From e4b976b00dca6bac434920f810176af0aa49b9a0 Mon Sep 17 00:00:00 2001 From: l30005037 Date: Mon, 5 May 2025 14:18:38 +0800 Subject: [PATCH 1/4] Fuzz fix Signed-off-by: l30005037 --- .../softbusadapter_fuzzer.cpp | 21 ++-- .../dataservicestub_fuzzer.cpp | 19 ++-- .../cloudservicestub_fuzzer.cpp | 19 ++-- .../datashareservicestub_fuzzer.cpp | 18 ++-- .../dumphelper_fuzzer/dumphelper_fuzzer.cpp | 15 ++- .../kvdbservicestub_fuzzer.cpp | 20 ++-- .../objectservicestub_fuzzer.cpp | 19 ++-- .../rdbresultsetstub_fuzzer.cpp | 18 ++-- .../rdbservicestub_fuzzer.cpp | 15 ++- .../udmfservice_fuzzer/udmfservice_fuzzer.cpp | 100 +++++++++--------- 10 files changed, 121 insertions(+), 143 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp b/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp index 6420589af..bd2f5f19a 100644 --- a/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp +++ b/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp @@ -13,23 +13,26 @@ * limitations under the License. */ +#include + #include "softbusadapter_fuzzer.h" #include #include -#include "softbus_adapter_standard.cpp" #include "message_parcel.h" #include "securec.h" +#include "softbus_adapter_standard.cpp" using namespace OHOS::AppDistributedKv; namespace OHOS { -bool OnBytesReceivedFuzz(const uint8_t *data, size_t size) +bool OnBytesReceivedFuzz(FuzzedDataProvider &provider) { - int connId = static_cast(*data); - unsigned int dataLen = static_cast(size); - AppDataListenerWrap::OnClientBytesReceived(connId, data, dataLen); + int connId = provider.ConsumeIntegral(); + std::vector remaining_data = provider.ConsumeRemainingBytes(); + AppDataListenerWrap::OnClientBytesReceived(connId, static_cast(remaining_data.data()), + remaining_data.size()); return true; } } // namespace OHOS @@ -37,11 +40,7 @@ bool OnBytesReceivedFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (data == nullptr) { - return 0; - } - - OHOS::OnBytesReceivedFuzz(data, size); - + FuzzedDataProvider provider(data, size); + OHOS::OnBytesReceivedFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp b/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp index e5164c942..006ae7d8b 100644 --- a/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp +++ b/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include "dataservicestub_fuzzer.h" #include @@ -26,15 +28,14 @@ using namespace OHOS::DistributedKv; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DistributedKv.IKvStoreDataService"; -const uint32_t CODE_MIN = 0; -const uint32_t CODE_MAX = 10; -bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { - uint32_t code = static_cast(*data) % (CODE_MAX - CODE_MIN + 1) + CODE_MIN; + uint32_t code = provider.ConsumeIntegral(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); - request.WriteBuffer(data, size); + std::vector remaining_data = provider.ConsumeRemainingBytes(); + request.WriteBuffer(static_cast(remaining_data.data()), remaining_data.size()); request.RewindRead(0); MessageParcel reply; MessageOption option; @@ -47,11 +48,7 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (data == nullptr) { - return 0; - } - - OHOS::OnRemoteRequestFuzz(data, size); - + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp index 1d11a9d36..e40d4b8f4 100644 --- a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include "cloudservicestub_fuzzer.h" #include @@ -32,8 +34,6 @@ namespace OHOS { constexpr int USER_ID = 100; constexpr int INST_INDEX = 0; const std::u16string INTERFACE_TOKEN = u"OHOS.CloudData.CloudServer"; -constexpr uint32_t CODE_MIN = 0; -constexpr uint32_t CODE_MAX = CloudService::TransId::TRANS_BUTT + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; @@ -65,7 +65,7 @@ void AllocAndSetHapToken() SetSelfTokenID(tokenID.tokenIDEx); } -bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { std::shared_ptr cloudServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); @@ -74,10 +74,11 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) AllocAndSetHapToken(); - uint32_t code = static_cast(*data) % (CODE_MAX - CODE_MIN + 1) + CODE_MIN; + uint32_t code = provider.ConsumeIntegral(); + std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); - request.WriteBuffer(data, size); + request.WriteBuffer(static_cast(remaining_data.data()), remaining_data.size()); request.RewindRead(0); MessageParcel reply; std::shared_ptr cloudServiceStub = cloudServiceImpl; @@ -89,11 +90,7 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (data == nullptr) { - return 