diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 8468e7fbd79380495fd33d6aeaf10d4b3e107884..25941a350760879ec9ce06654ef0206f8f76f081 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -35,8 +35,8 @@ group("fuzztest") { "ipc/native/src/core/ipcfiledescriptor_fuzzer:IPCFileDescriptorFuzzTest", "ipc/native/src/core/ipcfiledescriptormarshalling_fuzzer:IPCFileDescriptorMarshallingFuzzTest", "ipc/native/src/core/ipcfiledescriptorunmarshalling_fuzzer:IPCFileDescriptorUnmarshallingFuzzTest", - "ipc/native/src/core/ipcobjectproxy_fuzzer:IPCObjectProxyFuzzTest", - "ipc/native/src/core/ipcobjectstub_fuzzer:IPCObjectStubFuzzTest", + "ipc/native/src/core/ipcobjectproxy:ipcobjectproxyfuzz", + "ipc/native/src/core/ipcobjectstub:ipcobjectstubfuzz", "ipc/native/src/mock/ipcobjectstubmock:ipcobjectstubmockfuzz", "ipc/native/src/core/ipcpayloadstatistics_fuzzer:IPCPayloadStatisticsFuzzTest", "ipc/native/src/core/ipcprocessskeleton_fuzzer:IPCProcessSkeletonFuzzTest", @@ -58,8 +58,6 @@ group("fuzztest") { "ipc/native/src/core/ipcfiledescriptornew_fuzzer:IPCFileDescriptorNewFuzzTest", "ipc/native/src/core/ipcthreadpoolnew_fuzzer:IPCThreadPoolNewFuzzTest", "ipc/native/src/core/binderconnector_fuzzer:BinderConnectorFuzzTest", - "ipc/native/src/core/ipcobjectproxynew_fuzzer:IPCObjectProxyNewFuzzTest", - "ipc/native/src/core/ipcobjectstubnew:ipcobjectstubnewfuzz", "ipc/native/src/core/ipcpayloadstatisticsimpl_fuzzer:IPCPayloadStatisticsImplFuzzTest", "ipc/native/src/core/ipcpayloadstatisticsnew_fuzzer:IPCPayloadStatisticsNewFuzzTest", "ipc/native/src/core/iremotebroker_fuzzer:IRemoteBrokerFuzzTest", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/BUILD.gn similarity index 57% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/BUILD.gn index 6afdbabf07d33dd3332e664776c919f782910a75..dfc5492df3202b65371d09981fa9c9d77ec956c5 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/BUILD.gn @@ -11,26 +11,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -#####################hydra-fuzz################### -import("//build/config/features.gni") -import("//build/test.gni") - ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectProxyNewFuzzTest") { - module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectproxynew_fuzzer" - - sources = [ "ipcobjectproxynew_fuzzer.cpp" ] - - defines = [ - "private = public", - "protected = public", - ] - - deps = [ "../../../../../../../test:ipc_single_test_static" ] - - external_deps = [ - "c_utils:utils", - "hilog:libhilog", +group("ipcobjectproxyfuzz") { + testonly = true + deps = [ + "ipcobjectproxy001_fuzzer:IPCObjectProxy001FuzzTest", + "ipcobjectproxy002_fuzzer:IPCObjectProxy002FuzzTest", + "ipcobjectproxy003_fuzzer:IPCObjectProxy003FuzzTest", + "ipcobjectproxy004_fuzzer:IPCObjectProxy004FuzzTest", + "ipcobjectproxy005_fuzzer:IPCObjectProxy005FuzzTest", + "ipcobjectproxy006_fuzzer:IPCObjectProxy006FuzzTest", ] -} +} \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/include/ipcobjectproxy_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/include/ipcobjectproxy_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..aae626dd4f1fb5a2d8feafcd4e76045407c271b2 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/include/ipcobjectproxy_fuzzer.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef IPCOBJECTPROXY_FUZZER_H +#define IPCOBJECTPROXY_FUZZER_H + +#include "ipc_object_proxy.h" +#include "message_parcel.h" +#include "securec.h" +#include "sys_binder.h" +#include + +namespace OHOS { +static constexpr size_t STR_MAX_LEN = 100; + +class MockDeathRecipient : public IRemoteObject::DeathRecipient { +public: + MockDeathRecipient() = default; + ~MockDeathRecipient() = default; + void OnRemoteDied(const wptr &object) + { + (void)object; + } +}; + +sptr CreateIPCObjectProxy(FuzzedDataProvider &provider) +{ + int32_t handle = provider.ConsumeIntegral(); + int32_t proto = provider.ConsumeIntegral(); + std::string descriptor = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::u16string descriptor16(descriptor.begin(), descriptor.end()); + sptr proxy = new (std::nothrow) IPCObjectProxy(handle, descriptor16, proto); + return proxy; +} +} // namespace OHOS + +#define FUZZ_PROJECT_NAME "ipcobjectproxy_fuzzer" + +#endif // IPCOBJECTPROXY_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/BUILD.gn similarity index 82% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/BUILD.gn index 2be07bc0699fb1c1df494833e743ec0f62caf284..f98ea322cf0b642596bc3577c450d341656a1683 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/BUILD.gn @@ -16,18 +16,20 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew004FuzzTest") { +ohos_fuzztest("IPCObjectProxy001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew004_fuzzer" + fuzz_config_file = "../ipcobjectproxy001_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew004_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy001_fuzzer.cpp" ] - defines = [ - "private = public", - "protected = public", - ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/ipcobjectproxy001_fuzzer.cpp similarity index 53% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/ipcobjectproxy001_fuzzer.cpp index 2e40cc9c3c39f8a999cc22e4a1d1b9dac11bcd04..bb73471349ebaf9676952acc37b13437f76fdfa9 