, data, reply, option); -} - -void DBinderDumpTransactionFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->DBinderDumpTransaction(code, data, reply, option); -} - -void DBinderInvokeListenThreadFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->DBinderInvokeListenThread(code, data, reply, option); -} - void DBinderIncRefsTransactionFuzzTest(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); @@ -157,112 +94,6 @@ void DBinderGetGrantedSessionNameFuzzTest(FuzzedDataProvider &provider) uint32_t code = provider.ConsumeIntegral(); ipcObjectStub->DBinderGetGrantedSessionName(code, data, reply, option); } - -void DBinderGetPidUidFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->DBinderGetPidUid(code, data, reply, option); -} - -void DBinderRemoveSessionNameFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->DBinderRemoveSessionName(code, data, reply, option); -} - -void SendRequestInnerFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->SendRequestInner(code, data, reply, option); -} - -void SendRequestFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->SendRequest(code, data, reply, option); -} - -void GetGrantedSessionNameFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t code = provider.ConsumeIntegral(); - ipcObjectStub->GetGrantedSessionName(code, data, reply, option); -} - -void GetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - uint32_t code = provider.ConsumeIntegral(); - MessageParcel data; - MessageParcel reply; - MessageOption option; - uint32_t pid = IPCSkeleton::GetCallingPid(); - uint32_t uid = IPCSkeleton::GetCallingUid(); - data.WriteUint32(pid); - data.WriteUint32(uid); - ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); -} - -void CreateSessionNameFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - int32_t pid = provider.ConsumeIntegral(); - int32_t uid = provider.ConsumeIntegral(); - ipcObjectStub->CreateSessionName(uid, pid); -} - -void RemoveSessionNameFuzzTest(FuzzedDataProvider &provider) -{ - sptr ipcObjectStub = CreateIPCObjectStub(provider); - if (ipcObjectStub == nullptr) { - return; - } - MessageParcel data; - size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); - std::vector bytes = provider.ConsumeBytes(bytesSize); - data.WriteBuffer(bytes.data(), bytes.size()); - ipcObjectStub->RemoveSessionName(data); -} } // namespace OHOS /* Fuzzer entry point */ @@ -270,23 +101,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ FuzzedDataProvider provider(data, size); - OHOS::DBinderPingTransactionFuzzTest(provider); - OHOS::DBinderSearchDescriptorFuzzTest(provider); - OHOS::DBinderSearchRefCountFuzzTest(provider); - OHOS::DBinderDumpTransactionFuzzTest(provider); - OHOS::DBinderInvokeListenThreadFuzzTest(provider); OHOS::DBinderIncRefsTransactionFuzzTest(provider); OHOS::DBinderDecRefsTransactionFuzzTest(provider); OHOS::DBinderAddCommAuthFuzzTest(provider); OHOS::DBinderGetSessionNameFuzzTest(provider); OHOS::DBinderGetGrantedSessionNameFuzzTest(provider); - OHOS::DBinderGetPidUidFuzzTest(provider); - OHOS::DBinderRemoveSessionNameFuzzTest(provider); - OHOS::SendRequestInnerFuzzTest(provider); - OHOS::SendRequestFuzzTest(provider); - OHOS::GetGrantedSessionNameFuzzTest(provider); - OHOS::GetSessionNameForPidUidFuzzTest(provider); - OHOS::CreateSessionNameFuzzTest(provider); - OHOS::RemoveSessionNameFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..47bb7eeed40f6d64ecbdefc7eca479253cd44413 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStubNew003FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstubnew003_fuzzer" + include_dirs = [ "../include" ] + sources = [ "ipcobjectstubnew003_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..84ede2a0394d1d19120400699693aea8507b1d88 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstubnew_fuzzer.h" +#include "ipc_object_stub.h" +#include "ipc_skeleton.h" +#include "message_parcel.h" +#include + +namespace OHOS { +static constexpr uint32_t MAX_STRING_LEN = 100; + +sptr CreateIPCObjectStub(FuzzedDataProvider &provider) +{ + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + std::u16string descriptor16(descriptor.begin(), descriptor.end()); + bool serialInvokeFlag = provider.ConsumeBool(); + return sptr::MakeSptr(descriptor16, serialInvokeFlag); +} + +void DBinderGetPidUidFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->DBinderGetPidUid(code, data, reply, option); +} + +void DBinderRemoveSessionNameFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->DBinderRemoveSessionName(code, data, reply, option); +} + +void SendRequestInnerFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->SendRequestInner(code, data, reply, option); +} + +void SendRequestFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->SendRequest(code, data, reply, option); +} + +void GetGrantedSessionNameFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); + ipcObjectStub->GetGrantedSessionName(code, data, reply, option); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::DBinderGetPidUidFuzzTest(provider); + OHOS::DBinderRemoveSessionNameFuzzTest(provider); + OHOS::SendRequestInnerFuzzTest(provider); + OHOS::SendRequestFuzzTest(provider); + OHOS::GetGrantedSessionNameFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..2be07bc0699fb1c1df494833e743ec0f62caf284 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStubNew004FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstubnew004_fuzzer" + include_dirs = [ "../include" ] + sources = [ "ipcobjectstubnew004_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..a2dbc740536f3e3c8e903a3316f9791eb8952df4 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstubnew_fuzzer.h" +#include "ipc_object_stub.h" +#include "ipc_skeleton.h" +#include "message_parcel.h" +#include + +namespace OHOS { +static constexpr uint32_t MAX_STRING_LEN = 100; + +sptr CreateIPCObjectStub(FuzzedDataProvider &provider) +{ + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); + std::u16string descriptor16(descriptor.begin(), descriptor.end()); + bool serialInvokeFlag = provider.ConsumeBool(); + return sptr::MakeSptr(descriptor16, serialInvokeFlag); +} + +void GetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + uint32_t code = provider.ConsumeIntegral(); + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t pid = IPCSkeleton::GetCallingPid(); + uint32_t uid = IPCSkeleton::GetCallingUid(); + data.WriteUint32(pid); + data.WriteUint32(uid); + ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); +} + +void CreateSessionNameFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + int32_t pid = provider.ConsumeIntegral(); + int32_t uid = provider.ConsumeIntegral(); + ipcObjectStub->CreateSessionName(uid, pid); +} + +void RemoveSessionNameFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); + std::vector bytes = provider.ConsumeBytes(bytesSize); + data.WriteBuffer(bytes.data(), bytes.size()); + ipcObjectStub->RemoveSessionName(data); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::GetSessionNameForPidUidFuzzTest(provider); + OHOS::CreateSessionNameFuzzTest(provider); + OHOS::RemoveSessionNameFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + +