From 6d0bc5c74305f397373c01a081715a0f19c5f473 Mon Sep 17 00:00:00 2001 From: wuyunxun Date: Wed, 27 Aug 2025 15:49:02 +0800 Subject: [PATCH] =?UTF-8?q?fuzz=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuyunxun Change-Id: Ib00ecada80d0219e786823590f3877c1312f71d6 --- test/fuzztest/BUILD.gn | 9 +- .../src/socket/dbinderremotelistener/BUILD.gn | 21 ++ .../dbinderremotelistener001_fuzzer}/BUILD.gn | 7 +- .../corpus/init | 0 .../dbinderremotelistener001_fuzzer.cpp} | 50 +---- .../project.xml | 0 .../dbinderremotelistener002_fuzzer/BUILD.gn | 34 ++++ .../corpus/init | 0 .../dbinderremotelistener002_fuzzer.cpp | 92 +++++++++ .../project.xml | 0 .../include}/dbinderremotelistener_fuzzer.h | 5 + .../innerkits/ipc_core/messageparcel/BUILD.gn | 24 +++ .../include/messageparcel_fuzzer.h | 43 ++++ .../messageparcel001_fuzzer/BUILD.gn | 47 +++++ .../messageparcel001_fuzzer}/corpus/init | 0 .../messageparcel001_fuzzer.cpp | 68 +++++++ .../messageparcel001_fuzzer}/project.xml | 0 .../messageparcel002_fuzzer/BUILD.gn | 47 +++++ .../messageparcel002_fuzzer}/corpus/init | 0 .../messageparcel002_fuzzer.cpp | 101 ++++++++++ .../messageparcel002_fuzzer}/project.xml | 0 .../messageparcel003_fuzzer/BUILD.gn | 47 +++++ .../messageparcel003_fuzzer}/corpus/init | 0 .../messageparcel003_fuzzer.cpp | 74 +++++++ .../messageparcel003_fuzzer}/project.xml | 2 +- .../messageparcel004_fuzzer/BUILD.gn | 47 +++++ .../messageparcel004_fuzzer/corpus/init} | 7 +- .../messageparcel004_fuzzer.cpp} | 176 ++-------------- .../messageparcel004_fuzzer/project.xml | 25 +++ .../messageparcel005_fuzzer/BUILD.gn | 47 +++++ .../messageparcel005_fuzzer/corpus/init} | 7 +- .../messageparcel005_fuzzer.cpp | 60 ++++++ .../messageparcel005_fuzzer/project.xml | 25 +++ .../src/core/dbindercallbackstub/BUILD.gn | 23 +++ .../dbindercallbackstub001_fuzzer}/BUILD.gn | 11 +- .../corpus/init} | 10 +- .../dbindercallbackstub001_fuzzer.cpp | 56 ++++++ .../dbindercallbackstub001_fuzzer/project.xml | 25 +++ .../dbindercallbackstub002_fuzzer}/BUILD.gn | 23 +-- .../dbindercallbackstub002_fuzzer/corpus/init | 16 ++ .../dbindercallbackstub002_fuzzer.cpp | 103 ++++++++++ .../dbindercallbackstub002_fuzzer/project.xml | 25 +++ .../dbindercallbackstub003_fuzzer/BUILD.gn | 43 ++++ .../dbindercallbackstub003_fuzzer/corpus/init | 16 ++ .../dbindercallbackstub003_fuzzer.cpp | 64 ++++++ .../dbindercallbackstub003_fuzzer/project.xml | 25 +++ .../dbindercallbackstub004_fuzzer/BUILD.gn | 43 ++++ .../dbindercallbackstub004_fuzzer/corpus/init | 16 ++ .../dbindercallbackstub004_fuzzer.cpp} | 189 ------------------ .../dbindercallbackstub004_fuzzer/project.xml | 25 +++ .../include/dbindercallbackstub_fuzzer.h | 39 ++++ .../src/core/ipcfiledescriptor/BUILD.gn | 21 ++ .../include}/ipcfiledescriptor_fuzzer.h | 6 +- .../ipcfiledescriptor001_fuzzer}/BUILD.gn | 11 +- .../ipcfiledescriptor001_fuzzer/corpus/init | 16 ++ .../ipcfiledescriptor001_fuzzer.cpp} | 2 - .../ipcfiledescriptor001_fuzzer/project.xml | 25 +++ .../ipcfiledescriptor002_fuzzer}/BUILD.gn | 10 +- .../ipcfiledescriptor002_fuzzer/corpus/init | 16 ++ .../ipcfiledescriptor002_fuzzer.cpp} | 9 +- .../ipcfiledescriptor002_fuzzer/project.xml | 25 +++ .../iremotebroker_fuzzer.cpp | 12 +- 62 files changed, 1518 insertions(+), 452 deletions(-) create mode 100644 test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/BUILD.gn rename test/fuzztest/dbinder/dbinder_service/src/socket/{dbinderremotelistener_fuzzer => dbinderremotelistener/dbinderremotelistener001_fuzzer}/BUILD.gn (83%) rename test/fuzztest/dbinder/dbinder_service/src/socket/{dbinderremotelistener_fuzzer => dbinderremotelistener/dbinderremotelistener001_fuzzer}/corpus/init (100%) rename test/fuzztest/dbinder/dbinder_service/src/socket/{dbinderremotelistener_fuzzer/dbinderremotelistener_fuzzer.cpp => dbinderremotelistener/dbinderremotelistener001_fuzzer/dbinderremotelistener001_fuzzer.cpp} (69%) rename test/fuzztest/{interfaces/innerkits/ipc_core/messageparcel_fuzzer => dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer}/project.xml (100%) create mode 100644 test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/BUILD.gn rename test/fuzztest/{interfaces/innerkits/ipc_core/messageparcel_fuzzer => dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/dbinderremotelistener002_fuzzer.cpp rename test/fuzztest/{ipc/native/src/core/dbindercallbackstub_fuzzer => dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer}/project.xml (100%) rename test/fuzztest/dbinder/dbinder_service/src/socket/{dbinderremotelistener_fuzzer => dbinderremotelistener/include}/dbinderremotelistener_fuzzer.h (86%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/BUILD.gn create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/include/messageparcel_fuzzer.h create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/BUILD.gn rename test/fuzztest/{ipc/native/src/core/dbindercallbackstub_fuzzer => interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/messageparcel001_fuzzer.cpp rename test/fuzztest/{ipc/native/src/core/ipcfiledescriptor_fuzzer => interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer}/project.xml (100%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/BUILD.gn rename test/fuzztest/{ipc/native/src/core/ipcfiledescriptor_fuzzer => interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/messageparcel002_fuzzer.cpp rename test/fuzztest/{ipc/native/src/core/ipcfiledescriptornew_fuzzer => interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer}/project.xml (100%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/BUILD.gn rename test/fuzztest/{ipc/native/src/core/ipcfiledescriptornew_fuzzer => interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/messageparcel003_fuzzer.cpp rename test/fuzztest/{dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer => interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer}/project.xml (97%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/BUILD.gn rename test/fuzztest/{ipc/native/src/core/dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.h => interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/corpus/init} (78%) rename test/fuzztest/interfaces/innerkits/ipc_core/{messageparcel_fuzzer/messageparcel_fuzzer.cpp => messageparcel/messageparcel004_fuzzer/messageparcel004_fuzzer.cpp} (30%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/project.xml create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/BUILD.gn rename test/fuzztest/{ipc/native/src/core/ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.h => interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/corpus/init} (77%) create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/messageparcel005_fuzzer.cpp create mode 100644 test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/BUILD.gn rename test/fuzztest/ipc/native/src/core/{dbindercallbackstub_fuzzer => dbindercallbackstub/dbindercallbackstub001_fuzzer}/BUILD.gn (79%) rename test/fuzztest/{interfaces/innerkits/ipc_core/messageparcel_fuzzer/messageparcel_fuzzer.h => ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/corpus/init} (76%) create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/dbindercallbackstub001_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/project.xml rename test/fuzztest/{interfaces/innerkits/ipc_core/messageparcel_fuzzer => ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer}/BUILD.gn (76%) create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/corpus/init create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/dbindercallbackstub002_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/corpus/init create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/dbindercallbackstub003_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/corpus/init rename test/fuzztest/ipc/native/src/core/{dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.cpp => dbindercallbackstub/dbindercallbackstub004_fuzzer/dbindercallbackstub004_fuzzer.cpp} (34%) create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/dbindercallbackstub/include/dbindercallbackstub_fuzzer.h create mode 100644 test/fuzztest/ipc/native/src/core/ipcfiledescriptor/BUILD.gn rename test/fuzztest/ipc/native/src/core/{ipcfiledescriptor_fuzzer => ipcfiledescriptor/include}/ipcfiledescriptor_fuzzer.h (84%) rename test/fuzztest/ipc/native/src/core/{ipcfiledescriptor_fuzzer => ipcfiledescriptor/ipcfiledescriptor001_fuzzer}/BUILD.gn (79%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/corpus/init rename test/fuzztest/ipc/native/src/core/{ipcfiledescriptor_fuzzer/ipcfiledescriptor_fuzzer.cpp => ipcfiledescriptor/ipcfiledescriptor001_fuzzer/ipcfiledescriptor001_fuzzer.cpp} (95%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/project.xml rename test/fuzztest/ipc/native/src/core/{ipcfiledescriptornew_fuzzer => ipcfiledescriptor/ipcfiledescriptor002_fuzzer}/BUILD.gn (77%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/corpus/init rename test/fuzztest/ipc/native/src/core/{ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.cpp => ipcfiledescriptor/ipcfiledescriptor002_fuzzer/ipcfiledescriptor002_fuzzer.cpp} (92%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/project.xml diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 8468e7fb..d2b04157 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -14,7 +14,7 @@ group("fuzztest") { testonly = true deps = [ - "interfaces/innerkits/ipc_core/messageparcel_fuzzer:MessageParcelFuzzTest", + "interfaces/innerkits/ipc_core/messageparcel:messageparcelfuzz", "ipc/native/src/core/adddeathrecipient_fuzzer:AddDeathRecipientFuzzTest", "ipc/native/src/core/bind_fuzzer:BindFuzzTest", "ipc/native/src/core/binderinvoker:binderinvokerfuzz", @@ -22,7 +22,7 @@ group("fuzztest") { "ipc/native/src/core/bufferobject_fuzzer:BufferObjectFuzzTest", "ipc/native/src/core/databussocketlistener_fuzzer:DataBusSocketListenerFuzzTest", "ipc/native/src/mock/databussocketlistenermock_fuzzer:DataBusSocketListenerMockFuzzTest", - "ipc/native/src/core/dbindercallbackstub_fuzzer:DBinderCallBackStubFuzzTest", + "ipc/native/src/core/dbindercallbackstub:dbindercallbackstubfuzz", "ipc/native/src/core/dbinderdatabusinvoker_fuzzer:DBinderDatabusInvokerFuzzTest", "ipc/native/src/core/dbindergrantpermission_fuzzer:DBinderGrantPermissionFuzzTest", "ipc/native/src/core/dbinderremovepermission_fuzzer:DBinderRemovePermissionFuzzTest", @@ -32,7 +32,7 @@ group("fuzztest") { "ipc/native/src/core/dbinderservicestub:dbinderservicestubfuzz", "ipc/native/src/core/getlocalnodedeviceid_fuzzer:GetLocalNodeDeviceIdFuzzTest", "ipc/native/src/core/invokerfactory_fuzzer:InvokerFactoryFuzzTest", - "ipc/native/src/core/ipcfiledescriptor_fuzzer:IPCFileDescriptorFuzzTest", + "ipc/native/src/core/ipcfiledescriptor:ipcfiledescriptorfuzz", "ipc/native/src/core/ipcfiledescriptormarshalling_fuzzer:IPCFileDescriptorMarshallingFuzzTest", "ipc/native/src/core/ipcfiledescriptorunmarshalling_fuzzer:IPCFileDescriptorUnmarshallingFuzzTest", "ipc/native/src/core/ipcobjectproxy_fuzzer:IPCObjectProxyFuzzTest", @@ -55,7 +55,6 @@ group("fuzztest") { "ipc/native/src/core/dbindergetpiduid_fuzzer:DBinderGetPidUidFuzzTest", "ipc/native/src/core/makebasicthreadname_fuzzer:MakeBasicThreadNameFuzzTest", "ipc/native/src/core/bufferobjectnew_fuzzer:BufferObjectNewFuzzTest", - "ipc/native/src/core/ipcfiledescriptornew_fuzzer:IPCFileDescriptorNewFuzzTest", "ipc/native/src/core/ipcthreadpoolnew_fuzzer:IPCThreadPoolNewFuzzTest", "ipc/native/src/core/binderconnector_fuzzer:BinderConnectorFuzzTest", "ipc/native/src/core/ipcobjectproxynew_fuzzer:IPCObjectProxyNewFuzzTest", @@ -78,6 +77,6 @@ group("fuzztest") { "ipc/native/src/mock/ipcthreadskeletonmock:ipcthreadskeletonmockfuzz", "ipc/native/src/mock/iremoteobjectmock:iremoteobjectmockfuzz", "dbinder/dbinder_service/src/dbinderservicenew_fuzzer:DBinderServiceNewFuzzTest", - "dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer:DBinderRemoteListenerFuzzTest", + "dbinder/dbinder_service/src/socket/dbinderremotelistener:dbinderremotelistenerfuzz", ] } diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/BUILD.gn b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/BUILD.gn new file mode 100644 index 00000000..d224dea6 --- /dev/null +++ b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/BUILD.gn @@ -0,0 +1,21 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##############################fuzztest########################################## +group("dbinderremotelistenerfuzz") { + testonly = true + deps = [ + "dbinderremotelistener001_fuzzer:DBinderRemoteListener001FuzzTest", + "dbinderremotelistener002_fuzzer:DBinderRemoteListener002FuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/BUILD.gn b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/BUILD.gn similarity index 83% rename from test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/BUILD.gn rename to test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/BUILD.gn index 5c225361..3b9dc2dd 100644 --- a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/BUILD.gn +++ b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/BUILD.gn @@ -16,14 +16,15 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("DBinderRemoteListenerFuzzTest") { +ohos_fuzztest("DBinderRemoteListener001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../dbinderremotelistener_fuzzer" + fuzz_config_file = "../dbinderremotelistener001_fuzzer" defines = [ "private = public", "protected = public", ] - sources = [ "dbinderremotelistener_fuzzer.cpp" ] + include_dirs = [ "../include" ] + sources = [ "dbinderremotelistener001_fuzzer.cpp" ] external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/corpus/init b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/corpus/init rename to test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/corpus/init diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/dbinderremotelistener_fuzzer.cpp b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/dbinderremotelistener001_fuzzer.cpp similarity index 69% rename from test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/dbinderremotelistener_fuzzer.cpp rename to test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/dbinderremotelistener001_fuzzer.cpp index 84ac977c..a2634583 100644 --- a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/dbinderremotelistener_fuzzer.cpp +++ b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/dbinderremotelistener001_fuzzer.cpp @@ -15,11 +15,6 @@ #include "dbinderremotelistener_fuzzer.h" -#include -#include -#include -#include "dbinder_remote_listener.h" - namespace OHOS { void ServerOnBindTest(FuzzedDataProvider &provider) { @@ -61,8 +56,8 @@ namespace OHOS { return ; } dBinderRemoteListener->ClientOnShutdown(socket, reason); - - dBinderRemoteListener->serverSocketInfos_[networkId] = socket; + + dBinderRemoteListener->clientSocketInfos_[networkId] = socket; dBinderRemoteListener->ClientOnShutdown(socket, reason); } @@ -74,6 +69,9 @@ namespace OHOS { return ; } dBinderRemoteListener->CreateClientSocket(peerNetworkId); + int32_t socketId = provider.ConsumeIntegral(); + dBinderRemoteListener->clientSocketInfos_[peerNetworkId] = socketId; + dBinderRemoteListener->CreateClientSocket(peerNetworkId); } void QueryOrNewDeviceLockTest(FuzzedDataProvider &provider) @@ -85,41 +83,6 @@ namespace OHOS { } dBinderRemoteListener->QueryOrNewDeviceLock(networkId); } - - void SendDataToRemoteTest(FuzzedDataProvider &provider) - { - std::string networkId = provider.ConsumeRandomLengthString(); - DHandleEntryTxRx msg; - msg.head.len = sizeof(DHandleEntryTxRx); - auto dBinderRemoteListener = std::make_shared(); - if (dBinderRemoteListener == nullptr) { - return ; - } - dBinderRemoteListener->SendDataToRemote(networkId, &msg); - } - - void SendDataReplyTest(FuzzedDataProvider &provider) - { - std::string networkId = provider.ConsumeRandomLengthString(); - auto dBinderRemoteListener = std::make_shared(); - if (dBinderRemoteListener == nullptr) { - return ; - } - dBinderRemoteListener->SendDataReply(networkId, nullptr); - DHandleEntryTxRx msg; - msg.head.len = sizeof(DHandleEntryTxRx); - dBinderRemoteListener->SendDataReply(networkId, &msg); - } - - void ShutdownSocketTest(FuzzedDataProvider &provider) - { - std::string networkId = provider.ConsumeRandomLengthString(); - auto dBinderRemoteListener = std::make_shared(); - if (dBinderRemoteListener == nullptr) { - return ; - } - dBinderRemoteListener->ShutdownSocket(networkId); - } } /* Fuzzer entry point */ @@ -132,8 +95,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) OHOS::ClientOnShutdownTest(provider); OHOS::CreateClientSocketTest(provider); OHOS::QueryOrNewDeviceLockTest(provider); - OHOS::SendDataToRemoteTest(provider); - OHOS::SendDataReplyTest(provider); - OHOS::ShutdownSocketTest(provider); return 0; } diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/project.xml b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/project.xml rename to test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener001_fuzzer/project.xml diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/BUILD.gn b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/BUILD.gn new file mode 100644 index 00000000..5382d139 --- /dev/null +++ b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/BUILD.gn @@ -0,0 +1,34 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DBinderRemoteListener002FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../dbinderremotelistener002_fuzzer" + defines = [ + "private = public", + "protected = public", + ] + include_dirs = [ "../include" ] + sources = [ "dbinderremotelistener002_fuzzer.cpp" ] + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:libdbinder", + "ipc:ipc_core", + ] +} diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/corpus/init b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/corpus/init rename to test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/corpus/init diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/dbinderremotelistener002_fuzzer.cpp b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/dbinderremotelistener002_fuzzer.cpp new file mode 100644 index 00000000..e75a3a75 --- /dev/null +++ b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/dbinderremotelistener002_fuzzer.cpp @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dbinderremotelistener_fuzzer.h" + +namespace OHOS { + void SendDataToRemoteTest(FuzzedDataProvider &provider) + { + std::string networkId = provider.ConsumeRandomLengthString(); + DHandleEntryTxRx msg; + msg.head.len = sizeof(DHandleEntryTxRx); + auto dBinderRemoteListener = std::make_shared(); + if (dBinderRemoteListener == nullptr) { + return ; + } + dBinderRemoteListener->SendDataToRemote(networkId, nullptr); + dBinderRemoteListener->SendDataToRemote(networkId, &msg); + } + + void SendDataReplyTest(FuzzedDataProvider &provider) + { + std::string networkId = provider.ConsumeRandomLengthString(); + auto dBinderRemoteListener = std::make_shared(); + if (dBinderRemoteListener == nullptr) { + return ; + } + dBinderRemoteListener->SendDataReply(networkId, nullptr); + DHandleEntryTxRx msg; + msg.head.len = sizeof(DHandleEntryTxRx); + dBinderRemoteListener->SendDataReply(networkId, &msg); + } + + void ShutdownSocketTest(FuzzedDataProvider &provider) + { + std::string networkId = provider.ConsumeRandomLengthString(); + auto dBinderRemoteListener = std::make_shared(); + if (dBinderRemoteListener == nullptr) { + return ; + } + dBinderRemoteListener->ShutdownSocket(networkId); + int32_t socket = provider.ConsumeIntegral(); + dBinderRemoteListener->clientSocketInfos_[networkId] = socket; + dBinderRemoteListener->ShutdownSocket(networkId); + } + + void OnBytesReceivedTest(FuzzedDataProvider &provider) + { + DHandleEntryTxRx msg; + msg.transType = provider.ConsumeIntegral(); + msg.dBinderCode = provider.ConsumeIntegral(); + msg.fromPort = provider.ConsumeIntegral(); + msg.toPort = provider.ConsumeIntegral(); + msg.stubIndex = provider.ConsumeIntegral(); + msg.seqNumber = provider.ConsumeIntegral(); + msg.binderObject = provider.ConsumeIntegral(); + msg.stub = provider.ConsumeIntegral(); + msg.serviceNameLength = provider.ConsumeIntegral(); + msg.pid = provider.ConsumeIntegral(); + msg.uid = provider.ConsumeIntegral(); + msg.head.len = sizeof(DHandleEntryTxRx); + auto dBinderRemoteListener = std::make_shared(); + if (dBinderRemoteListener == nullptr) { + return ; + } + int32_t socket = provider.ConsumeIntegral(); + dBinderRemoteListener->OnBytesReceived(socket, &msg, sizeof(DHandleEntryTxRx)); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::SendDataToRemoteTest(provider); + OHOS::SendDataReplyTest(provider); + OHOS::ShutdownSocketTest(provider); + OHOS::OnBytesReceivedTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/project.xml b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/project.xml rename to test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/dbinderremotelistener002_fuzzer/project.xml diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/dbinderremotelistener_fuzzer.h b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/include/dbinderremotelistener_fuzzer.h similarity index 86% rename from test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/dbinderremotelistener_fuzzer.h rename to test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/include/dbinderremotelistener_fuzzer.h index d5fa5cd7..c3aa4eb0 100644 --- a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/dbinderremotelistener_fuzzer.h +++ b/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener/include/dbinderremotelistener_fuzzer.h @@ -15,6 +15,11 @@ #ifndef DBINDERREMOTELISTENER_FUZZER_H #define DBINDERREMOTELISTENER_FUZZER_H +#include +#include +#include +#include "dbinder_remote_listener.h" + #define FUZZ_PROJECT_NAME "dbinderremotelistener_fuzzer" #endif \ No newline at end of file diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/BUILD.gn b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/BUILD.gn new file mode 100644 index 00000000..14794f47 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/BUILD.gn @@ -0,0 +1,24 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##############################fuzztest########################################## +group("messageparcelfuzz") { + testonly = true + deps = [ + "messageparcel001_fuzzer:MessageParcel001FuzzTest", + "messageparcel002_fuzzer:MessageParcel002FuzzTest", + "messageparcel003_fuzzer:MessageParcel003FuzzTest", + "messageparcel004_fuzzer:MessageParcel004FuzzTest", + "messageparcel005_fuzzer:MessageParcel005FuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/include/messageparcel_fuzzer.h b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/include/messageparcel_fuzzer.h new file mode 100644 index 00000000..9b85b8d3 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/include/messageparcel_fuzzer.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MESSAGEPARCEL_FUZZER_H +#define MESSAGEPARCEL_FUZZER_H + +#include "ipc_object_stub.h" +#include "iremote_object.h" +#include "message_parcel.cpp" +#include "message_parcel.h" +#include "sys_binder.h" +#include +#include +#include + +static constexpr size_t MAX_STR_LEN = 100; +static constexpr size_t MIN_BYTE_SIZE = 1; +static constexpr size_t MAX_BYTE_SIZE = 50; +static const std::vector type { + BINDER_TYPE_BINDER, + BINDER_TYPE_WEAK_BINDER, + BINDER_TYPE_HANDLE, + BINDER_TYPE_WEAK_HANDLE, + BINDER_TYPE_FD, + BINDER_TYPE_FDA, + BINDER_TYPE_PTR +}; + +#define FUZZ_PROJECT_NAME "messageparcel_fuzzer" + +#endif // MESSAGEPARCEL_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/BUILD.gn b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/BUILD.gn new file mode 100644 index 00000000..1330f275 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("MessageParcel001FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../messageparcel001_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ + "../include", + "../../../../../../../utils/include", + "../../../../../../../ipc/native/src/core/framework/source/", + ] + + sources = [ "messageparcel001_fuzzer.cpp" ] + + deps = [ "../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + defines = [ + "private = public", + "protected = public", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/corpus/init b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/corpus/init rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/corpus/init diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/messageparcel001_fuzzer.cpp b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/messageparcel001_fuzzer.cpp new file mode 100644 index 00000000..1f0488c3 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/messageparcel001_fuzzer.cpp @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "messageparcel_fuzzer.h" + +namespace OHOS { +void WriteRawDataFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteRawData((const void *)data, size); +} + +void WriteRemoteObjectFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + const sptr object = parcel.ReadRemoteObject(); + parcel.WriteRemoteObject(object); +} + +void WriteInterfaceTokenFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + size_t length = parcel.GetReadableBytes(); + if (length == 0) { + return; + } + const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); + if (bufData == nullptr) { + return; + } + std::string tokenStr(bufData, length); + std::u16string