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/ipcobjectproxy001_fuzzer.cpp @@ -14,19 +14,8 @@ */ #include "ipcobjectproxy_fuzzer.h" -#include "ipc_object_proxy.h" -#include "message_parcel.h" namespace OHOS { -class MockDeathRecipient : public IRemoteObject::DeathRecipient { -public: - MockDeathRecipient() = default; - ~MockDeathRecipient() = default; - void OnRemoteDied(const wptr &object) - { - (void)object; - } -}; IPCObjectProxy* CreateIPCObjectProxy(const uint8_t *data, size_t size) { if (data == nullptr || size == 0) { @@ -113,7 +102,7 @@ void OnFirstStrongRefFuzzTest(const uint8_t *data, size_t size) proxy->OnFirstStrongRef(data); delete proxy; } - + void OnLastStrongRefFuzzTest(const uint8_t *data, size_t size) { IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); @@ -123,103 +112,6 @@ void OnLastStrongRefFuzzTest(const uint8_t *data, size_t size) proxy->OnLastStrongRef(data); delete proxy; } - -void AddDeathRecipientFuzzTest(const uint8_t *data, size_t size) -{ - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - sptr death = new MockDeathRecipient(); - proxy->AddDeathRecipient(death.GetRefPtr()); - delete proxy; -} - -void RemoveDeathRecipientFuzzTest(const uint8_t *data, size_t size) -{ - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - sptr death = new MockDeathRecipient(); - proxy->RemoveDeathRecipient(death.GetRefPtr()); - delete proxy; -} - -void InvokeListenThreadFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel data_parcel; - MessageParcel reply_parcel; - data_parcel.WriteBuffer(data, size); - proxy->InvokeListenThread(data_parcel, reply_parcel); - delete proxy; -} - -void GetSessionNameForPidUidFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel data_parcel; - data_parcel.WriteBuffer(data, size); - uint32_t uid = data_parcel.ReadUint32(); - uint32_t pid = data_parcel.ReadUint32(); - proxy->GetSessionNameForPidUid(uid, pid); - delete proxy; -} - -void RemoveSessionNameFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - size_t length = parcel.GetReadableBytes(); - if (length == 0) { - delete proxy; - return; - } - const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); - if (bufData == nullptr) { - delete proxy; - return; - } - std::string sessionName(bufData, length); - proxy->RemoveSessionName(sessionName); - delete proxy; -} - -void SetObjectDiedFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - bool isDied = parcel.ReadBool(); - proxy->SetObjectDied(isDied); - delete proxy; -} } // namespace OHOS /* Fuzzer entry point */ @@ -231,11 +123,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::DumpFuzzTest(data, size); OHOS::OnFirstStrongRefFuzzTest(data, size); OHOS::OnLastStrongRefFuzzTest(data, size); - OHOS::AddDeathRecipientFuzzTest(data, size); - OHOS::RemoveDeathRecipientFuzzTest(data, size); - OHOS::InvokeListenThreadFuzzTest(data, size); - OHOS::GetSessionNameForPidUidFuzzTest(data, size); - OHOS::RemoveSessionNameFuzzTest(data, size); - OHOS::SetObjectDiedFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..2436785b9a59005b18983fba38980617984642d0 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/BUILD.gn @@ -0,0 +1,38 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectProxy002FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectproxy002_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ "../include" ] + + sources = [ "ipcobjectproxy002_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/ipcobjectproxy002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/ipcobjectproxy002_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..02a3586952490502274eb845fa6bb71b7ae881ef --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/ipcobjectproxy002_fuzzer.cpp @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +sptr CreateIPCObjectProxy(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return nullptr; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + int32_t handle = parcel.ReadInt32(); + int32_t proto = parcel.ReadInt32(); + size_t length = parcel.GetReadableBytes(); + if (length == 0) { + return nullptr; + } + const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); + if (bufData == nullptr) { + return nullptr; + } + std::string descriptor_str(bufData, length); + std::u16string descriptor(descriptor_str.begin(), descriptor_str.end()); + sptr proxy = new (std::nothrow) IPCObjectProxy(handle, descriptor, proto); + return proxy; +} + +void AddDeathRecipientFuzzTest(const uint8_t *data, size_t size) +{ + sptr proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + sptr death = new MockDeathRecipient(); + proxy->AddDeathRecipient(death.GetRefPtr()); +} + +void RemoveDeathRecipientFuzzTest(const uint8_t *data, size_t size) +{ + sptr proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + sptr death = new MockDeathRecipient(); + proxy->RemoveDeathRecipient(death.GetRefPtr()); +} + +void InvokeListenThreadFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + sptr proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel data_parcel; + MessageParcel