From 2e7e8c1ab9929e502941595cf7fee46013fd1eb0 Mon Sep 17 00:00:00 2001 From: wuyunxun Date: Tue, 2 Sep 2025 10:48:34 +0800 Subject: [PATCH] =?UTF-8?q?ipc=5Fobject=5Fproxy&ipc=5Fobject=5Fstub=20Fuzz?= =?UTF-8?q?=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuyunxun Change-Id: I8497d183eefa45bbd05b7d177cf7e010b3ecf069 --- test/fuzztest/BUILD.gn | 6 +- .../BUILD.gn | 31 ++--- .../include/ipcobjectproxy_fuzzer.h | 51 ++++++++ .../ipcobjectproxy001_fuzzer}/BUILD.gn | 18 +-- .../ipcobjectproxy001_fuzzer}/corpus/init | 0 .../ipcobjectproxy001_fuzzer.cpp} | 116 +----------------- .../ipcobjectproxy001_fuzzer}/project.xml | 0 .../ipcobjectproxy002_fuzzer/BUILD.gn | 38 ++++++ .../ipcobjectproxy002_fuzzer}/corpus/init | 0 .../ipcobjectproxy002_fuzzer.cpp | 86 +++++++++++++ .../ipcobjectproxy002_fuzzer}/project.xml | 0 .../ipcobjectproxy003_fuzzer}/BUILD.gn | 10 +- .../ipcobjectproxy003_fuzzer}/corpus/init | 0 .../ipcobjectproxy003_fuzzer.cpp} | 53 ++------ .../ipcobjectproxy003_fuzzer}/project.xml | 0 .../ipcobjectproxy004_fuzzer}/BUILD.gn | 10 +- .../ipcobjectproxy004_fuzzer}/corpus/init | 0 .../ipcobjectproxy004_fuzzer.cpp | 114 +++++++++++++++++ .../ipcobjectproxy004_fuzzer}/project.xml | 0 .../ipcobjectproxy005_fuzzer}/BUILD.gn | 10 +- .../ipcobjectproxy005_fuzzer}/corpus/init | 0 .../ipcobjectproxy005_fuzzer.cpp | 51 ++++++++ .../ipcobjectproxy005_fuzzer}/project.xml | 0 .../ipcobjectproxy006_fuzzer/BUILD.gn | 38 ++++++ .../ipcobjectproxy006_fuzzer}/corpus/init | 0 .../ipcobjectproxy006_fuzzer.cpp | 110 +++++++++++++++++ .../ipcobjectproxy006_fuzzer}/project.xml | 0 .../native/src/core/ipcobjectstub/BUILD.gn | 27 ++++ .../include/ipcobjectstub_fuzzer.h | 42 +++++++ .../ipcobjectstub001_fuzzer}/BUILD.gn | 14 ++- .../ipcobjectstub001_fuzzer}/corpus/init | 0 .../ipcobjectstub001_fuzzer.cpp} | 103 ---------------- .../ipcobjectstub001_fuzzer}/project.xml | 0 .../ipcobjectstub002_fuzzer}/BUILD.gn | 14 ++- .../ipcobjectstub002_fuzzer/corpus/init} | 7 +- .../ipcobjectstub002_fuzzer.cpp | 67 ++++++++++ .../ipcobjectstub002_fuzzer/project.xml | 25 ++++ .../ipcobjectstub003_fuzzer/BUILD.gn | 41 +++++++ .../ipcobjectstub003_fuzzer/corpus/init} | 7 +- .../ipcobjectstub003_fuzzer.cpp | 66 ++++++++++ .../ipcobjectstub003_fuzzer/project.xml | 25 ++++ .../ipcobjectstub004_fuzzer/BUILD.gn | 41 +++++++ .../ipcobjectstub004_fuzzer/corpus/init} | 7 +- .../ipcobjectstub004_fuzzer.cpp} | 16 +-- .../ipcobjectstub004_fuzzer/project.xml | 25 ++++ .../ipcobjectstub005_fuzzer/BUILD.gn | 41 +++++++ .../ipcobjectstub005_fuzzer/corpus/init} | 7 +- .../ipcobjectstub005_fuzzer.cpp} | 16 +-- .../ipcobjectstub005_fuzzer/project.xml | 25 ++++ .../ipcobjectstub006_fuzzer/BUILD.gn | 41 +++++++ .../ipcobjectstub006_fuzzer/corpus/init | 16 +++ .../ipcobjectstub006_fuzzer.cpp} | 82 ++++++++++--- .../ipcobjectstub006_fuzzer/project.xml | 25 ++++ .../ipcobjectstub007_fuzzer/BUILD.gn | 41 +++++++ .../ipcobjectstub007_fuzzer/corpus/init | 16 +++ .../ipcobjectstub007_fuzzer.cpp | 58 +++++++++ .../ipcobjectstub007_fuzzer/project.xml | 25 ++++ .../ipcobjectstub008_fuzzer/BUILD.gn | 41 +++++++ .../ipcobjectstub008_fuzzer/corpus/init | 16 +++ .../ipcobjectstub008_fuzzer.cpp} | 16 +-- .../ipcobjectstub008_fuzzer/project.xml | 25 ++++ .../native/src/core/ipcobjectstubnew/BUILD.gn | 22 ---- 62 files changed, 1359 insertions(+), 423 deletions(-) rename test/fuzztest/ipc/native/src/core/{ipcobjectproxynew_fuzzer => ipcobjectproxy}/BUILD.gn (57%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectproxy/include/ipcobjectproxy_fuzzer.h rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew004_fuzzer => ipcobjectproxy/ipcobjectproxy001_fuzzer}/BUILD.gn (82%) rename test/fuzztest/ipc/native/src/core/{ipcobjectproxy_fuzzer => ipcobjectproxy/ipcobjectproxy001_fuzzer}/corpus/init (100%) rename test/fuzztest/ipc/native/src/core/{ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.cpp => ipcobjectproxy/ipcobjectproxy001_fuzzer/ipcobjectproxy001_fuzzer.cpp} (53%) rename test/fuzztest/ipc/native/src/core/{ipcobjectproxy_fuzzer => ipcobjectproxy/ipcobjectproxy001_fuzzer}/project.xml (100%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/BUILD.gn rename test/fuzztest/ipc/native/src/core/{ipcobjectproxynew_fuzzer => ipcobjectproxy/ipcobjectproxy002_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/ipcobjectproxy002_fuzzer.cpp rename test/fuzztest/ipc/native/src/core/{ipcobjectproxynew_fuzzer => ipcobjectproxy/ipcobjectproxy002_fuzzer}/project.xml (100%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew002_fuzzer => ipcobjectproxy/ipcobjectproxy003_fuzzer}/BUILD.gn (87%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstub_fuzzer => ipcobjectproxy/ipcobjectproxy003_fuzzer}/corpus/init (100%) rename test/fuzztest/ipc/native/src/core/{ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.cpp => ipcobjectproxy/ipcobjectproxy003_fuzzer/ipcobjectproxy003_fuzzer.cpp} (68%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstub_fuzzer => ipcobjectproxy/ipcobjectproxy003_fuzzer}/project.xml (100%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew003_fuzzer => ipcobjectproxy/ipcobjectproxy004_fuzzer}/BUILD.gn (87%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew001_fuzzer => ipcobjectproxy/ipcobjectproxy004_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/ipcobjectproxy004_fuzzer.cpp rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew001_fuzzer => ipcobjectproxy/ipcobjectproxy004_fuzzer}/project.xml (100%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew001_fuzzer => ipcobjectproxy/ipcobjectproxy005_fuzzer}/BUILD.gn (87%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew002_fuzzer => ipcobjectproxy/ipcobjectproxy005_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/ipcobjectproxy005_fuzzer.cpp rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew002_fuzzer => ipcobjectproxy/ipcobjectproxy005_fuzzer}/project.xml (100%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/BUILD.gn rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew003_fuzzer => ipcobjectproxy/ipcobjectproxy006_fuzzer}/corpus/init (100%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/ipcobjectproxy006_fuzzer.cpp rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew003_fuzzer => ipcobjectproxy/ipcobjectproxy006_fuzzer}/project.xml (100%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/include/ipcobjectstub_fuzzer.h rename test/fuzztest/ipc/native/src/core/{ipcobjectproxy_fuzzer => ipcobjectstub/ipcobjectstub001_fuzzer}/BUILD.gn (76%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew004_fuzzer => ipcobjectstub/ipcobjectstub001_fuzzer}/corpus/init (100%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.cpp => ipcobjectstub/ipcobjectstub001_fuzzer/ipcobjectstub001_fuzzer.cpp} (54%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew004_fuzzer => ipcobjectstub/ipcobjectstub001_fuzzer}/project.xml (100%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstub_fuzzer => ipcobjectstub/ipcobjectstub002_fuzzer}/BUILD.gn (76%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.h => ipcobjectstub/ipcobjectstub002_fuzzer/corpus/init} (80%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/ipcobjectstub002_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/BUILD.gn rename test/fuzztest/ipc/native/src/core/{ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.h => ipcobjectstub/ipcobjectstub003_fuzzer/corpus/init} (80%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/ipcobjectstub003_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/BUILD.gn rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h => ipcobjectstub/ipcobjectstub004_fuzzer/corpus/init} (79%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp => ipcobjectstub/ipcobjectstub004_fuzzer/ipcobjectstub004_fuzzer.cpp} (84%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/BUILD.gn rename test/fuzztest/ipc/native/src/core/{ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.h => ipcobjectstub/ipcobjectstub005_fuzzer/corpus/init} (79%) rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp => ipcobjectstub/ipcobjectstub005_fuzzer/ipcobjectstub005_fuzzer.cpp} (84%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/corpus/init rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp => ipcobjectstub/ipcobjectstub006_fuzzer/ipcobjectstub006_fuzzer.cpp} (46%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/corpus/init create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/ipcobjectstub007_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/corpus/init rename test/fuzztest/ipc/native/src/core/{ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp => ipcobjectstub/ipcobjectstub008_fuzzer/ipcobjectstub008_fuzzer.cpp} (84%) create mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/project.xml delete mode 100644 test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 8468e7fb..25941a35 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -35,8 +35,8 @@ group("fuzztest") { "ipc/native/src/core/ipcfiledescriptor_fuzzer:IPCFileDescriptorFuzzTest", "ipc/native/src/core/ipcfiledescriptormarshalling_fuzzer:IPCFileDescriptorMarshallingFuzzTest", "ipc/native/src/core/ipcfiledescriptorunmarshalling_fuzzer:IPCFileDescriptorUnmarshallingFuzzTest", - "ipc/native/src/core/ipcobjectproxy_fuzzer:IPCObjectProxyFuzzTest", - "ipc/native/src/core/ipcobjectstub_fuzzer:IPCObjectStubFuzzTest", + "ipc/native/src/core/ipcobjectproxy:ipcobjectproxyfuzz", + "ipc/native/src/core/ipcobjectstub:ipcobjectstubfuzz", "ipc/native/src/mock/ipcobjectstubmock:ipcobjectstubmockfuzz", "ipc/native/src/core/ipcpayloadstatistics_fuzzer:IPCPayloadStatisticsFuzzTest", "ipc/native/src/core/ipcprocessskeleton_fuzzer:IPCProcessSkeletonFuzzTest", @@ -58,8 +58,6 @@ group("fuzztest") { "ipc/native/src/core/ipcfiledescriptornew_fuzzer:IPCFileDescriptorNewFuzzTest", "ipc/native/src/core/ipcthreadpoolnew_fuzzer:IPCThreadPoolNewFuzzTest", "ipc/native/src/core/binderconnector_fuzzer:BinderConnectorFuzzTest", - "ipc/native/src/core/ipcobjectproxynew_fuzzer:IPCObjectProxyNewFuzzTest", - "ipc/native/src/core/ipcobjectstubnew:ipcobjectstubnewfuzz", "ipc/native/src/core/ipcpayloadstatisticsimpl_fuzzer:IPCPayloadStatisticsImplFuzzTest", "ipc/native/src/core/ipcpayloadstatisticsnew_fuzzer:IPCPayloadStatisticsNewFuzzTest", "ipc/native/src/core/iremotebroker_fuzzer:IRemoteBrokerFuzzTest", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/BUILD.gn similarity index 57% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/BUILD.gn index 6afdbabf..dfc5492d 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/BUILD.gn @@ -11,26 +11,15 @@ # See the License for the specific language governing permissions and # limitations under the License. -#####################hydra-fuzz################### -import("//build/config/features.gni") -import("//build/test.gni") - ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectProxyNewFuzzTest") { - module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectproxynew_fuzzer" - - sources = [ "ipcobjectproxynew_fuzzer.cpp" ] - - defines = [ - "private = public", - "protected = public", - ] - - deps = [ "../../../../../../../test:ipc_single_test_static" ] - - external_deps = [ - "c_utils:utils", - "hilog:libhilog", +group("ipcobjectproxyfuzz") { + testonly = true + deps = [ + "ipcobjectproxy001_fuzzer:IPCObjectProxy001FuzzTest", + "ipcobjectproxy002_fuzzer:IPCObjectProxy002FuzzTest", + "ipcobjectproxy003_fuzzer:IPCObjectProxy003FuzzTest", + "ipcobjectproxy004_fuzzer:IPCObjectProxy004FuzzTest", + "ipcobjectproxy005_fuzzer:IPCObjectProxy005FuzzTest", + "ipcobjectproxy006_fuzzer:IPCObjectProxy006FuzzTest", ] -} +} \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/include/ipcobjectproxy_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/include/ipcobjectproxy_fuzzer.h new file mode 100644 index 00000000..aae626dd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/include/ipcobjectproxy_fuzzer.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef IPCOBJECTPROXY_FUZZER_H +#define IPCOBJECTPROXY_FUZZER_H + +#include "ipc_object_proxy.h" +#include "message_parcel.h" +#include "securec.h" +#include "sys_binder.h" +#include + +namespace OHOS { +static constexpr size_t STR_MAX_LEN = 100; + +class MockDeathRecipient : public IRemoteObject::DeathRecipient { +public: + MockDeathRecipient() = default; + ~MockDeathRecipient() = default; + void OnRemoteDied(const wptr &object) + { + (void)object; + } +}; + +sptr CreateIPCObjectProxy(FuzzedDataProvider &provider) +{ + int32_t handle = provider.ConsumeIntegral(); + int32_t proto = provider.ConsumeIntegral(); + std::string descriptor = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::u16string descriptor16(descriptor.begin(), descriptor.end()); + sptr proxy = new (std::nothrow) IPCObjectProxy(handle, descriptor16, proto); + return proxy; +} +} // namespace OHOS + +#define FUZZ_PROJECT_NAME "ipcobjectproxy_fuzzer" + +#endif // IPCOBJECTPROXY_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/BUILD.gn similarity index 82% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/BUILD.gn index 2be07bc0..f98ea322 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/BUILD.gn @@ -16,18 +16,20 