0; - } - - OHOS::OnRemoteRequestFuzz(data, size); - + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp index df4f212d0..d5da9a768 100644 --- a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include "datashareservicestub_fuzzer.h" #include @@ -27,22 +29,22 @@ using namespace OHOS::DataShare; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DataShare.IDataShareService"; -constexpr uint32_t CODE_MIN = 0; -constexpr uint32_t CODE_MAX = IDataShareService::DATA_SHARE_SERVICE_CMD_MAX + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; -bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { std::shared_ptr dataShareServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); dataShareServiceImpl->OnBind( { "DataShareServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - uint32_t code = static_cast(*data) % (CODE_MAX - CODE_MIN + 1) + CODE_MIN; + + uint32_t code = provider.ConsumeIntegral(); + std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); - request.WriteBuffer(data, size); + request.WriteBuffer(static_cast(remaining_data.data()), remaining_data.size()); request.RewindRead(0); MessageParcel reply; std::shared_ptr dataShareServiceStub = dataShareServiceImpl; @@ -54,11 +56,7 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (data == nullptr) { - return 0; - } - + FuzzedDataProvider provider(data, size); OHOS::OnRemoteRequestFuzz(data, size); - return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/dumphelper_fuzzer/dumphelper_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/dumphelper_fuzzer/dumphelper_fuzzer.cpp index b8ff95c41..c4033acff 100644 --- a/services/distributeddataservice/service/test/fuzztest/dumphelper_fuzzer/dumphelper_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/dumphelper_fuzzer/dumphelper_fuzzer.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include "dumphelper_fuzzer.h" #include @@ -30,16 +32,15 @@ using namespace OHOS::Security::AccessToken; namespace OHOS { -bool DumpFuzz(const uint8_t *data, size_t size) +bool DumpFuzz(FuzzedDataProvider &provider) { - int connId = static_cast(*data); + int connId = provider.ConsumeIntegral(); std::vector args; const std::string argstest1 = "OHOS.DistributedData.DumpHelper1"; const std::string argstest2 = "OHOS.DistributedData.DumpHelper2"; args.emplace_back(argstest1); args.emplace_back(argstest2); DumpHelper::GetInstance().Dump(connId, args); - return true; } } // namespace OHOS @@ -47,11 +48,7 @@ bool DumpFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (data == nullptr) { - return 0; - } - - OHOS::DumpFuzz(data, size); - + FuzzedDataProvider provider(data, size); + OHOS::DumpFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp index 09829930b..c13abaefc 100644 --- a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp @@ -12,6 +12,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + +#include + #include "kvdbservicestub_fuzzer.h" #include @@ -28,12 +31,10 @@ using namespace OHOS::DistributedKv; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DistributedKv.KVFeature"; -constexpr uint32_t CODE_MIN = 0; -constexpr uint32_t CODE_MAX = static_cast(KVDBServiceInterfaceCode::TRANS_BUTT) + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; -bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { std::shared_ptr kvdbServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); @@ -45,10 +46,11 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) Bootstrap::GetInstance().LoadCheckers(); Bootstrap::GetInstance().LoadNetworks(); - uint32_t code = static_cast(*data) % (CODE_MAX - CODE_MIN + 1) + CODE_MIN; + uint32_t code = provider.ConsumeIntegral(); + std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); - request.WriteBuffer(data, size); + request.WriteBuffer(static_cast(remaining_data.data()), remaining_data.size()); request.RewindRead(0); MessageParcel reply; std::shared_ptr kvdbServiceStub = kvdbServiceImpl; @@ -60,11 +62,7 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (data == nullptr) { - return 0; - } - - OHOS::OnRemoteRequestFuzz(data, size); - + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp index 24ce52ba6..123d71837 100644 --- a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include "objectservicestub_fuzzer.h" #include @@ -27,22 +29,21 @@ using namespace OHOS::DistributedObject; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DistributedObject.IObjectService"; -constexpr uint32_t CODE_MIN = 0; -constexpr uint32_t CODE_MAX = static_cast(ObjectCode::OBJECTSTORE_SERVICE_CMD_MAX) + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; -bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { std::shared_ptr objectServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); objectServiceImpl->OnBind( { "ObjectServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - uint32_t code = static_cast(*data) % (CODE_MAX - CODE_MIN + 1) + CODE_MIN; + uint32_t code = provider.ConsumeIntegral(); + std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); - request.WriteBuffer(data, size); + request.WriteBuffer(static_cast(remaining_data.data()), remaining_data.size()); request.RewindRead(0); MessageParcel reply; std::shared_ptr objectServiceStub = objectServiceImpl; @@ -54,11 +55,7 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (data == nullptr) { - return 0; - } - - OHOS::OnRemoteRequestFuzz(data, size); - + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp index 14d6d1c69..dc9ce4447 100644 --- a/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp @@ -13,29 +13,28 @@ * limitations under the License. */ -#include "rdbresultsetstub_fuzzer.h" - #include +#include "rdbresultsetstub_fuzzer.h" + #include #include #include -#include "message_parcel.h" #include "rdb_result_set_impl.h" #include "rdb_result_set_stub.h" -#include "securec.h" +#include "message_parcel.h" #include "store/cursor.h" +#include "securec.h" using namespace OHOS::DistributedRdb; + namespace OHOS { -using Code = NativeRdb::RemoteResultSet::Code; const std::u16string INTERFACE_TOKEN = u"OHOS::NativeRdb.IResultSet"; -bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { - FuzzedDataProvider provider(data, size); - uint32_t code = provider.ConsumeIntegralInRange(0, Code::CMD_MAX); + uint32_t code = provider.ConsumeIntegral(); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); @@ -54,6 +53,7 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - OHOS::OnRemoteRequestFuzz(data, size); + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/rdbservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/rdbservicestub_fuzzer.cpp index 60767879a..e4df81ba2 100644 --- a/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/rdbservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/rdbservicestub_fuzzer/rdbservicestub_fuzzer.cpp @@ -13,16 +13,16 @@ * limitations under the License. */ -#include "rdbservicestub_fuzzer.h" - #include +#include "rdbservicestub_fuzzer.h" + #include #include #include "ipc_skeleton.h" -#include "message_parcel.h" #include "rdb_service_impl.h" +#include "message_parcel.h" #include "securec.h" using namespace OHOS::DistributedRdb; @@ -32,16 +32,14 @@ const std::u16string INTERFACE_TOKEN = u"OHOS.DistributedRdb.IRdbService"; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; -bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { std::shared_ptr rdbServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); rdbServiceImpl->OnBind( { "RdbServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - FuzzedDataProvider provider(data, size); - uint32_t code = - provider.ConsumeIntegralInRange(0, static_cast(RdbServiceCode::RDB_SERVICE_CMD_MAX)); + uint32_t code = provider.ConsumeIntegral(); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); @@ -57,6 +55,7 @@ bool OnRemoteRequestFuzz(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - OHOS::OnRemoteRequestFuzz(data, size); + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestFuzz(provider); return 0; } \ No newline at end of file diff --git a/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp index 1d5b03a1a..dda78ef65 100644 --- a/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include "udmfservice_fuzzer.h" #include "accesstoken_kit.h" @@ -29,19 +31,16 @@ using namespace OHOS::UDMF; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.UDMF.UdmfService"; -constexpr uint32_t CODE_MIN = 0; -constexpr uint32_t CODE_MAX = static_cast(UdmfServiceInterfaceCode::CODE_BUTT) + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; static constexpr int ID_LEN = 32; static constexpr int MINIMUM = 48; -QueryOption GenerateFuzzQueryOption(const uint8_t* data, size_t size) +QueryOption GenerateFuzzQueryOption(FuzzedDataProvider &provider) { std::vector groupId(ID_LEN, '0'); - size_t length = groupId.size() > size ? size : groupId.size(); - for (size_t i = 0; i < length; ++i) { - groupId[i] = data[i] % MINIMUM + MINIMUM; + for (size_t i = 0; i < groupId.size(); ++i) { + groupId[i] = provider.ConsumeIntegralInRange(MINIMUM, MINIMUM); } std::string