reply_parcel; + data_parcel.WriteBuffer(data, size); + proxy->InvokeListenThread(data_parcel, reply_parcel); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::AddDeathRecipientFuzzTest(data, size); + OHOS::RemoveDeathRecipientFuzzTest(data, size); + OHOS::InvokeListenThreadFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/BUILD.gn similarity index 87% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/BUILD.gn index 05df95bfad537665ab55b1e4d5bf964a41d71494..ea312e1d98045730c8ab9a840a39445ed01df5c5 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/BUILD.gn @@ -16,19 +16,21 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew002FuzzTest") { +ohos_fuzztest("IPCObjectProxy003FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew002_fuzzer" + fuzz_config_file = "../ipcobjectproxy003_fuzzer" + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew002_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy003_fuzzer.cpp" ] defines = [ "private = public", "protected = public", ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/ipcobjectproxy003_fuzzer.cpp similarity index 68% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/ipcobjectproxy003_fuzzer.cpp index fe12ad42d2491112549dca79812f7e0d1b7e9ce3..6d69cd2b4cf94fa3bf9302f744710777f86d462e 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/ipcobjectproxy003_fuzzer.cpp @@ -13,22 +13,9 @@ * limitations under the License. */ -#include "ipcobjectproxynew_fuzzer.h" -#include "ipc_object_proxy.h" -#include "message_parcel.h" -#include "sys_binder.h" -#include +#include "ipcobjectproxy_fuzzer.h" namespace OHOS { -sptr CreateIPCObjectProxy(FuzzedDataProvider &provider) -{ - int32_t handle = provider.ConsumeIntegral(); - int32_t proto = provider.ConsumeIntegral(); - std::string descriptor = provider.ConsumeRandomLengthString(); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - return sptr::MakeSptr(handle, descriptor16, proto); -} - void SendRequestInnerFuzzTest(FuzzedDataProvider &provider) { sptr proxy = CreateIPCObjectProxy(provider); @@ -55,6 +42,8 @@ void WaitForInitFuzzTest(FuzzedDataProvider &provider) dbinder_negotiation_data dbinderData; dbinderData.proto = provider.ConsumeIntegral(); proxy->WaitForInit(&dbinderData); + proxy->SetObjectDied(true); + proxy->WaitForInit(&dbinderData); } void SetProtoFuzzTest(FuzzedDataProvider &provider) @@ -78,39 +67,13 @@ void MakeDBinderTransSessionFuzzTest(FuzzedDataProvider &provider) binderData.peerUid = provider.ConsumeIntegral(); binderData.peerTokenId = provider.ConsumeIntegral(); binderData.stubIndex = provider.ConsumeIntegral(); - binderData.peerServiceName = provider.ConsumeRandomLengthString(); - binderData.peerDeviceId = provider.ConsumeRandomLengthString(); - binderData.localServiceName = provider.ConsumeRandomLengthString(); - binderData.localDeviceId = provider.ConsumeRandomLengthString(); + binderData.peerServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + binderData.peerDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + binderData.localServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + binderData.localDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); proxy->MakeDBinderTransSession(binderData); } -void GetDBinderNegotiationDataFuzzTest001(FuzzedDataProvider &provider) -{ - sptr proxy = CreateIPCObjectProxy(provider); - if (proxy == nullptr) { - return; - } - MessageParcel reply; - size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); - std::vector bytes = provider.ConsumeBytes(bytesSize); - reply.WriteBuffer(bytes.data(), bytes.size()); - int handle = provider.ConsumeIntegral(); - DBinderNegotiationData binderData; - proxy->GetDBinderNegotiationData(handle, reply, binderData); -} - -void GetDBinderNegotiationDataFuzzTest002(FuzzedDataProvider &provider) -{ - sptr proxy = CreateIPCObjectProxy(provider); - if (proxy == nullptr) { - return; - } - proxy->dbinderData_ = std::make_unique(sizeof(dbinder_negotiation_data)); - DBinderNegotiationData binderData; - proxy->GetDBinderNegotiationData(binderData); -} - void UpdateDatabusClientSessionFuzzTest(FuzzedDataProvider &provider) { sptr proxy = CreateIPCObjectProxy(provider); @@ -135,8 +98,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::WaitForInitFuzzTest(provider); OHOS::SetProtoFuzzTest(provider); OHOS::MakeDBinderTransSessionFuzzTest(provider); - OHOS::GetDBinderNegotiationDataFuzzTest001(provider); - OHOS::GetDBinderNegotiationDataFuzzTest002(provider); OHOS::UpdateDatabusClientSessionFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/BUILD.gn similarity index 87% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/BUILD.gn index 47bb7eeed40f6d64ecbdefc7eca479253cd44413..410e18b869e08f790b24e0c32775a87ee0c6379a 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/BUILD.gn @@ -16,19 +16,21 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew003FuzzTest") { +ohos_fuzztest("IPCObjectProxy004FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew003_fuzzer" + fuzz_config_file = "../ipcobjectproxy004_fuzzer" + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew003_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy004_fuzzer.cpp" ] defines = [ "private = public", "protected = public", ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/ipcobjectproxy004_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/ipcobjectproxy004_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..2e8a687a4eaa5a9b56c1d729b7c32111a4d3efe6 