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew004FuzzTest") { +ohos_fuzztest("IPCObjectProxy001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew004_fuzzer" + fuzz_config_file = "../ipcobjectproxy001_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew004_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy001_fuzzer.cpp" ] - defines = [ - "private = public", - "protected = public", - ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/ipcobjectproxy001_fuzzer.cpp similarity index 53% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/ipcobjectproxy001_fuzzer.cpp index 2e40cc9c..bb734713 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/ipcobjectproxy001_fuzzer.cpp @@ -14,19 +14,8 @@ */ #include "ipcobjectproxy_fuzzer.h" -#include "ipc_object_proxy.h" -#include "message_parcel.h" namespace OHOS { -class MockDeathRecipient : public IRemoteObject::DeathRecipient { -public: - MockDeathRecipient() = default; - ~MockDeathRecipient() = default; - void OnRemoteDied(const wptr &object) - { - (void)object; - } -}; IPCObjectProxy* CreateIPCObjectProxy(const uint8_t *data, size_t size) { if (data == nullptr || size == 0) { @@ -113,7 +102,7 @@ void OnFirstStrongRefFuzzTest(const uint8_t *data, size_t size) proxy->OnFirstStrongRef(data); delete proxy; } - + void OnLastStrongRefFuzzTest(const uint8_t *data, size_t size) { IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); @@ -123,103 +112,6 @@ void OnLastStrongRefFuzzTest(const uint8_t *data, size_t size) proxy->OnLastStrongRef(data); delete proxy; } - -void AddDeathRecipientFuzzTest(const uint8_t *data, size_t size) -{ - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - sptr death = new MockDeathRecipient(); - proxy->AddDeathRecipient(death.GetRefPtr()); - delete proxy; -} - -void RemoveDeathRecipientFuzzTest(const uint8_t *data, size_t size) -{ - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - sptr death = new MockDeathRecipient(); - proxy->RemoveDeathRecipient(death.GetRefPtr()); - delete proxy; -} - -void InvokeListenThreadFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel data_parcel; - MessageParcel reply_parcel; - data_parcel.WriteBuffer(data, size); - proxy->InvokeListenThread(data_parcel, reply_parcel); - delete proxy; -} - -void GetSessionNameForPidUidFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel data_parcel; - data_parcel.WriteBuffer(data, size); - uint32_t uid = data_parcel.ReadUint32(); - uint32_t pid = data_parcel.ReadUint32(); - proxy->GetSessionNameForPidUid(uid, pid); - delete proxy; -} - -void RemoveSessionNameFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - size_t length = parcel.GetReadableBytes(); - if (length == 0) { - delete proxy; - return; - } - const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); - if (bufData == nullptr) { - delete proxy; - return; - } - std::string sessionName(bufData, length); - proxy->RemoveSessionName(sessionName); - delete proxy; -} - -void SetObjectDiedFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); - if (proxy == nullptr) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - bool isDied = parcel.ReadBool(); - proxy->SetObjectDied(isDied); - delete proxy; -} } // namespace OHOS /* Fuzzer entry point */ @@ -231,11 +123,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::DumpFuzzTest(data, size); OHOS::OnFirstStrongRefFuzzTest(data, size); OHOS::OnLastStrongRefFuzzTest(data, size); - OHOS::AddDeathRecipientFuzzTest(data, size); - OHOS::RemoveDeathRecipientFuzzTest(data, size); - OHOS::InvokeListenThreadFuzzTest(data, size); - OHOS::GetSessionNameForPidUidFuzzTest(data, size); - OHOS::RemoveSessionNameFuzzTest(data, size); - OHOS::SetObjectDiedFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy001_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/BUILD.gn new file mode 100644 index 00000000..2436785b --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/BUILD.gn @@ -0,0 +1,38 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectProxy002FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectproxy002_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ "../include" ] + + sources = [ "ipcobjectproxy002_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/ipcobjectproxy002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/ipcobjectproxy002_fuzzer.cpp new file mode 100644 index 00000000..02a35869 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/ipcobjectproxy002_fuzzer.cpp @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +sptr CreateIPCObjectProxy(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return nullptr; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + int32_t handle = parcel.ReadInt32(); + int32_t proto = parcel.ReadInt32(); + size_t length = parcel.GetReadableBytes(); + if (length == 0) { + return nullptr; + } + const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); + if (bufData == nullptr) { + return nullptr; + } + std::string descriptor_str(bufData, length); + std::u16string descriptor(descriptor_str.begin(), descriptor_str.end()); + sptr proxy = new (std::nothrow) IPCObjectProxy(handle, descriptor, proto); + return proxy; +} + +void AddDeathRecipientFuzzTest(const uint8_t *data, size_t size) +{ + sptr proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + sptr death = new MockDeathRecipient(); + proxy->AddDeathRecipient(death.GetRefPtr()); +} + +void RemoveDeathRecipientFuzzTest(const uint8_t *data, size_t size) +{ + sptr proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + sptr death = new MockDeathRecipient(); + proxy->RemoveDeathRecipient(death.GetRefPtr()); +} + +void InvokeListenThreadFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + sptr proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel data_parcel; + MessageParcel reply_parcel; + data_parcel.WriteBuffer(data, size); + proxy->InvokeListenThread(data_parcel, reply_parcel); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::AddDeathRecipientFuzzTest(data, size); + OHOS::RemoveDeathRecipientFuzzTest(data, size); + OHOS::InvokeListenThreadFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy002_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/BUILD.gn similarity index 87% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/BUILD.gn index 05df95bf..ea312e1d 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/BUILD.gn @@ -16,19 +16,21 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew002FuzzTest") { +ohos_fuzztest("IPCObjectProxy003FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew002_fuzzer" + fuzz_config_file = "../ipcobjectproxy003_fuzzer" + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew002_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy003_fuzzer.cpp" ] defines = [ "private = public", "protected = public", ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/ipcobjectproxy003_fuzzer.cpp similarity index 68% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/ipcobjectproxy003_fuzzer.cpp index fe12ad42..6d69cd2b 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/ipcobjectproxy003_fuzzer.cpp @@ -13,22 +13,9 @@ * limitations under the License. */ -#include "ipcobjectproxynew_fuzzer.h" -#include "ipc_object_proxy.h" -#include "message_parcel.h" -#include "sys_binder.h" -#include +#include "ipcobjectproxy_fuzzer.h" namespace OHOS { -sptr CreateIPCObjectProxy(FuzzedDataProvider &provider) -{ - int32_t handle = provider.ConsumeIntegral(); - int32_t proto = provider.ConsumeIntegral(); - std::string descriptor = provider.ConsumeRandomLengthString(); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - return sptr::MakeSptr(handle, descriptor16, proto); -} - void SendRequestInnerFuzzTest(FuzzedDataProvider &provider) { sptr proxy = CreateIPCObjectProxy(provider); @@ -55,6 +42,8 @@ void WaitForInitFuzzTest(FuzzedDataProvider &provider) dbinder_negotiation_data dbinderData; dbinderData.proto = provider.ConsumeIntegral(); proxy->WaitForInit(&dbinderData); + proxy->SetObjectDied(true); + proxy->WaitForInit(&dbinderData); } void SetProtoFuzzTest(FuzzedDataProvider &provider) @@ -78,39 +67,13 @@ void MakeDBinderTransSessionFuzzTest(FuzzedDataProvider &provider) binderData.peerUid = provider.ConsumeIntegral(); binderData.peerTokenId = provider.ConsumeIntegral(); binderData.stubIndex = provider.ConsumeIntegral(); - binderData.peerServiceName = provider.ConsumeRandomLengthString(); - binderData.peerDeviceId = provider.ConsumeRandomLengthString(); - binderData.localServiceName = provider.ConsumeRandomLengthString(); - binderData.localDeviceId = provider.ConsumeRandomLengthString(); + binderData.peerServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + binderData.peerDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + binderData.localServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + binderData.localDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); proxy->MakeDBinderTransSession(binderData); } -void GetDBinderNegotiationDataFuzzTest001(FuzzedDataProvider &provider) -{ - sptr proxy = CreateIPCObjectProxy(provider); - if (proxy == nullptr) { - return; - } - MessageParcel reply; - size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); - std::vector bytes = provider.ConsumeBytes(bytesSize); - reply.WriteBuffer(bytes.data(), bytes.size()); - int handle = provider.ConsumeIntegral(); - DBinderNegotiationData binderData; - proxy->GetDBinderNegotiationData(handle, reply, binderData); -} - -void GetDBinderNegotiationDataFuzzTest002(FuzzedDataProvider &provider) -{ - sptr proxy = CreateIPCObjectProxy(provider); - if (proxy == nullptr) { - return; - } - proxy->dbinderData_ = std::make_unique(sizeof(dbinder_negotiation_data)); - DBinderNegotiationData binderData; - proxy->GetDBinderNegotiationData(binderData); -} - void UpdateDatabusClientSessionFuzzTest(FuzzedDataProvider &provider) { sptr proxy = CreateIPCObjectProxy(provider); @@ -135,8 +98,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::WaitForInitFuzzTest(provider); OHOS::SetProtoFuzzTest(provider); OHOS::MakeDBinderTransSessionFuzzTest(provider); - OHOS::GetDBinderNegotiationDataFuzzTest001(provider); - OHOS::GetDBinderNegotiationDataFuzzTest002(provider); OHOS::UpdateDatabusClientSessionFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy003_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/BUILD.gn similarity index 87% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/BUILD.gn index 47bb7eee..410e18b8 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/BUILD.gn @@ -16,19 +16,21 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew003FuzzTest") { +ohos_fuzztest("IPCObjectProxy004FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew003_fuzzer" + fuzz_config_file = "../ipcobjectproxy004_fuzzer" + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew003_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy004_fuzzer.cpp" ] defines = [ "private = public", "protected = public", ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/ipcobjectproxy004_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/ipcobjectproxy004_fuzzer.cpp new file mode 100644 index 00000000..2e8a687a --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/ipcobjectproxy004_fuzzer.cpp @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +void GetDBinderNegotiationDataFuzzTest001(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + MessageParcel reply; + size_t maxSize = sizeof(DBinderNegotiationData); + size_t bytesSize = provider.ConsumeIntegralInRange(0, maxSize + maxSize); + std::vector bytes = provider.ConsumeBytes(bytesSize); + reply.WriteBuffer(bytes.data(), bytes.size()); + int handle = provider.ConsumeIntegral(); + DBinderNegotiationData binderData; + proxy->GetDBinderNegotiationData(handle, reply, binderData); +} + +void GetDBinderNegotiationDataFuzzTest002(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + proxy->dbinderData_ = std::make_unique(sizeof(dbinder_negotiation_data)); + DBinderNegotiationData binderData; + proxy->GetDBinderNegotiationData(binderData); +} + +void GetDBinderNegotiationDataFuzzTest003(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + DBinderNegotiationData binderData; + proxy->dbinderData_ = std::make_unique(sizeof(dbinder_negotiation_data)); + if (proxy->dbinderData_ == nullptr) { + return; + } + auto data = reinterpret_cast(proxy->dbinderData_.get()); + strncpy_s(data->target_name, sizeof(data->target_name), "DBinder1_1", sizeof("DBinder1_1") - 1); + proxy->GetDBinderNegotiationData(binderData); +} + +void GetDBinderNegotiationDataFuzzTest004(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + MessageParcel reply; + uint64_t stubIndex = provider.ConsumeIntegral(); + std::string peerServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string peerDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string localDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string localServiceName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + uint32_t peerTokenId = provider.ConsumeIntegral(); + reply.WriteUint64(stubIndex); + reply.WriteString(peerServiceName); + reply.WriteString(peerDeviceId); + reply.WriteString(localDeviceId); + reply.WriteString(localServiceName); + reply.WriteUint32(peerTokenId); + int handle = provider.ConsumeIntegral(); + DBinderNegotiationData