token(tokenStr.begin(), tokenStr.end()); + parcel.WriteInterfaceToken(token); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::WriteRawDataFuzzTest(data, size); + OHOS::WriteRemoteObjectFuzzTest(data, size); + OHOS::WriteInterfaceTokenFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/project.xml b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/project.xml rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel001_fuzzer/project.xml diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/BUILD.gn b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/BUILD.gn new file mode 100644 index 00000000..2983428f --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("MessageParcel002FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../messageparcel002_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ + "../include", + "../../../../../../../utils/include", + "../../../../../../../ipc/native/src/core/framework/source/", + ] + + sources = [ "messageparcel002_fuzzer.cpp" ] + + deps = [ "../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + defines = [ + "private = public", + "protected = public", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/corpus/init b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/corpus/init rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/corpus/init diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/messageparcel002_fuzzer.cpp b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/messageparcel002_fuzzer.cpp new file mode 100644 index 00000000..915cafbb --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/messageparcel002_fuzzer.cpp @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "messageparcel_fuzzer.h" + +namespace OHOS { +void AcquireObjectFuzzTest001(FuzzedDataProvider &provider) +{ + flat_binder_object flat; + flat.hdr.type = provider.ConsumeIntegralInRange(BINDER_TYPE_FDA, BINDER_TYPE_WEAK_HANDLE); + flat.flags = provider.ConsumeIntegral(); + flat.handle = provider.ConsumeIntegral(); + flat.cookie = 0; + AcquireObject(&flat, nullptr); +} + +void AcquireObjectFuzzTest002(FuzzedDataProvider &provider) +{ + AcquireObject(nullptr, nullptr); + flat_binder_object flat; + flat.flags = provider.ConsumeIntegral(); + flat.handle = provider.ConsumeIntegral(); + flat.cookie = 0; + for (auto item : type) { + flat.hdr.type = item; + AcquireObject(&flat, nullptr); + } +} + +void WriteDBinderProxyFuzzTest001(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + uint32_t handle = provider.ConsumeIntegral(); + sptr object = new (std::nothrow) IPCObjectProxy(handle); + if (object == nullptr) { + return; + } + uint64_t stubIndex = provider.ConsumeIntegral(); + parcel.WriteDBinderProxy(object, handle, stubIndex); +} + +void WriteDBinderProxyFuzzTest002(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + uint32_t handle = provider.ConsumeIntegral(); + std::string serviceName = provider.ConsumeRandomLengthString(MAX_STR_LEN); + std::string deviceId = provider.ConsumeRandomLengthString(MAX_STR_LEN); + uint64_t stubIndex = provider.ConsumeIntegral(); + uint32_t tokenId = provider.ConsumeIntegral(); + sptr object = new (std::nothrow) IPCObjectProxy(handle); + if (object == nullptr) { + return; + } + IPCProcessSkeleton *current = IPCProcessSkeleton::GetCurrent(); + std::shared_ptr callbackStub = + std::make_shared(serviceName, deviceId, stubIndex, nullptr, tokenId); + if (current == nullptr || callbackStub == nullptr) { + return; + } + current->ProxyAttachDBinderSession(handle, callbackStub); + parcel.WriteDBinderProxy(object, handle, stubIndex); +} + +void WriteRemoteObjectFuzzTest(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + uint32_t handle = provider.ConsumeIntegral(); + sptr proxy = new (std::nothrow) IPCObjectProxy(handle); + if (proxy == nullptr) { + return; + } + parcel.WriteRemoteObject(proxy); + sptr stub = sptr::MakeSptr(); + parcel.WriteRemoteObject(stub); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::AcquireObjectFuzzTest001(provider); + OHOS::AcquireObjectFuzzTest002(provider); + OHOS::WriteDBinderProxyFuzzTest001(provider); + OHOS::WriteDBinderProxyFuzzTest002(provider); + OHOS::WriteRemoteObjectFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/project.xml b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/project.xml rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel002_fuzzer/project.xml diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/BUILD.gn b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/BUILD.gn new file mode 100644 index 00000000..22b739f4 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("MessageParcel003FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../messageparcel003_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ + "../include", + "../../../../../../../utils/include", + "../../../../../../../ipc/native/src/core/framework/source/", + ] + + sources = [ "messageparcel003_fuzzer.cpp" ] + + deps = [ "../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + defines = [ + "private = public", + "protected = public", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/corpus/init b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/corpus/init rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/corpus/init diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/messageparcel003_fuzzer.cpp b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/messageparcel003_fuzzer.cpp new file mode 100644 index 00000000..f86a2764 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/messageparcel003_fuzzer.cpp @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "messageparcel_fuzzer.h" + +namespace OHOS { + +void WriteRawDataFuzzTest(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + size_t bytesSize = + provider.ConsumeIntegralInRange(0, MessageParcel::MAX_RAWDATA_SIZE); + std::vector bytes = provider.ConsumeBytes(bytesSize); + parcel.WriteRawData(bytes.data(), bytes.size()); +} + +void RestoreRawDataFuzzTest(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + size_t size = provider.ConsumeIntegral(); + std::shared_ptr rawData = std::make_shared(); + parcel.RestoreRawData(nullptr, size); + parcel.RestoreRawData(rawData, size); +} + +void ReadRawDataFuzzTest001(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + size_t bytesSize = + provider.ConsumeIntegralInRange(MessageParcel::MIN_RAWDATA_SIZE, MessageParcel::MAX_RAWDATA_SIZE); + std::vector bytes = provider.ConsumeBytes(bytesSize); + bytes.resize(bytesSize); + parcel.WriteRawData(bytes.data(), bytesSize); + parcel.ReadRawData(bytesSize); +} + +void ReadRawDataFuzzTest002(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + size_t bytesSize = + provider.ConsumeIntegralInRange(MessageParcel::MIN_RAWDATA_SIZE, MessageParcel::MAX_RAWDATA_SIZE); + std::vector bytes = provider.ConsumeBytes(bytesSize); + bytes.resize(bytesSize); + parcel.WriteRawData(bytes.data(), bytes.size()); + size_t size = provider.ConsumeIntegral(); + std::shared_ptr rawData = std::make_shared(); + parcel.RestoreRawData(rawData, size); + parcel.ReadRawData(bytesSize); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::WriteRawDataFuzzTest(provider); + OHOS::RestoreRawDataFuzzTest(provider); + OHOS::ReadRawDataFuzzTest001(provider); + OHOS::ReadRawDataFuzzTest002(provider); + return 0; +} diff --git a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/project.xml b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/project.xml similarity index 97% rename from test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/project.xml rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/project.xml index 66e1dcac..226522bd 100644 --- a/test/fuzztest/dbinder/dbinder_service/src/socket/dbinderremotelistener_fuzzer/project.xml +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel003_fuzzer/project.xml @@ -16,7 +16,7 @@ - 1000 + 10000 300 diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/BUILD.gn b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/BUILD.gn new file mode 100644 index 00000000..8bbc53c1 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("MessageParcel004FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../messageparcel004_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ + "../include", + "../../../../../../../utils/include", + "../../../../../../../ipc/native/src/core/framework/source/", + ] + + sources = [ "messageparcel004_fuzzer.cpp" ] + + deps = [ "../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + defines = [ + "private = public", + "protected = public", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.h b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/corpus/init