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/ipcobjectproxy004_fuzzer.cpp @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +void GetDBinderNegotiationDataFuzzTest001(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + MessageParcel reply; + size_t maxSize = sizeof(DBinderNegotiationData); + size_t bytesSize = provider.ConsumeIntegralInRange(0, maxSize + maxSize); + std::vector bytes = provider.ConsumeBytes(bytesSize); + reply.WriteBuffer(bytes.data(), bytes.size()); + int handle = provider.ConsumeIntegral(); + DBinderNegotiationData binderData; + proxy->GetDBinderNegotiationData(handle, reply, binderData); +} + +void GetDBinderNegotiationDataFuzzTest002(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + proxy->dbinderData_ = std::make_unique(sizeof(dbinder_negotiation_data)); + DBinderNegotiationData binderData; + proxy->GetDBinderNegotiationData(binderData); +} + +void GetDBinderNegotiationDataFuzzTest003(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + DBinderNegotiationData binderData; + proxy->dbinderData_ = std::make_unique(sizeof(dbinder_negotiation_data)); + if (proxy->dbinderData_ == nullptr) { + return; + } + auto data = reinterpret_cast(proxy->dbinderData_.get()); + strncpy_s(data->target_name, sizeof(data->target_name), "DBinder1_1", sizeof("DBinder1_1") - 1); + proxy->GetDBinderNegotiationData(binderData); +} + +void GetDBinderNegotiationDataFuzzTest004(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + MessageParcel reply; + uint64_t stubIndex = provider.ConsumeIntegral(); + std::string peerServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string peerDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string localDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string localServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + uint32_t peerTokenId = provider.ConsumeIntegral(); + reply.WriteUint64(stubIndex); + reply.WriteString(peerServiceName); + reply.WriteString(peerDeviceId); + reply.WriteString(localDeviceId); + reply.WriteString(localServiceName); + reply.WriteUint32(peerTokenId); + int handle = provider.ConsumeIntegral(); + DBinderNegotiationData binderData; + proxy->GetDBinderNegotiationData(handle, reply, binderData); +} + +void AddDeathRecipientFuzzTest(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + proxy->AddDeathRecipient(nullptr); + sptr recipient = sptr::MakeSptr(); + if (recipient == nullptr) { + return; + } + proxy->AddDeathRecipient(recipient); + proxy->SetObjectDied(true); + proxy->AddDeathRecipient(recipient); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::GetDBinderNegotiationDataFuzzTest001(provider); + OHOS::GetDBinderNegotiationDataFuzzTest002(provider); + OHOS::GetDBinderNegotiationDataFuzzTest003(provider); + OHOS::GetDBinderNegotiationDataFuzzTest004(provider); + OHOS::AddDeathRecipientFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/BUILD.gn similarity index 87% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/BUILD.gn index 4cba9d7e20706e12110c4219be8bfe84b45ef934..e1d195f56c9da551cf96dac9a54da101eb8b4e1b 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/BUILD.gn @@ -16,19 +16,21 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew001FuzzTest") { +ohos_fuzztest("IPCObjectProxy005FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew001_fuzzer" + fuzz_config_file = "../ipcobjectproxy005_fuzzer" + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew001_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy005_fuzzer.cpp" ] defines = [ "private = public", "protected = public", ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/ipcobjectproxy005_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/ipcobjectproxy005_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..8a3243c1daee18acd5d105c9e1c4b4d6b9d6c67d --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/ipcobjectproxy005_fuzzer.cpp @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +void RemoveDeathRecipientFuzzTest(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + proxy->RemoveDeathRecipient(nullptr); + sptr recipient = nullptr; + sptr info = + sptr::MakeSptr(recipient); + recipient = sptr::MakeSptr(); + if (recipient == nullptr) { + return; + } + info = sptr::MakeSptr(recipient); + if (info == nullptr) { + return; + } + proxy->recipients_.push_back(info); + proxy->RemoveDeathRecipient(recipient); + proxy->SetObjectDied(true); + proxy->RemoveDeathRecipient(recipient); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::RemoveDeathRecipientFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..591893344746e6c5551c0b438d494952630bd33c --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/BUILD.gn @@ -0,0 +1,38 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectProxy006FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectproxy006_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ "../include" ] + + sources = [ "ipcobjectproxy006_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/ipcobjectproxy006_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/ipcobjectproxy006_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..196722e316ea8f52ca9aa4338aad4b9f6648752f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/ipcobjectproxy006_fuzzer.