binderData; + proxy->GetDBinderNegotiationData(handle, reply, binderData); +} + +void AddDeathRecipientFuzzTest(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + proxy->AddDeathRecipient(nullptr); + sptr recipient = sptr::MakeSptr(); + if (recipient == nullptr) { + return; + } + proxy->AddDeathRecipient(recipient); + proxy->SetObjectDied(true); + proxy->AddDeathRecipient(recipient); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::GetDBinderNegotiationDataFuzzTest001(provider); + OHOS::GetDBinderNegotiationDataFuzzTest002(provider); + OHOS::GetDBinderNegotiationDataFuzzTest003(provider); + OHOS::GetDBinderNegotiationDataFuzzTest004(provider); + OHOS::AddDeathRecipientFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy004_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/BUILD.gn similarity index 87% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/BUILD.gn index 4cba9d7e..e1d195f5 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/BUILD.gn @@ -16,19 +16,21 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubNew001FuzzTest") { +ohos_fuzztest("IPCObjectProxy005FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstubnew001_fuzzer" + fuzz_config_file = "../ipcobjectproxy005_fuzzer" + include_dirs = [ "../include" ] - sources = [ "ipcobjectstubnew001_fuzzer.cpp" ] - deps = [ "../../../../../../../../test:ipc_single_test_static" ] + sources = [ "ipcobjectproxy005_fuzzer.cpp" ] defines = [ "private = public", "protected = public", ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + external_deps = [ "c_utils:utils", "hilog:libhilog", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/ipcobjectproxy005_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/ipcobjectproxy005_fuzzer.cpp new file mode 100644 index 00000000..8a3243c1 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/ipcobjectproxy005_fuzzer.cpp @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +void RemoveDeathRecipientFuzzTest(FuzzedDataProvider &provider) +{ + sptr proxy = CreateIPCObjectProxy(provider); + if (proxy == nullptr) { + return; + } + proxy->RemoveDeathRecipient(nullptr); + sptr recipient = nullptr; + sptr info = + sptr::MakeSptr(recipient); + recipient = sptr::MakeSptr(); + if (recipient == nullptr) { + return; + } + info = sptr::MakeSptr(recipient); + if (info == nullptr) { + return; + } + proxy->recipients_.push_back(info); + proxy->RemoveDeathRecipient(recipient); + proxy->SetObjectDied(true); + proxy->RemoveDeathRecipient(recipient); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::RemoveDeathRecipientFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy005_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/BUILD.gn new file mode 100644 index 00000000..59189334 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/BUILD.gn @@ -0,0 +1,38 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectProxy006FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectproxy006_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ "../include" ] + + sources = [ "ipcobjectproxy006_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/ipcobjectproxy006_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/ipcobjectproxy006_fuzzer.cpp new file mode 100644 index 00000000..196722e3 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/ipcobjectproxy006_fuzzer.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectproxy_fuzzer.h" + +namespace OHOS { +IPCObjectProxy* CreateIPCObjectProxy(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return nullptr; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + int32_t handle = parcel.ReadInt32(); + int32_t proto = parcel.ReadInt32(); + size_t length = parcel.GetReadableBytes(); + if (length == 0) { + return nullptr; + } + const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); + if (bufData == nullptr) { + return nullptr; + } + std::string descriptor_str(bufData, length); + std::u16string descriptor(descriptor_str.begin(), descriptor_str.end()); + IPCObjectProxy *proxy = new IPCObjectProxy(handle, descriptor, proto); + return proxy; +} + +void GetSessionNameForPidUidFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel data_parcel; + data_parcel.WriteBuffer(data, size); + uint32_t uid = data_parcel.ReadUint32(); + uint32_t pid = data_parcel.ReadUint32(); + proxy->GetSessionNameForPidUid(uid, pid); + delete proxy; +} + +void RemoveSessionNameFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + size_t length = parcel.GetReadableBytes(); + if (length == 0) { + delete proxy; + return; + } + const char *bufData = reinterpret_cast(parcel.ReadBuffer(length)); + if (bufData == nullptr) { + delete proxy; + return; + } + std::string sessionName(bufData, length); + proxy->RemoveSessionName(sessionName); + delete proxy; +} + +void SetObjectDiedFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + IPCObjectProxy *proxy = CreateIPCObjectProxy(data, size); + if (proxy == nullptr) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + bool isDied = parcel.ReadBool(); + proxy->SetObjectDied(isDied); + delete proxy; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::GetSessionNameForPidUidFuzzTest(data, size); + OHOS::RemoveSessionNameFuzzTest(data, size); + OHOS::SetObjectDiedFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectproxy/ipcobjectproxy006_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/BUILD.gn new file mode 100644 index 00000000..232d45a3 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/BUILD.gn @@ -0,0 +1,27 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##############################fuzztest########################################## +group("ipcobjectstubfuzz") { + testonly = true + deps = [ + "ipcobjectstub001_fuzzer:IPCObjectStub001FuzzTest", + "ipcobjectstub002_fuzzer:IPCObjectStub002FuzzTest", + "ipcobjectstub003_fuzzer:IPCObjectStub003FuzzTest", + "ipcobjectstub004_fuzzer:IPCObjectStub004FuzzTest", + "ipcobjectstub005_fuzzer:IPCObjectStub005FuzzTest", + "ipcobjectstub006_fuzzer:IPCObjectStub006FuzzTest", + "ipcobjectstub007_fuzzer:IPCObjectStub007FuzzTest", + "ipcobjectstub008_fuzzer:IPCObjectStub008FuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/include/ipcobjectstub_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/include/ipcobjectstub_fuzzer.h new file mode 100644 index 00000000..d2936961 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/include/ipcobjectstub_fuzzer.