similarity index 78% rename from test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.h rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/corpus/init index b3579fd8..7ade8a0f 100644 --- a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.h +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef DBINDERCALLBACKSTUB_FUZZER_H -#define DBINDERCALLBACKSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "dbindercallbackstub_fuzzer" - -#endif // DBINDERCALLBACKSTUB_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/messageparcel_fuzzer.cpp b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/messageparcel004_fuzzer.cpp similarity index 30% rename from test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/messageparcel_fuzzer.cpp rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/messageparcel004_fuzzer.cpp index 8e2d4604..9bca0298 100644 --- a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/messageparcel_fuzzer.cpp +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/messageparcel004_fuzzer.cpp @@ -14,156 +14,19 @@ */ #include "messageparcel_fuzzer.h" -#include "ipc_object_stub.h" -#include "iremote_object.h" -#include "message_parcel.cpp" -#include "message_parcel.h" -#include "sys_binder.h" -#include -#include namespace OHOS { -void WriteRawDataFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteRawData((const void *)data, size); -} - -void WriteRemoteObjectFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - const sptr object = parcel.ReadRemoteObject(); - parcel.WriteRemoteObject(object); -} - -void WriteInterfaceTokenFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - size_t length = parcel.GetReadableBytes(); - if (length == 0) { - return; - } - const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); - if (bufData == nullptr) { - return; - } - std::string tokenStr(bufData, length); - std::u16string token(tokenStr.begin(), tokenStr.end()); - parcel.WriteInterfaceToken(token); -} - -void WriteFileDescriptorFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - int fd = parcel.ReadInt32(); - parcel.WriteFileDescriptor(fd); -} - -void ReadRawDataFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - size_t len = parcel.ReadUint64(); - parcel.ReadRawData(len); -} - -void PrintBufferFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteRawData((const void *)data, size); - parcel.PrintBuffer(__FUNCTION__, __LINE__); -} - -void AcquireObjectFuzzTest(FuzzedDataProvider &provider) -{ - flat_binder_object flat; - flat.hdr.type = provider.ConsumeIntegralInRange(BINDER_TYPE_FDA, BINDER_TYPE_WEAK_HANDLE); - flat.flags = provider.ConsumeIntegral(); - flat.handle = provider.ConsumeIntegral(); - flat.cookie = 0; - AcquireObject(&flat, nullptr); -} - -void WriteDBinderProxyFuzzTest(FuzzedDataProvider &provider) -{ - MessageParcel parcel; - uint32_t handle = provider.ConsumeIntegral(); - sptr object = sptr::MakeSptr(handle); - uint64_t stubIndex = provider.ConsumeIntegral(); - parcel.WriteDBinderProxy(object, handle, stubIndex); -} - -void WriteRemoteObjectFuzzTest(FuzzedDataProvider &provider) -{ - MessageParcel parcel; - uint32_t handle = provider.ConsumeIntegral(); - sptr proxy = sptr::MakeSptr(handle); - parcel.WriteRemoteObject(proxy); - sptr stub = sptr::MakeSptr(); - parcel.WriteRemoteObject(stub); -} - void WriteInterfaceTokenFuzzTest(FuzzedDataProvider &provider) { - std::string interfaceToken = provider.ConsumeRandomLengthString(); + std::string interfaceToken = provider.ConsumeRandomLengthString(MAX_STR_LEN); std::u16string interfaceToken16(interfaceToken.begin(), interfaceToken.end()); MessageParcel parcel; parcel.WriteInterfaceToken(interfaceToken16); } -void WriteRawDataFuzzTest(FuzzedDataProvider &provider) -{ - MessageParcel parcel; - size_t bytesSize = - provider.ConsumeIntegralInRange(MessageParcel::MIN_RAWDATA_SIZE, MessageParcel::MAX_RAWDATA_SIZE); - std::vector bytes = provider.ConsumeBytes(bytesSize); - parcel.WriteRawData(bytes.data(), bytes.size()); -} - -void RestoreRawDataFuzzTest(FuzzedDataProvider &provider) -{ - MessageParcel parcel; - size_t size = provider.ConsumeIntegral(); - std::shared_ptr rawData = std::make_shared(); - parcel.RestoreRawData(nullptr, size); - parcel.RestoreRawData(rawData, size); -} - -void ReadRawDataFuzzTest(FuzzedDataProvider &provider) -{ - MessageParcel parcel; - size_t bytesSize = - provider.ConsumeIntegralInRange(MessageParcel::MIN_RAWDATA_SIZE, MessageParcel::MAX_RAWDATA_SIZE); - std::vector bytes = provider.ConsumeBytes(bytesSize); - bytesSize = bytes.size(); - parcel.WriteRawData(bytes.data(), bytesSize); - parcel.ReadRawData(bytesSize); -} - void WriteAshmemFuzzTest(FuzzedDataProvider &provider) { - std::string name = provider.ConsumeRandomLengthString(); + std::string name = provider.ConsumeRandomLengthString(MAX_STR_LEN); int memorySize = provider.ConsumeIntegral(); sptr ashmem = Ashmem::CreateAshmem(name.c_str(), memorySize); if (ashmem == nullptr) { @@ -177,33 +40,38 @@ void AppendFuzzTest(FuzzedDataProvider &provider) { MessageParcel parcel; MessageParcel dataParcel; - size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); + size_t bytesSize = provider.ConsumeIntegralInRange(MIN_BYTE_SIZE, MAX_BYTE_SIZE); std::vector bytes = provider.ConsumeBytes(bytesSize); - dataParcel.WriteBuffer(bytes.data(), bytes.size()); + dataParcel.WriteDataBytes(bytes.data(), bytes.size()); parcel.Append(dataParcel); } + +void PrintBufferFuzzTest(FuzzedDataProvider &provider) +{ + MessageParcel parcel; + size_t bytesSize = provider.ConsumeIntegralInRange(MIN_BYTE_SIZE, MAX_BYTE_SIZE); + std::vector bytes = provider.ConsumeBytes(bytesSize); + parcel.WriteRawData(bytes.data(), bytes.size()); + parcel.PrintBuffer(__FUNCTION__, __LINE__); +} + +void ReadRawDataInnerFuzzTest(FuzzedDataProvider &provider) +{ + MessageParcel parcel(nullptr); + size_t size = provider.ConsumeIntegral(); + parcel.ReadRawDataInner(size); +} } // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ - OHOS::WriteRawDataFuzzTest(data, size); - OHOS::WriteRemoteObjectFuzzTest(data, size); - OHOS::WriteInterfaceTokenFuzzTest(data, size); - OHOS::WriteFileDescriptorFuzzTest(data, size); - OHOS::ReadRawDataFuzzTest(data, size); - OHOS::PrintBufferFuzzTest(data, size); - FuzzedDataProvider provider(data, size); - OHOS::AcquireObjectFuzzTest(provider); - OHOS::WriteDBinderProxyFuzzTest(provider); - OHOS::WriteRemoteObjectFuzzTest(provider); OHOS::WriteInterfaceTokenFuzzTest(provider); - OHOS::WriteRawDataFuzzTest(provider); - OHOS::RestoreRawDataFuzzTest(provider); - OHOS::ReadRawDataFuzzTest(provider); OHOS::WriteAshmemFuzzTest(provider); OHOS::AppendFuzzTest(provider); + OHOS::PrintBufferFuzzTest(provider); + OHOS::ReadRawDataInnerFuzzTest(provider); return 0; } diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/project.xml b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel004_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/BUILD.gn b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/BUILD.gn new file mode 100644 index 00000000..3ea07cf1 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("MessageParcel005FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../messageparcel005_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ + "../include", + "../../../../../../../utils/include", + "../../../../../../../ipc/native/src/core/framework/source/", + ] + + sources = [ "messageparcel005_fuzzer.cpp" ] + + deps = [ "../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + defines = [ + "private = public", + "protected = public", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.h b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/corpus/init similarity index 77% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.h rename to test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/corpus/init index f9aedbbd..7ade8a0f 100644 --- a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.h +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCFILEDESCRIPTORNEW_FUZZER_H -#define IPCFILEDESCRIPTORNEW_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcfiledescriptornew_fuzzer" - -#endif // IPCFILEDESCRIPTORNEW_FUZZER_H +FUZZ \ No newline at end of file diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/messageparcel005_fuzzer.cpp b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/messageparcel005_fuzzer.cpp new file mode 100644 index 00000000..b725f409 --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/messageparcel005_fuzzer.cpp @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "messageparcel_fuzzer.h" + +namespace OHOS { +void WriteFileDescriptorFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + int fd = parcel.ReadInt32(); + parcel.WriteFileDescriptor(fd); +} + +void ReadRawDataFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + size_t len = parcel.ReadUint64(); + parcel.ReadRawData(len); +} + +void PrintBufferFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteRawData((const void *)data, size); + parcel.PrintBuffer(__FUNCTION__, __LINE__); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::WriteFileDescriptorFuzzTest(data, size); + OHOS::ReadRawDataFuzzTest(data, size); + OHOS::PrintBufferFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/project.xml b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel/messageparcel005_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/BUILD.gn new file mode 100644 index 00000000..b51c0f7f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/BUILD.gn @@ -0,0 +1,23 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##############################fuzztest########################################## +group("dbindercallbackstubfuzz") { + testonly = true + deps = [ + "dbindercallbackstub001_fuzzer:DBinderCallBackStub001FuzzTest", + "dbindercallbackstub002_fuzzer:DBinderCallBackStub002FuzzTest", + "dbindercallbackstub003_fuzzer:DBinderCallBackStub003FuzzTest", + "dbindercallbackstub004_fuzzer:DBinderCallBackStub004FuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/BUILD.gn similarity index 79% rename from test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/BUILD.gn index c09a26b1..5def1ef8 100644 --- a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/BUILD.gn @@ -16,17 +16,20 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("DBinderCallBackStubFuzzTest") { +ohos_fuzztest("DBinderCallBackStub001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../dbindercallbackstub_fuzzer" + fuzz_config_file = "../dbindercallbackstub001_fuzzer" cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "dbindercallbackstub_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + include_dirs = [ "../include", ] + + sources = [ "dbindercallbackstub001_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] defines = [ "private = public", diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/messageparcel_fuzzer.h b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/corpus/init similarity index 76% rename from test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/messageparcel_fuzzer.h rename to test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/corpus/init index 691f249a..7ade8a0f 100644 --- a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/messageparcel_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/corpus/init @@ -13,12 +13,4 @@ * limitations under the License. */ -#ifndef MESSAGEPARCEL_FUZZER_H -#define MESSAGEPARCEL_FUZZER_H - -#include -#include - -#define FUZZ_PROJECT_NAME "messageparcel_fuzzer" - -#endif // MESSAGEPARCEL_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/dbindercallbackstub001_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/dbindercallbackstub001_fuzzer.cpp new file mode 100644 index 00000000..bafda178 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/dbindercallbackstub001_fuzzer.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dbindercallbackstub_fuzzer.h" + +namespace OHOS { +void DBinderCallbackStubFuzzTest(FuzzedDataProvider &provider) +{ + MakeDBinderCallbackStub(provider); +} + +void MarshallingFuzzTest(FuzzedDataProvider &provider) +{ + auto stub = MakeDBinderCallbackStub(provider); + if (stub == nullptr) { + return; + } + MessageParcel parcel; + + stub->Marshalling(parcel); +} + +void MarshallingPSFuzzTest(FuzzedDataProvider &provider) +{ + auto stub = MakeDBinderCallbackStub(provider); + if (stub == nullptr) { + return; + } + MessageParcel parcel; + + DBinderCallbackStub::Marshalling(parcel, stub); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::DBinderCallbackStubFuzzTest(provider); + OHOS::MarshallingFuzzTest(provider); + OHOS::MarshallingPSFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub001_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/BUILD.gn similarity index 76% rename from test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/BUILD.gn index f0cbf26c..af24a084 100644 --- a/test/fuzztest/interfaces/innerkits/ipc_core/messageparcel_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/BUILD.gn @@ -16,31 +16,28 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("MessageParcelFuzzTest") { +ohos_fuzztest("DBinderCallBackStub002FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../messageparcel_fuzzer" + fuzz_config_file = "../dbindercallbackstub002_fuzzer" cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - include_dirs = [ - "../../../../../../utils/include", - "../../../../../../ipc/native/src/core/framework/source/", - ] - - sources = [ "messageparcel_fuzzer.cpp" ] + include_dirs = [ "../include", ] - deps = [ "../../../../../../test:ipc_single_test_static" ] + sources = [ "dbindercallbackstub002_fuzzer.cpp" ] - external_deps = [ - "c_utils:utils", - "hilog:libhilog", - ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] defines = [ "private = public", "protected = public", ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] } diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/dbindercallbackstub002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/dbindercallbackstub002_fuzzer.cpp new file mode 100644 index 00000000..bfda6c1e --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/dbindercallbackstub002_fuzzer.cpp @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dbindercallbackstub_fuzzer.h" + +namespace OHOS { +sptr CreateDBinderCallbackStubInstance(FuzzedDataProvider &provider) +{ + uint64_t stubIndex = provider.ConsumeIntegral(); + uint32_t handle = provider.ConsumeIntegral(); + uint32_t tokenId = provider.ConsumeIntegral(); + std::string service = provider.ConsumeRandomLengthString(MAX_STR_LEN); + std::string device = provider.ConsumeRandomLengthString(MAX_STR_LEN); + std::string localDevice = provider.ConsumeRandomLengthString(MAX_STR_LEN); + sptr stub = + new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); + return stub; +} + +void ProcessProtoFuzzTest(FuzzedDataProvider &provider) +{ + sptr stub = CreateDBinderCallbackStubInstance(provider); + if (stub == nullptr) { + return; + } + uint32_t code = provider.ConsumeIntegral(); + MessageParcel data; + MessageParcel reply; + MessageOption option; + stub->ProcessProto(code, data, reply, option); +} + +void ProcessDataFuzzTest(FuzzedDataProvider &provider) +{ + sptr stub = CreateDBinderCallbackStubInstance(provider); + if (stub == nullptr) { + return; + } + int uid = provider.ConsumeIntegral(); + int pid = provider.ConsumeIntegral(); + MessageParcel data; + MessageParcel reply; + std::string sessionName = provider.ConsumeRandomLengthString(MAX_STR_LEN); + stub->ProcessData(uid, pid, sessionName, data, reply); +} + +void MarshallingFuzzTest001(FuzzedDataProvider &provider) +{ + sptr stub = CreateDBinderCallbackStubInstance(provider); + if (stub == nullptr) { + return; + } + Parcel parcel; + stub->Marshalling(parcel); +} + +void MarshallingFuzzTest002(FuzzedDataProvider &provider) +{ + sptr stub = CreateDBinderCallbackStubInstance(provider); + if (stub == nullptr) { + return; + } + Parcel parcel; + DBinderCallbackStub::Marshalling(parcel, stub); +} + +void AddDBinderCommAuthFuzzTest(FuzzedDataProvider &provider) +{ + sptr stub = CreateDBinderCallbackStubInstance(provider); + if (stub == nullptr) { + return; + } + pid_t pid = provider.ConsumeIntegral(); + uid_t uid = provider.ConsumeIntegral(); + std::string sessionName = provider.ConsumeRandomLengthString(MAX_STR_LEN); + stub->AddDBinderCommAuth(pid, uid, sessionName); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::ProcessProtoFuzzTest(provider); + OHOS::ProcessDataFuzzTest(provider); + OHOS::MarshallingFuzzTest001(provider); + OHOS::MarshallingFuzzTest002(provider); + OHOS::AddDBinderCommAuthFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub002_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/BUILD.gn new file mode 100644 index 00000000..c8d86ea2 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/BUILD.gn @@ -0,0 +1,43 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DBinderCallBackStub003FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../dbindercallbackstub003_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ "../include", ] + + sources = [ "dbindercallbackstub003_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/dbindercallbackstub003_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/dbindercallbackstub003_fuzzer.cpp new file mode 100644 index 00000000..a4a81fa3 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/dbindercallbackstub003_fuzzer.cpp @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dbindercallbackstub_fuzzer.h" + +namespace OHOS { +sptr CreateDBinderCallbackStubInstance(FuzzedDataProvider &provider) +{ + uint64_t stubIndex = provider.ConsumeIntegral(); + uint32_t handle = provider.ConsumeIntegral(); + uint32_t tokenId = provider.ConsumeIntegral(); + std::string service = provider.ConsumeRandomLengthString(MAX_STR_LEN); + std::string device = provider.ConsumeRandomLengthString(MAX_STR_LEN); + std::string localDevice = provider.ConsumeRandomLengthString(MAX_STR_LEN); + sptr stub = + new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); + return stub; +} + +void SaveDBinderDataFuzzTest(FuzzedDataProvider &provider) +{ + sptr stub = CreateDBinderCallbackStubInstance(provider); + if (stub == nullptr) { + return; + } + std::string sessionName = provider.ConsumeRandomLengthString(MAX_STR_LEN); + stub->SaveDBinderData(sessionName); + stub->dbinderData_ = nullptr; + stub->SaveDBinderData(sessionName); +} + +void GetAndSaveDBinderDataFuzzTest(FuzzedDataProvider &provider) +{ + sptr stub = CreateDBinderCallbackStubInstance(provider); + if (stub == nullptr) { + return; + } + pid_t pid = provider.ConsumeIntegral(); + uid_t uid = provider.ConsumeIntegral(); + stub->GetAndSaveDBinderData(pid, uid); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::SaveDBinderDataFuzzTest(provider); + OHOS::GetAndSaveDBinderDataFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub003_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/BUILD.gn new file mode 100644 index 00000000..fd685587 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/BUILD.gn @@ -0,0 +1,43 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DBinderCallBackStub004FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../dbindercallbackstub004_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ "../include", ] + + sources = [ "dbindercallbackstub004_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/dbindercallbackstub004_fuzzer.cpp similarity index 34% rename from test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/dbindercallbackstub004_fuzzer.cpp index 24a6f79f..bc8b4680 100644 --- a/test/fuzztest/ipc/native/src/core/dbindercallbackstub_fuzzer/dbindercallbackstub_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/dbindercallbackstub004_fuzzer.cpp @@ -15,79 +15,7 @@ #include "dbindercallbackstub_fuzzer.h" -#include -#include "dbinder_callback_stub.h" -#include "message_parcel.h" - namespace OHOS { -void DBinderCallbackStubFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - - MessageParcel parcel; - parcel.WriteBuffer(data, size); - uint64_t stubIndex = parcel.ReadUint64(); - uint32_t handle = parcel.ReadUint32(); - uint32_t tokenId = parcel.ReadUint32(); - size_t length = parcel.GetReadableBytes(); - if (length == 0) { - return; - } - const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); - if (bufData == nullptr) { - return; - } - std::string service(bufData, length); - std::string device(bufData, length); - std::string localDevice(bufData, length); - - auto stub = new DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - delete stub; -} - -void MarshallingFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - - MessageParcel parcel; - parcel.WriteBuffer(data, size); - uint64_t stubIndex = parcel.ReadUint64(); - uint32_t handle = parcel.ReadUint32(); - uint32_t tokenId = parcel.ReadUint32(); - size_t length = parcel.GetReadableBytes(); - if (length == 0) { - return; - } - const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); - if (bufData == nullptr) { - return; - } - std::string service(bufData, length); - std::string device(bufData, length); - std::string localDevice(bufData, length); - auto stub = new DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - - stub->Marshalling(parcel); - delete stub; -} - -void MarshallingPSFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - - MessageParcel parcel; - parcel.WriteBuffer(data, size); - sptr testStub = parcel.ReadRemoteObject(); - - DBinderCallbackStub::Marshalling(parcel, testStub); -} - void GetAndSaveDBinderDataFuzzTest(const uint8_t *data, size_t size) { if (data == nullptr || size == 0) { @@ -180,131 +108,14 @@ void OnRemoteRequestFuzzTest(const uint8_t *data, size_t size) stub->OnRemoteRequest(code, parcel, parcel, option); delete stub; } - -void ProcessProtoFuzzTest(FuzzedDataProvider &provider) -{ - uint64_t stubIndex = provider.ConsumeIntegral(); - uint32_t handle = provider.ConsumeIntegral(); - uint32_t tokenId = provider.ConsumeIntegral(); - std::string service = provider.ConsumeRandomLengthString(); - std::string device = provider.ConsumeRandomLengthString(); - std::string localDevice = provider.ConsumeRandomLengthString(); - auto stub = new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - if (stub == nullptr) { - return; - } - uint32_t code = provider.ConsumeIntegral(); - MessageParcel data; - MessageParcel reply; - MessageOption option; - stub->ProcessProto(code, data, reply, option); -} - -void ProcessDataFuzzTest(FuzzedDataProvider &provider) -{ - uint64_t stubIndex = provider.ConsumeIntegral(); - uint32_t handle = provider.ConsumeIntegral(); - uint32_t tokenId = provider.ConsumeIntegral(); - std::string service = provider.ConsumeRandomLengthString(); - std::string device = provider.ConsumeRandomLengthString(); - std::string localDevice = provider.ConsumeRandomLengthString(); - auto stub = new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - if (stub == nullptr) { - return; - } - int uid = provider.ConsumeIntegral(); - int pid = provider.ConsumeIntegral(); - MessageParcel data; - MessageParcel reply; - std::string sessionName = provider.ConsumeRandomLengthString(); - stub->ProcessData(uid, pid, sessionName, data, reply); -} - -void MarshallingFuzzTest(FuzzedDataProvider &provider) -{ - uint64_t stubIndex = provider.ConsumeIntegral(); - uint32_t handle = provider.ConsumeIntegral(); - uint32_t tokenId = provider.ConsumeIntegral(); - std::string service = provider.ConsumeRandomLengthString(); - std::string device = provider.ConsumeRandomLengthString(); - std::string localDevice = provider.ConsumeRandomLengthString(); - auto stub = new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - if (stub == nullptr) { - return; - } - Parcel parcel; - stub->Marshalling(parcel); -} - -void AddDBinderCommAuthFuzzTest(FuzzedDataProvider &provider) -{ - uint64_t stubIndex = provider.ConsumeIntegral(); - uint32_t handle = provider.ConsumeIntegral(); - uint32_t tokenId = provider.ConsumeIntegral(); - std::string service = provider.ConsumeRandomLengthString(); - std::string device = provider.ConsumeRandomLengthString(); - std::string localDevice = provider.ConsumeRandomLengthString(); - auto stub = new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - if (stub == nullptr) { - return; - } - pid_t pid = provider.ConsumeIntegral(); - uid_t uid = provider.ConsumeIntegral(); - std::string sessionName = provider.ConsumeRandomLengthString(); - stub->AddDBinderCommAuth(pid, uid, sessionName); -} - -void SaveDBinderDataFuzzTest(FuzzedDataProvider &provider) -{ - uint64_t stubIndex = provider.ConsumeIntegral(); - uint32_t handle = provider.ConsumeIntegral(); - uint32_t tokenId = provider.ConsumeIntegral(); - std::string service = provider.ConsumeRandomLengthString(); - std::string device = provider.ConsumeRandomLengthString(); - std::string localDevice = provider.ConsumeRandomLengthString(); - auto stub = new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - if (stub == nullptr) { - return; - } - std::string sessionName = provider.ConsumeRandomLengthString(); - stub->SaveDBinderData(sessionName); -} - -void GetAndSaveDBinderDataFuzzTest(FuzzedDataProvider &provider) -{ - uint64_t stubIndex = provider.ConsumeIntegral(); - uint32_t handle = provider.ConsumeIntegral(); - uint32_t tokenId = provider.ConsumeIntegral(); - std::string service = provider.ConsumeRandomLengthString(); - std::string device = provider.ConsumeRandomLengthString(); - std::string localDevice = provider.ConsumeRandomLengthString(); - auto stub = new (std::nothrow) DBinderCallbackStub(service, device, localDevice, stubIndex, handle, tokenId); - if (stub == nullptr) { - return; - } - pid_t pid = provider.ConsumeIntegral(); - uid_t uid = provider.ConsumeIntegral(); - stub->GetAndSaveDBinderData(pid, uid); -} } // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ - OHOS::DBinderCallbackStubFuzzTest(data, size); - OHOS::MarshallingFuzzTest(data, size); - OHOS::MarshallingPSFuzzTest(data, size); OHOS::GetAndSaveDBinderDataFuzzTest(data, size); OHOS::ProcessProtoFuzzTest(data, size); OHOS::OnRemoteRequestFuzzTest(data, size); - - FuzzedDataProvider provider(data, size); - OHOS::ProcessProtoFuzzTest(provider); - OHOS::ProcessDataFuzzTest(provider); - OHOS::MarshallingFuzzTest(provider); - OHOS::AddDBinderCommAuthFuzzTest(provider); - OHOS::SaveDBinderDataFuzzTest(provider); - OHOS::GetAndSaveDBinderDataFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/dbindercallbackstub004_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/dbindercallbackstub/include/dbindercallbackstub_fuzzer.h b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/include/dbindercallbackstub_fuzzer.h new file mode 100644 index 00000000..c97664e3 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/dbindercallbackstub/include/dbindercallbackstub_fuzzer.