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +IPCObjectProxy* CreateIPCObjectProxy(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return nullptr; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + int32_t handle = parcel.ReadInt32(); + int32_t proto = parcel.ReadInt32(); + size_t length = parcel.GetReadableBytes(); + if (length == 0) { + return nullptr; + } + const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); + if (bufData == nullptr) { + return nullptr; + } + std::string descriptor_str(bufData, length); + std::u16string descriptor(descriptor_str.begin(), descriptor_str.end()); + IPCObjectProxy *proxy = new IPCObjectProxy(handle, descriptor, proto); + return proxy; +} + +void GetSessionNameForPidUidFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel data_parcel; + data_parcel.WriteBuffer(data, size); + uint32_t uid = data_parcel.ReadUint32(); + uint32_t pid = data_parcel.ReadUint32(); + proxy->GetSessionNameForPidUid(uid, pid); + delete proxy; +} + +void RemoveSessionNameFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + size_t length = parcel.GetReadableBytes(); + if (length == 0) { + delete proxy; + return; + } + const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); + if (bufData == nullptr) { + delete proxy; + return; + } + std::string sessionName(bufData, length); + proxy->RemoveSessionName(sessionName); + delete proxy; +} + +void SetObjectDiedFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + bool isDied = parcel.ReadBool(); + proxy->SetObjectDied(isDied); + delete proxy; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::GetSessionNameForPidUidFuzzTest(data, size); + OHOS::RemoveSessionNameFuzzTest(data, size); + OHOS::SetObjectDiedFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..232d45a379156996e823d0bc925362b9929efcd3 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/BUILD.gn @@ -0,0 +1,27 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##############################fuzztest########################################## +group("ipcobjectstubfuzz") { + testonly = true + deps = [ + "ipcobjectstub001_fuzzer:IPCObjectStub001FuzzTest", + "ipcobjectstub002_fuzzer:IPCObjectStub002FuzzTest", + "ipcobjectstub003_fuzzer:IPCObjectStub003FuzzTest", + "ipcobjectstub004_fuzzer:IPCObjectStub004FuzzTest", + "ipcobjectstub005_fuzzer:IPCObjectStub005FuzzTest", + "ipcobjectstub006_fuzzer:IPCObjectStub006FuzzTest", + "ipcobjectstub007_fuzzer:IPCObjectStub007FuzzTest", + "ipcobjectstub008_fuzzer:IPCObjectStub008FuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/include/ipcobjectstub_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/include/ipcobjectstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..d29369617882b5f8a5def54bd7c5c59c7e1cf52b --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/include/ipcobjectstub_fuzzer.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef IPCOBJECTSTUB_FUZZER_H +#define IPCOBJECTSTUB_FUZZER_H + +#include "ipc_object_stub.h" +#include "ipc_process_skeleton.h" +#include "ipc_skeleton.h" +#include "ipcobjectstub_fuzzer.h" +#include "message_parcel.h" +#include "process_skeleton.h" +#include + +namespace OHOS { + +static constexpr size_t STR_MAX_LEN = 100; + +sptr CreateIPCObjectStub(FuzzedDataProvider &provider) +{ + std::string descriptor = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::u16string descriptor16(descriptor.begin(), descriptor.end()); + bool serialInvokeFlag = provider.ConsumeBool(); + return sptr::MakeSptr(descriptor16, serialInvokeFlag); +} +} // namespace OHOS + +#define FUZZ_PROJECT_NAME "ipcobjectstub_fuzzer" + +#endif // IPCOBJECTSTUB_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/BUILD.gn similarity index 76% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/BUILD.gn index a3df5f15566692256c16cd702a309776c1cb6ab7..31ca6ccd33a38d6c9899157792dc124d6b13b202 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/BUILD.gn @@ -16,17 +16,23 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectProxyFuzzTest") { +ohos_fuzztest("IPCObjectStub001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectproxy_fuzzer" + fuzz_config_file = "../ipcobjectstub001_fuzzer" cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "ipcobjectproxy_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub001_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/ipcobjectstub001_fuzzer.cpp similarity index 54% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/ipcobjectstub001_fuzzer.cpp index 6c7df7adb64d7d815015b1eff80d9b601e285163..231b6ffa4b095aee0e830768272993a6d7070bf9 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/ipcobjectstub001_fuzzer.cpp @@ -13,10 +13,7 @@ * limitations under the License. */ -#include #include "ipcobjectstub_fuzzer.h" -#include "ipc_object_stub.h" -#include "message_parcel.h" namespace OHOS { void IPCObjectStubFuzzTest(const uint8_t *data, size_t size) @@ -106,97 +103,6 @@ void ProcessProtoFuzzTest(const uint8_t *data, size_t size) IPCObjectStub ipcObjectStub; ipcObjectStub.ProcessProto(code, parcel, reply, option); } - -void SetRequestSidFlagFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - bool flag = parcel.ReadBool(); - IPCObjectStub ipcObjectStub; - ipcObjectStub.SetRequestSidFlag(flag); -} - -void GetAndSaveDBinderDataFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - pid_t pid = parcel.ReadInt32(); - uid_t uid = parcel.ReadInt32(); - IPCObjectStub ipcObjectStub; - ipcObjectStub.GetAndSaveDBinderData(pid, uid); -} - -void InvokerThreadFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - uint32_t code = parcel.ReadUint32(); - MessageOption option; - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.InvokerThread(code, parcel, reply, option); -} - -void NoticeServiceDieFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - MessageOption option; - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.NoticeServiceDie(parcel, reply, option); -} - -void InvokerDataBusThreadFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.InvokerDataBusThread(parcel, reply); -} - -void AddAuthInfoFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - uint32_t code = parcel.ReadUint32(); - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.AddAuthInfo(parcel, reply, code); -} - -void OnRemoteDumpFuzzTest(FuzzedDataProvider &provider) -{ - uint32_t code = provider.ConsumeIntegral(); - MessageParcel parcel; - size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); - std::vector bytes = provider.ConsumeBytes(bytesSize); - parcel.WriteBuffer(bytes.data(), bytes.size()); - parcel.WriteFileDescriptor(-1); - MessageParcel reply; - MessageOption option; - IPCObjectStub ipcObjectStub; - ipcObjectStub.OnRemoteDump(code, parcel, reply, option); -} } // namespace OHOS /* Fuzzer entry point */ @@ -208,14 +114,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::OnRemoteRequestFuzzTest(data, size); OHOS::OnRemoteDumpFuzzTest(data, size); OHOS::ProcessProtoFuzzTest(data, size); - OHOS::SetRequestSidFlagFuzzTest(data, size); - OHOS::GetAndSaveDBinderDataFuzzTest(data, size); - OHOS::InvokerThreadFuzzTest(data, size); - OHOS::NoticeServiceDieFuzzTest(data, size); - OHOS::InvokerDataBusThreadFuzzTest(data, size); - OHOS::AddAuthInfoFuzzTest(data, size); - - FuzzedDataProvider provider(data, size); - OHOS::OnRemoteDumpFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/BUILD.gn similarity index 76% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/BUILD.gn index 22ba81eb9fbc4e129bca8071e15cda69c63cdff4..9116aafd13d9b73e950467c46a2afabc707ab089 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/BUILD.gn @@ -16,17 +16,23 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubFuzzTest") { +ohos_fuzztest("IPCObjectStub002FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstub_fuzzer" + fuzz_config_file = "../ipcobjectstub002_fuzzer" cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "ipcobjectstub_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub002_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/corpus/init similarity index 80% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/corpus/init index e1deb42d05ad909b447b8663bbcca64b213d10ac..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTSTUB_FUZZER_H -#define IPCOBJECTSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectstub_fuzzer" - -#endif // IPCOBJECTSTUB_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/ipcobjectstub002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/ipcobjectstub002_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..689cba1efc252821bd805d4bb62281745f891431 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/ipcobjectstub002_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstub_fuzzer.h" + +namespace OHOS { +void SetRequestSidFlagFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + bool flag = parcel.ReadBool(); + IPCObjectStub ipcObjectStub; + ipcObjectStub.SetRequestSidFlag(flag); +} + +void GetAndSaveDBinderDataFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + pid_t pid = parcel.ReadInt32(); + uid_t uid = parcel.ReadInt32(); + IPCObjectStub ipcObjectStub; + ipcObjectStub.GetAndSaveDBinderData(pid, uid); +} + +void InvokerThreadFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + uint32_t code = parcel.ReadUint32(); + MessageOption option; + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.InvokerThread(code, parcel, reply, option); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::SetRequestSidFlagFuzzTest(data, size); + OHOS::GetAndSaveDBinderDataFuzzTest(data, size); + OHOS::InvokerThreadFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..8d3ec7c2f44480e95cef4c2745028fce18bf2480 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub003FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub003_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub003_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/corpus/init similarity index 80% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/corpus/init index 083011b1234f0467cd6dbd0b7b17110fcf391d5e..