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef IPCOBJECTSTUB_FUZZER_H +#define IPCOBJECTSTUB_FUZZER_H + +#include "ipc_object_stub.h" +#include "ipc_process_skeleton.h" +#include "ipc_skeleton.h" +#include "ipcobjectstub_fuzzer.h" +#include "message_parcel.h" +#include "process_skeleton.h" +#include + +namespace OHOS { + +static constexpr size_t STR_MAX_LEN = 100; + +sptr CreateIPCObjectStub(FuzzedDataProvider &provider) +{ + std::string descriptor = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::u16string descriptor16(descriptor.begin(), descriptor.end()); + bool serialInvokeFlag = provider.ConsumeBool(); + return sptr::MakeSptr(descriptor16, serialInvokeFlag); +} +} // namespace OHOS + +#define FUZZ_PROJECT_NAME "ipcobjectstub_fuzzer" + +#endif // IPCOBJECTSTUB_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/BUILD.gn similarity index 76% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/BUILD.gn index a3df5f15..31ca6ccd 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/BUILD.gn @@ -16,17 +16,23 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectProxyFuzzTest") { +ohos_fuzztest("IPCObjectStub001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectproxy_fuzzer" + fuzz_config_file = "../ipcobjectstub001_fuzzer" cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "ipcobjectproxy_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub001_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/ipcobjectstub001_fuzzer.cpp similarity index 54% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/ipcobjectstub001_fuzzer.cpp index 6c7df7ad..231b6ffa 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/ipcobjectstub001_fuzzer.cpp @@ -13,10 +13,7 @@ * limitations under the License. */ -#include #include "ipcobjectstub_fuzzer.h" -#include "ipc_object_stub.h" -#include "message_parcel.h" namespace OHOS { void IPCObjectStubFuzzTest(const uint8_t *data, size_t size) @@ -106,97 +103,6 @@ void ProcessProtoFuzzTest(const uint8_t *data, size_t size) IPCObjectStub ipcObjectStub; ipcObjectStub.ProcessProto(code, parcel, reply, option); } - -void SetRequestSidFlagFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - bool flag = parcel.ReadBool(); - IPCObjectStub ipcObjectStub; - ipcObjectStub.SetRequestSidFlag(flag); -} - -void GetAndSaveDBinderDataFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - pid_t pid = parcel.ReadInt32(); - uid_t uid = parcel.ReadInt32(); - IPCObjectStub ipcObjectStub; - ipcObjectStub.GetAndSaveDBinderData(pid, uid); -} - -void InvokerThreadFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - uint32_t code = parcel.ReadUint32(); - MessageOption option; - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.InvokerThread(code, parcel, reply, option); -} - -void NoticeServiceDieFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - MessageOption option; - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.NoticeServiceDie(parcel, reply, option); -} - -void InvokerDataBusThreadFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.InvokerDataBusThread(parcel, reply); -} - -void AddAuthInfoFuzzTest(const uint8_t *data, size_t size) -{ - if (data == nullptr || size == 0) { - return; - } - MessageParcel parcel; - parcel.WriteBuffer(data, size); - uint32_t code = parcel.ReadUint32(); - MessageParcel reply; - IPCObjectStub ipcObjectStub; - ipcObjectStub.AddAuthInfo(parcel, reply, code); -} - -void OnRemoteDumpFuzzTest(FuzzedDataProvider &provider) -{ - uint32_t code = provider.ConsumeIntegral(); - MessageParcel parcel; - size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); - std::vector bytes = provider.ConsumeBytes(bytesSize); - parcel.WriteBuffer(bytes.data(), bytes.size()); - parcel.WriteFileDescriptor(-1); - MessageParcel reply; - MessageOption option; - IPCObjectStub ipcObjectStub; - ipcObjectStub.OnRemoteDump(code, parcel, reply, option); -} } // namespace OHOS /* Fuzzer entry point */ @@ -208,14 +114,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::OnRemoteRequestFuzzTest(data, size); OHOS::OnRemoteDumpFuzzTest(data, size); OHOS::ProcessProtoFuzzTest(data, size); - OHOS::SetRequestSidFlagFuzzTest(data, size); - OHOS::GetAndSaveDBinderDataFuzzTest(data, size); - OHOS::InvokerThreadFuzzTest(data, size); - OHOS::NoticeServiceDieFuzzTest(data, size); - OHOS::InvokerDataBusThreadFuzzTest(data, size); - OHOS::AddAuthInfoFuzzTest(data, size); - - FuzzedDataProvider provider(data, size); - OHOS::OnRemoteDumpFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub001_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/BUILD.gn similarity index 76% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/BUILD.gn index 22ba81eb..9116aafd 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/BUILD.gn @@ -16,17 +16,23 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("IPCObjectStubFuzzTest") { +ohos_fuzztest("IPCObjectStub002FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../ipcobjectstub_fuzzer" + fuzz_config_file = "../ipcobjectstub002_fuzzer" cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "ipcobjectstub_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub002_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/corpus/init similarity index 80% rename from test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/corpus/init index e1deb42d..7ade8a0f 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstub_fuzzer/ipcobjectstub_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTSTUB_FUZZER_H -#define IPCOBJECTSTUB_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectstub_fuzzer" - -#endif // IPCOBJECTSTUB_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/ipcobjectstub002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/ipcobjectstub002_fuzzer.cpp new file mode 100644 index 00000000..689cba1e --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/ipcobjectstub002_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstub_fuzzer.h" + +namespace OHOS { +void SetRequestSidFlagFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + bool flag = parcel.ReadBool(); + IPCObjectStub ipcObjectStub; + ipcObjectStub.SetRequestSidFlag(flag); +} + +void GetAndSaveDBinderDataFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + pid_t pid = parcel.ReadInt32(); + uid_t uid = parcel.ReadInt32(); + IPCObjectStub ipcObjectStub; + ipcObjectStub.GetAndSaveDBinderData(pid, uid); +} + +void InvokerThreadFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + uint32_t code = parcel.ReadUint32(); + MessageOption option; + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.InvokerThread(code, parcel, reply, option); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::SetRequestSidFlagFuzzTest(data, size); + OHOS::GetAndSaveDBinderDataFuzzTest(data, size); + OHOS::InvokerThreadFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub002_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/BUILD.gn