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DBINDERCALLBACKSTUB_FUZZER_H +#define DBINDERCALLBACKSTUB_FUZZER_H + +#include +#include "dbinder_callback_stub.h" +#include "message_parcel.h" + +namespace OHOS { +static constexpr size_t MAX_STR_LEN = 100; +sptr MakeDBinderCallbackStub(FuzzedDataProvider &provider) +{ + uint64_t stubIndex = provider.ConsumeIntegral(); + uint32_t handle = provider.ConsumeIntegral(); + uint32_t tokenId = provider.ConsumeIntegral(); + std::string service = provider.ConsumeRandomLengthString(MAX_STR_LEN); + std::string device = provider.ConsumeRandomLengthString(MAX_STR_LEN); + std::string localDevice = provider.ConsumeRandomLengthString(MAX_STR_LEN); + return sptr::MakeSptr(service, device, localDevice, stubIndex, handle, tokenId); +} +} // namespace OHOS + +#define FUZZ_PROJECT_NAME "dbindercallbackstub_fuzzer" + +#endif // DBINDERCALLBACKSTUB_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/BUILD.gn new file mode 100644 index 00000000..42662773 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/BUILD.gn @@ -0,0 +1,21 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##############################fuzztest########################################## +group("ipcfiledescriptorfuzz") { + testonly = true + deps = [ + "ipcfiledescriptor001_fuzzer:IPCFileDescriptor001FuzzTest", + "ipcfiledescriptor002_fuzzer:IPCFileDescriptor002FuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/ipcfiledescriptor_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/include/ipcfiledescriptor_fuzzer.h similarity index 84% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/ipcfiledescriptor_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcfiledescriptor/include/ipcfiledescriptor_fuzzer.h index 458bcd6a..481ecdaa 100644 --- a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/ipcfiledescriptor_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/include/ipcfiledescriptor_fuzzer.h @@ -16,6 +16,10 @@ #ifndef IPCFILEDESCRIPTOR_FUZZER_H #define IPCFILEDESCRIPTOR_FUZZER_H +#include "ipc_file_descriptor.h" +#include "message_parcel.h" +#include + #define FUZZ_PROJECT_NAME "ipcfiledescriptor_fuzzer" -#endif // IPCFILEDESCRIPTOR_FUZZER_HS \ No newline at end of file +#endif // IPCFILEDESCRIPTOR_FUZZER_H diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/BUILD.gn similarity index 79% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/BUILD.gn index 245a73e8..edaee846 100644 --- a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/BUILD.gn @@ -16,17 +16,20 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCFileDescriptorFuzzTest") { +ohos_fuzztest("IPCFileDescriptor001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcfiledescriptor_fuzzer" + fuzz_config_file = "../ipcfiledescriptor001_fuzzer" cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "ipcfiledescriptor_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + include_dirs = [ "../include" ] + + sources = [ "ipcfiledescriptor001_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/ipcfiledescriptor_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/ipcfiledescriptor001_fuzzer.cpp similarity index 95% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/ipcfiledescriptor_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/ipcfiledescriptor001_fuzzer.cpp index dc05ce6e..acbaae51 100644 --- a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor_fuzzer/ipcfiledescriptor_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/ipcfiledescriptor001_fuzzer.cpp @@ -14,8 +14,6 @@ */ #include "ipcfiledescriptor_fuzzer.h" -#include "ipc_file_descriptor.h" -#include "message_parcel.h" namespace OHOS { void IPCFileDescriptorFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor001_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/BUILD.gn similarity index 77% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/BUILD.gn index ea3c2654..7fd34082 100644 --- a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/BUILD.gn @@ -16,13 +16,15 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCFileDescriptorNewFuzzTest") { +ohos_fuzztest("IPCFileDescriptor002FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcfiledescriptornew_fuzzer" + fuzz_config_file = "../ipcfiledescriptor002_fuzzer" - sources = [ "ipcfiledescriptornew_fuzzer.cpp" ] + include_dirs = [ "../include" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcfiledescriptor002_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/ipcfiledescriptor002_fuzzer.cpp similarity index 92% rename from test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/ipcfiledescriptor002_fuzzer.cpp index 513f4f60..5d087b14 100644 --- a/test/fuzztest/ipc/native/src/core/ipcfiledescriptornew_fuzzer/ipcfiledescriptornew_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/ipcfiledescriptor002_fuzzer.cpp @@ -13,10 +13,7 @@ * limitations under the License. */ -#include "ipcfiledescriptornew_fuzzer.h" -#include "ipc_file_descriptor.h" -#include "message_parcel.h" -#include +#include "ipcfiledescriptor_fuzzer.h" namespace OHOS { void MarshallingFuzzTest001(FuzzedDataProvider &provider) @@ -30,8 +27,12 @@ void MarshallingFuzzTest001(FuzzedDataProvider &provider) void MarshallingFuzzTest002(FuzzedDataProvider &provider) { MessageParcel parcel; + IPCFileDescriptor::Marshalling(parcel, nullptr); int fd = provider.ConsumeIntegral(); auto fileDescriptor = sptr::MakeSptr(fd); + if (fileDescriptor == nullptr) { + return; + } IPCFileDescriptor::Marshalling(parcel, fileDescriptor); } diff --git a/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcfiledescriptor/ipcfiledescriptor002_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/iremotebroker_fuzzer/iremotebroker_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/iremotebroker_fuzzer/iremotebroker_fuzzer.cpp index e4568360..b2d3013a 100644 --- a/test/fuzztest/ipc/native/src/core/iremotebroker_fuzzer/iremotebroker_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/iremotebroker_fuzzer/iremotebroker_fuzzer.cpp @@ -18,12 +18,16 @@ #include "ipc_object_proxy.h" #include "ipc_object_stub.h" #include "iremote_broker.h" +#include "string_ex.h" namespace OHOS { + +static constexpr size_t MAX_STR_LEN = 100; + std::u16string CreateDescriptor(FuzzedDataProvider &provider) { - std::string descriptor = provider.ConsumeRandomLengthString(); - return std::u16string(descriptor.begin(), descriptor.end()); + std::string descriptor = provider.ConsumeRandomLengthString(MAX_STR_LEN); + return Str8ToStr16(descriptor); } void RegisterFuzzTest(FuzzedDataProvider &provider) @@ -35,6 +39,8 @@ void RegisterFuzzTest(FuzzedDataProvider &provider) registration.Register(descriptor, creator, &obj); descriptor = CreateDescriptor(provider); registration.Register(descriptor, creator, &obj); + registration.isUnloading = true; + registration.Register(descriptor, creator, &obj); } void UnregisterFuzzTest(FuzzedDataProvider &provider) @@ -46,6 +52,8 @@ void UnregisterFuzzTest(FuzzedDataProvider &provider) registration.Register(descriptor, creator, &obj); registration.Unregister(std::u16string()); registration.Unregister(descriptor); + registration.isUnloading = true; + registration.Unregister(descriptor); } void NewInstanceFuzzTest001(FuzzedDataProvider &provider) -- Gitee