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTPROXY_FUZZER_H -#define IPCOBJECTPROXY_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectproxy_fuzzer" - -#endif // IPCOBJECTPROXY_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/ipcobjectstub003_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/ipcobjectstub003_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..501ef9ac6349a0b5f8ad88157da7c48f8adc69b6 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/ipcobjectstub003_fuzzer.cpp @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstub_fuzzer.h" + +namespace OHOS { +void NoticeServiceDieFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + MessageOption option; + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.NoticeServiceDie(parcel, reply, option); +} + +void InvokerDataBusThreadFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.InvokerDataBusThread(parcel, reply); +} + +void AddAuthInfoFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + uint32_t code = parcel.ReadUint32(); + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.AddAuthInfo(parcel, reply, code); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::NoticeServiceDieFuzzTest(data, size); + OHOS::InvokerDataBusThreadFuzzTest(data, size); + OHOS::AddAuthInfoFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..e14a120a6ea670e4677583968be952c494ff923e --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub004FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub004_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub004_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/corpus/init similarity index 79% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/corpus/init index 7f0db5bb3a141896dbedcf7049ddf42e7c909018..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTSTUBNEW_FUZZER_H -#define IPCOBJECTSTUBNEW_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectstubnew_fuzzer" - -#endif // IPCOBJECTSTUBNEW_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/ipcobjectstub004_fuzzer.cpp similarity index 84% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/ipcobjectstub004_fuzzer.cpp index 833e9fdd586594d92743b9a5b2e1a6decec758c1..014a1b015ddf2ae8e45f36c7f1e9746d292e5645 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/ipcobjectstub004_fuzzer.cpp @@ -13,23 +13,9 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) -{ - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); -} - void DBinderIncRefsTransactionFuzzTest(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..2d8b76d2f2d75b95d15e25f90d3b6f133bede0b0 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub005FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub005_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub005_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/corpus/init similarity index 79% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/corpus/init index 230ae9953d160da3f8b60a6433ef7808bf7c510c..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTPROXYNEW_FUZZER_H -#define IPCOBJECTPROXYNEW_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectproxynew_fuzzer" - -#endif // IPCOBJECTPROXYNEW_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/ipcobjectstub005_fuzzer.cpp similarity index 84% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/ipcobjectstub005_fuzzer.cpp index 84ede2a0394d1d19120400699693aea8507b1d88..1f812fbd13180a97d119e510ad0a56c64f16236a 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/ipcobjectstub005_fuzzer.cpp @@ -13,23 +13,9 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) -{ - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); -} - void DBinderGetPidUidFuzzTest(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..14c985a0726fb3c17cfe96f159a66f828370703f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub006FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub006_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub006_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/ipcobjectstub006_fuzzer.cpp similarity index 46% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/ipcobjectstub006_fuzzer.cpp index a2dbc740536f3e3c8e903a3316f9791eb8952df4..94ba2bc5f2774f42661838dae3b614c1000faa7d 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/ipcobjectstub006_fuzzer.cpp @@ -13,24 +13,27 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) +void GetSessionNameForPidUidFuzzTest001(FuzzedDataProvider &provider) { - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + uint32_t code = provider.ConsumeIntegral(); + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t pid = IPCSkeleton::GetCallingPid(); + uint32_t uid = IPCSkeleton::GetCallingUid(); + data.WriteUint32(pid); + data.WriteUint32(uid); + ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); } -void GetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) +void GetSessionNameForPidUidFuzzTest002(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); if (ipcObjectStub == nullptr) { @@ -40,11 +43,35 @@ void GetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) MessageParcel data; MessageParcel reply; MessageOption option; + uint32_t pid = provider.ConsumeIntegral(); + uint32_t uid = provider.ConsumeIntegral(); + data.WriteUint32(pid); + data.WriteUint32(uid); + ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); +} + +void DBinderGetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); uint32_t