new file mode 100644 index 00000000..8d3ec7c2 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub003FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub003_fuzzer" + + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub003_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/corpus/init similarity index 80% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/corpus/init index 083011b1..7ade8a0f 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxy_fuzzer/ipcobjectproxy_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTPROXY_FUZZER_H -#define IPCOBJECTPROXY_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectproxy_fuzzer" - -#endif // IPCOBJECTPROXY_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/ipcobjectstub003_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/ipcobjectstub003_fuzzer.cpp new file mode 100644 index 00000000..501ef9ac --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/ipcobjectstub003_fuzzer.cpp @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstub_fuzzer.h" + +namespace OHOS { +void NoticeServiceDieFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + MessageOption option; + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.NoticeServiceDie(parcel, reply, option); +} + +void InvokerDataBusThreadFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.InvokerDataBusThread(parcel, reply); +} + +void AddAuthInfoFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size == 0) { + return; + } + MessageParcel parcel; + parcel.WriteBuffer(data, size); + uint32_t code = parcel.ReadUint32(); + MessageParcel reply; + IPCObjectStub ipcObjectStub; + ipcObjectStub.AddAuthInfo(parcel, reply, code); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::NoticeServiceDieFuzzTest(data, size); + OHOS::InvokerDataBusThreadFuzzTest(data, size); + OHOS::AddAuthInfoFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub003_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/BUILD.gn new file mode 100644 index 00000000..e14a120a --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub004FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub004_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub004_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/corpus/init similarity index 79% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/corpus/init index 7f0db5bb..7ade8a0f 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/include/ipcobjectstubnew_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTSTUBNEW_FUZZER_H -#define IPCOBJECTSTUBNEW_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectstubnew_fuzzer" - -#endif // IPCOBJECTSTUBNEW_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/ipcobjectstub004_fuzzer.cpp similarity index 84% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/ipcobjectstub004_fuzzer.cpp index 833e9fdd..014a1b01 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew002_fuzzer/ipcobjectstubnew002_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/ipcobjectstub004_fuzzer.cpp @@ -13,23 +13,9 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) -{ - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); -} - void DBinderIncRefsTransactionFuzzTest(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub004_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/BUILD.gn new file mode 100644 index 00000000..2d8b76d2 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub005FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub005_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub005_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.h b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/corpus/init similarity index 79% rename from test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.h rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/corpus/init index 230ae995..7ade8a0f 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectproxynew_fuzzer/ipcobjectproxynew_fuzzer.h +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/corpus/init @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef IPCOBJECTPROXYNEW_FUZZER_H -#define IPCOBJECTPROXYNEW_FUZZER_H - -#define FUZZ_PROJECT_NAME "ipcobjectproxynew_fuzzer" - -#endif // IPCOBJECTPROXYNEW_FUZZER_H \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/ipcobjectstub005_fuzzer.cpp similarity index 84% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/ipcobjectstub005_fuzzer.cpp index 84ede2a0..1f812fbd 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew003_fuzzer/ipcobjectstubnew003_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/ipcobjectstub005_fuzzer.cpp @@ -13,23 +13,9 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) -{ - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); -} - void DBinderGetPidUidFuzzTest(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub005_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/BUILD.gn new file mode 100644 index 00000000..14c985a0 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub006FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub006_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub006_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/ipcobjectstub006_fuzzer.cpp similarity index 46% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/ipcobjectstub006_fuzzer.cpp index a2dbc740..94ba2bc5 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew004_fuzzer/ipcobjectstubnew004_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/ipcobjectstub006_fuzzer.cpp @@ -13,24 +13,27 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) +void GetSessionNameForPidUidFuzzTest001(FuzzedDataProvider &provider) { - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + uint32_t code = provider.ConsumeIntegral(); + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t pid = IPCSkeleton::GetCallingPid(); + uint32_t uid = IPCSkeleton::GetCallingUid(); + data.WriteUint32(pid); + data.WriteUint32(uid); + ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); } -void GetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) +void GetSessionNameForPidUidFuzzTest002(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); if (ipcObjectStub == nullptr) { @@ -40,11 +43,35 @@ void GetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) MessageParcel data; MessageParcel reply; MessageOption option; + uint32_t pid = provider.ConsumeIntegral(); + uint32_t uid = provider.ConsumeIntegral(); + data.WriteUint32(pid); + data.WriteUint32(uid); + ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); +} + +void DBinderGetSessionNameForPidUidFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + MessageOption option; + uint32_t code = provider.ConsumeIntegral(); uint32_t pid = IPCSkeleton::GetCallingPid(); uint32_t uid = IPCSkeleton::GetCallingUid(); data.WriteUint32(pid); data.WriteUint32(uid); - ipcObjectStub->GetSessionNameForPidUid(code, data, reply, option); + ipcObjectStub->DBinderGetSessionNameForPidUid(code, data, reply, option); + auto instance = ProcessSkeleton::GetInstance(); + if (instance == nullptr) { + return; + } + instance->SetSamgrFlag(true); + ipcObjectStub->DBinderGetSessionNameForPidUid(code, data, reply, option); + instance->SetSamgrFlag(false); } void CreateSessionNameFuzzTest(FuzzedDataProvider &provider) @@ -70,6 +97,29 @@ void RemoveSessionNameFuzzTest(FuzzedDataProvider &provider) data.WriteBuffer(bytes.data(), bytes.size()); ipcObjectStub->RemoveSessionName(data); } + +void InvokerDataBusThreadFuzzTest(FuzzedDataProvider &provider) +{ + sptr ipcObjectStub = CreateIPCObjectStub(provider); + if (ipcObjectStub == nullptr) { + return; + } + MessageParcel data; + MessageParcel reply; + std::string deviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + uint32_t remotePid = IPCSkeleton::GetCallingPid(); + uint32_t remoteUid = IPCSkeleton::GetCallingUid(); + std::string remoteDeviceId = provider.ConsumeRandomLengthString(STR_MAX_LEN); + std::string sessionName = provider.ConsumeRandomLengthString(STR_MAX_LEN); + uint32_t remoteTokenId = provider.ConsumeIntegral(); + data.WriteString(deviceId); + data.WriteUint32(remotePid); + data.WriteUint32(remoteUid); + data.WriteString(remoteDeviceId); + data.WriteString(sessionName); + data.WriteUint32(remoteTokenId); + ipcObjectStub->InvokerDataBusThread(data, reply); +} } // namespace OHOS /* Fuzzer entry point */ @@ -77,8 +127,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ FuzzedDataProvider provider(data, size); - OHOS::GetSessionNameForPidUidFuzzTest(provider); + OHOS::GetSessionNameForPidUidFuzzTest001(provider); + OHOS::GetSessionNameForPidUidFuzzTest002(provider); OHOS::CreateSessionNameFuzzTest(provider); OHOS::RemoveSessionNameFuzzTest(provider); + OHOS::DBinderGetSessionNameForPidUidFuzzTest(provider); return 0; } diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub006_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/BUILD.gn new file mode 100644 index 00000000..327e2661 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub007FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub007_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub007_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/ipcobjectstub007_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/ipcobjectstub007_fuzzer.cpp new file mode 100644 index 00000000..e53be176 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/ipcobjectstub007_fuzzer.cpp @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcobjectstub_fuzzer.h" + +namespace OHOS { +void NoticeServiceDieFuzzTest(FuzzedDataProvider &provider) +{ + int handle = provider.ConsumeIntegral(); + sptr ipcObjectStub = CreateIPCObjectStub(provider); + sptr ipcObjectProxy = sptr::MakeSptr(handle); + IPCProcessSkeleton *current = IPCProcessSkeleton::GetCurrent(); + if (ipcObjectStub == nullptr || current == nullptr || ipcObjectProxy == nullptr) { + return; + } + current->AttachCallbackStub(ipcObjectProxy.GetRefPtr(), ipcObjectStub); + MessageParcel data; + MessageParcel reply; + MessageOption option; + ipcObjectStub->NoticeServiceDie(data, reply, option); +} + +void OnRemoteDumpFuzzTest(FuzzedDataProvider &provider) +{ + uint32_t code = provider.ConsumeIntegral(); + MessageParcel parcel; + size_t bytesSize = provider.ConsumeIntegralInRange(1, 50); + std::vector bytes = provider.ConsumeBytes(bytesSize); + parcel.WriteBuffer(bytes.data(), bytes.size()); + parcel.WriteFileDescriptor(-1); + MessageParcel reply; + MessageOption option; + IPCObjectStub ipcObjectStub; + ipcObjectStub.OnRemoteDump(code, parcel, reply, option); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::NoticeServiceDieFuzzTest(provider); + OHOS::OnRemoteDumpFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub007_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/BUILD.gn new file mode 100644 index 00000000..6f0ae6cc --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/BUILD.gn @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("IPCObjectStub008FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcobjectstub008_fuzzer" + + include_dirs = [ + "../include", + "../../../../../../../../utils/include", + ] + + sources = [ "ipcobjectstub008_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + defines = [ + "private = public", + "protected = public", + ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/ipcobjectstub008_fuzzer.cpp similarity index 84% rename from test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/ipcobjectstub008_fuzzer.cpp index e2618e3b..5aafb181 100644 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/ipcobjectstubnew001_fuzzer/ipcobjectstubnew001_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/ipcobjectstub008_fuzzer.cpp @@ -13,23 +13,9 @@ * limitations under the License. */ -#include "ipcobjectstubnew_fuzzer.h" -#include "ipc_object_stub.h" -#include "ipc_skeleton.h" -#include "message_parcel.h" -#include +#include "ipcobjectstub_fuzzer.h" namespace OHOS { -static constexpr uint32_t MAX_STRING_LEN = 100; - -sptr CreateIPCObjectStub(FuzzedDataProvider &provider) -{ - std::string descriptor = provider.ConsumeRandomLengthString(MAX_STRING_LEN); - std::u16string descriptor16(descriptor.begin(), descriptor.end()); - bool serialInvokeFlag = provider.ConsumeBool(); - return sptr::MakeSptr(descriptor16, serialInvokeFlag); -} - void DBinderPingTransactionFuzzTest(FuzzedDataProvider &provider) { sptr ipcObjectStub = CreateIPCObjectStub(provider); diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/ipcobjectstub/ipcobjectstub008_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn b/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn deleted file mode 100644 index e07805ed..00000000 --- a/test/fuzztest/ipc/native/src/core/ipcobjectstubnew/BUILD.gn +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2025 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -group("ipcobjectstubnewfuzz") { - testonly = true - deps = [ - "ipcobjectstubnew001_fuzzer:IPCObjectStubNew001FuzzTest", - "ipcobjectstubnew002_fuzzer:IPCObjectStubNew002FuzzTest", - "ipcobjectstubnew003_fuzzer:IPCObjectStubNew003FuzzTest", - "ipcobjectstubnew004_fuzzer:IPCObjectStubNew004FuzzTest", - ] -} -- Gitee