groupIdStr(groupId.begin(), groupId.end()); UnifiedKey udKey = UnifiedKey("drag", "com.test.demo", groupIdStr); @@ -52,31 +51,33 @@ QueryOption GenerateFuzzQueryOption(const uint8_t* data, size_t size) return query; } -bool OnRemoteRequestFuzz(const uint8_t* data, size_t size) +bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - uint32_t code = static_cast(*data) % (CODE_MAX - CODE_MIN + 1) + CODE_MIN; + uint32_t code = provider.ConsumeIntegral(); + std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); - request.WriteBuffer(data, size); + request.WriteBuffer(static_cast(remaining_data.data()), remaining_data.size()); request.RewindRead(0); MessageParcel reply; udmfServiceImpl->OnRemoteRequest(code, request, reply); return true; } -void SetDataFuzz(const uint8_t *data, size_t size) +void SetDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); CustomOption option1 = {.intention = Intention::UD_INTENTION_DRAG}; - std::string svalue(data, data + size); + + std::string svalue = provider.ConsumeRandomLengthString(); UnifiedData data1; std::shared_ptr obj = std::make_shared(); obj->value_[UNIFORM_DATA_TYPE] = "general.file-uri"; @@ -91,13 +92,13 @@ void SetDataFuzz(const uint8_t *data, size_t size) udmfServiceImpl->OnRemoteRequest(static_cast(UdmfServiceInterfaceCode::SET_DATA), request, reply); } -void GetDataFuzz(const uint8_t *data, size_t size) +void GetDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); + QueryOption query = GenerateFuzzQueryOption(provider); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); ITypesUtil::Marshal(request, query); @@ -105,13 +106,13 @@ void GetDataFuzz(const uint8_t *data, size_t size) udmfServiceImpl->OnRemoteRequest(static_cast(UdmfServiceInterfaceCode::GET_DATA), request, reply); } -void GetBatchDataFuzz(const uint8_t *data, size_t size) +void GetBatchDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); + QueryOption query = GenerateFuzzQueryOption(provider); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); ITypesUtil::Marshal(request, query); @@ -119,14 +120,14 @@ void GetBatchDataFuzz(const uint8_t *data, size_t size) udmfServiceImpl->OnRemoteRequest(static_cast(UdmfServiceInterfaceCode::GET_BATCH_DATA), request, reply); } -void UpdateDataFuzz(const uint8_t *data, size_t size) +void UpdateDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); - std::string svalue(data, data + size); + QueryOption query = GenerateFuzzQueryOption(provider); + std::string svalue = provider.ConsumeRandomLengthString(); UnifiedData data1; std::shared_ptr obj = std::make_shared(); obj->value_[UNIFORM_DATA_TYPE] = "general.file-uri"; @@ -141,13 +142,13 @@ void UpdateDataFuzz(const uint8_t *data, size_t size) udmfServiceImpl->OnRemoteRequest(static_cast(UdmfServiceInterfaceCode::UPDATE_DATA), request, reply); } -void DeleteDataFuzz(const uint8_t *data, size_t size) +void DeleteDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); + QueryOption query = GenerateFuzzQueryOption(provider); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); ITypesUtil::Marshal(request, query); @@ -155,13 +156,13 @@ void DeleteDataFuzz(const uint8_t *data, size_t size) udmfServiceImpl->OnRemoteRequest(static_cast(UdmfServiceInterfaceCode::DELETE_DATA), request, reply); } -void GetSummaryFuzz(const uint8_t *data, size_t size) +void GetSummaryFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); + QueryOption query = GenerateFuzzQueryOption(provider); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); ITypesUtil::Marshal(request, query); @@ -169,13 +170,13 @@ void GetSummaryFuzz(const uint8_t *data, size_t size) udmfServiceImpl->OnRemoteRequest(static_cast(UdmfServiceInterfaceCode::GET_SUMMARY), request, reply); } -void AddPrivilegeDataFuzz(const uint8_t *data, size_t size) +void AddPrivilegeDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); + QueryOption query = GenerateFuzzQueryOption(provider); Privilege privilege = { .tokenId = 1, @@ -191,13 +192,13 @@ void AddPrivilegeDataFuzz(const uint8_t *data, size_t size) request, replyUpdate); } -void SyncDataFuzz(const uint8_t *data, size_t size) +void SyncDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); + QueryOption query = GenerateFuzzQueryOption(provider); std::vector devices = { "11", "22" }; MessageParcel requestUpdate; requestUpdate.WriteInterfaceToken(INTERFACE_TOKEN); @@ -207,13 +208,13 @@ void SyncDataFuzz(const uint8_t *data, size_t size) requestUpdate, replyUpdate); } -void IsRemoteDataFuzz(const uint8_t *data, size_t