pid = IPCSkeleton::GetCallingPid(); uint32_t uid = IPCSkeleton::GetCallingUid(); data.WriteUint32(pid); data.WriteUint32(uid); - ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); + ipcObjectStub->DBinderGetSessionNameForPidUid(code, data, reply, option); + auto instance = ProcessSkeleton::GetInstance(); + if (instance == nullptr) { + return; + } + instance->SetSamgrFlag(true); + ipcObjectStub->DBinderGetSessionNameForPidUid(code, data, reply, option); + instance->SetSamgrFlag(false); } void CreateSessionNameFuzzTest(FuzzedDataProvider &provider) @@ -70,6 +97,29 @@ void RemoveSessionNameFuzzTest(FuzzedDataProvider &provider) data.WriteBuffer(bytes.data(), bytes.size()); ipcObjectStub->RemoveSessionName(data); } + +void InvokerDataBusThreadFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + std::string deviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + uint32_t remotePid = IPCSkeleton::GetCallingPid(); + uint32_t remoteUid = IPCSkeleton::GetCallingUid(); + std::string remoteDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string sessionName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + uint32_t remoteTokenId = provider.ConsumeIntegral(); + data.WriteString(deviceId); + data.WriteUint32(remotePid); + data.WriteUint32(remoteUid); + data.WriteString(remoteDeviceId); + data.WriteString(sessionName); + data.WriteUint32(remoteTokenId); + ipcObjectStub->InvokerDataBusThread(data, reply); +} } // namespace OHOS /* Fuzzer entry point */ @@ -77,8 +127,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ FuzzedDataProvider provider(data, size); - OHOS::GetSessionNameForPidUidFuzzTest(provider); + OHOS::GetSessionNameForPidUidFuzzTest001(provider); + OHOS::GetSessionNameForPidUidFuzzTest002(provider); OHOS::CreateSessionNameFuzzTest(provider); OHOS::RemoveSessionNameFuzzTest(provider); + OHOS::DBinderGetSessionNameForPidUidFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..327e26615fce1015a488b462770aeca7e0919b18 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub007FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub007_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub007_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/ipcobjectstub007_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/ipcobjectstub007_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..e53be176e3e9c2ec0a1ccb12f1c7668ca7a4f59f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/ipcobjectstub007_fuzzer.cpp @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstub_fuzzer.h" + +namespace OHOS { +void NoticeServiceDieFuzzTest(FuzzedDataProvider &provider) +{ + int handle = provider.ConsumeIntegral(); + sptr ipcObjectStub = CreateIPCObjectStub(provider); + sptr ipcObjectProxy = sptr::MakeSptr(handle); + IPCProcessSkeleton *current = IPCProcessSkeleton::GetCurrent(); + if (ipcObjectStub == nullptr || current == nullptr || ipcObjectProxy == nullptr) { + return; + } + current->AttachCallbackStub(ipcObjectProxy.GetRefPtr(), ipcObjectStub); + MessageParcel data; + MessageParcel reply; + MessageOption option; + ipcObjectStub->NoticeServiceDie(data, reply, option); +} + +void OnRemoteDumpFuzzTest(FuzzedDataProvider &provider) +{ + uint32_t code = provider.ConsumeIntegral(); + MessageParcel parcel; + size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); + std::vector bytes = provider.ConsumeBytes(bytesSize); + parcel.WriteBuffer(bytes.data(), bytes.size()); + parcel.WriteFileDescriptor(-1); + MessageParcel reply; + MessageOption option; + IPCObjectStub ipcObjectStub; + ipcObjectStub.OnRemoteDump(code, parcel, reply, option); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::NoticeServiceDieFuzzTest(provider); + OHOS::OnRemoteDumpFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..6f0ae6ccaa0bffdba5b2a6c75ddbe72d898a97b6 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub008FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub008_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub008_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/ipcobjectstub008_fuzzer.cpp similarity index 84% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/ipcobjectstub008_fuzzer.cpp index e2618e3bbf84c629e22dac2c98a38aa34879b6d8..5aafb181adeacf6f4040b6d1c825a09b4825739f 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/ipcobjectstub008_fuzzer.cpp @@ -13,23 +13,9 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) -{ - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); -} - void DBinderPingTransactionFuzzTest(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..226522bd2ad3eaf2db4f710f1924d82d2912c235 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn deleted file mode 100644 index e07805ed66d62fa00d2b20f059df04c47fd51a30..0000000000000000000000000000000000000000 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2025 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -group("ipcobjectstubnewfuzz") { - testonly = true - deps = [ - "ipcobjectstubnew001_fuzzer:IPCObjectStubNew001FuzzTest", - "ipcobjectstubnew002_fuzzer:IPCObjectStubNew002FuzzTest", - "ipcobjectstubnew003_fuzzer:IPCObjectStubNew003FuzzTest", - "ipcobjectstubnew004_fuzzer:IPCObjectStubNew004FuzzTest", - ] -}