size) +void IsRemoteDataFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - QueryOption query = GenerateFuzzQueryOption(data, size); + QueryOption query = GenerateFuzzQueryOption(provider); MessageParcel requestUpdate; requestUpdate.WriteInterfaceToken(INTERFACE_TOKEN); ITypesUtil::Marshal(requestUpdate, query); @@ -222,16 +223,15 @@ void IsRemoteDataFuzz(const uint8_t *data, size_t size) requestUpdate, replyUpdate); } -void ObtainAsynProcessFuzz(const uint8_t *data, size_t size) +void ObtainAsynProcessFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); std::vector groupId(ID_LEN, '0'); - size_t length = groupId.size() > size ? size : groupId.size(); - for (size_t i = 0; i < length; ++i) { - groupId[i] = data[i] % MINIMUM + MINIMUM; + for (size_t i = 0; i < groupId.size(); ++i) { + groupId[i] = provider.ConsumeIntegralInRange(MINIMUM, MINIMUM); } std::string businessUdKey(groupId.begin(), groupId.end()); AsyncProcessInfo processInfo = { @@ -245,16 +245,15 @@ void ObtainAsynProcessFuzz(const uint8_t *data, size_t size) requestUpdate, replyUpdate); } -void ClearAsynProcessFuzz(const uint8_t *data, size_t size) +void ClearAsynProcessFuzz(FuzzedDataProvider &provider) { std::shared_ptr udmfServiceImpl = std::make_shared(); std::shared_ptr executor = std::make_shared(NUM_MAX, NUM_MIN); udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); std::vector groupId(ID_LEN, '0'); - size_t length = groupId.size() > size ? size : groupId.size(); - for (size_t i = 0; i < length; ++i) { - groupId[i] = data[i] % MINIMUM + MINIMUM; + for (size_t i = 0; i < groupId.size(); ++i) { + groupId[i] = provider.ConsumeIntegralInRange(MINIMUM, MINIMUM); } std::string businessUdKey(groupId.begin(), groupId.end()); MessageParcel requestUpdate; @@ -278,25 +277,22 @@ extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (data == nullptr) { - return 0; - } - - OHOS::OnRemoteRequestFuzz(data, size); - OHOS::SetDataFuzz(data, size); - OHOS::GetDataFuzz(data, size); + FuzzedDataProvider provider(data, size); + OHOS::OnRemoteRequestFuzz(provider); + OHOS::SetDataFuzz(provider); + OHOS::GetDataFuzz(provider); - OHOS::GetBatchDataFuzz(data, size); - OHOS::UpdateDataFuzz(data, size); - OHOS::DeleteDataFuzz(data, size); + OHOS::GetBatchDataFuzz(provider); + OHOS::UpdateDataFuzz(provider); + OHOS::DeleteDataFuzz(provider); - OHOS::GetSummaryFuzz(data, size); - OHOS::AddPrivilegeDataFuzz(data, size); - OHOS::SyncDataFuzz(data, size); + OHOS::GetSummaryFuzz(provider); + OHOS::AddPrivilegeDataFuzz(provider); + OHOS::SyncDataFuzz(provider); - OHOS::IsRemoteDataFuzz(data, size); - OHOS::ObtainAsynProcessFuzz(data, size); - OHOS::ClearAsynProcessFuzz(data, size); + OHOS::IsRemoteDataFuzz(provider); + OHOS::ObtainAsynProcessFuzz(provider); + OHOS::ClearAsynProcessFuzz(provider); return 0; } \ No newline at end of file -- Gitee From 9cf3fd1d8801573c7ea83c1a940af92393a0bbc4 Mon Sep 17 00:00:00 2001 From: l30005037 Date: Mon, 5 May 2025 14:45:41 +0800 Subject: [PATCH 2/4] Fuzz fix Signed-off-by: l30005037 --- .../fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp | 2 +- .../datashareservicestub_fuzzer.cpp | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp b/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp index bd2f5f19a..6b4d8d490 100644 --- a/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp +++ b/services/distributeddataservice/adapter/communicator/test/fuzztest/softbusadapter_fuzzer/softbusadapter_fuzzer.cpp @@ -27,7 +27,7 @@ using namespace OHOS::AppDistributedKv; namespace OHOS { -bool OnBytesReceivedFuzz(FuzzedDataProvider &provider) +bool OnBytesReceivedFuzz(FuzzedDataProvider &provider) { int connId = provider.ConsumeIntegral(); std::vector remaining_data = provider.ConsumeRemainingBytes(); diff --git a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp index d5da9a768..07764e369 100644 --- a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp @@ -39,7 +39,6 @@ bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) dataShareServiceImpl->OnBind( { "DataShareServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - uint32_t code = provider.ConsumeIntegral(); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; @@ -57,6 +56,6 @@ bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider provider(data, size); - OHOS::OnRemoteRequestFuzz(data, size); + OHOS::OnRemoteRequestFuzz(provider); return 0; } \ No newline at end of file -- Gitee From 53612d7e6513317da25bffa4ab03117aaf2e8a1d Mon Sep 17 00:00:00 2001 From: l30005037 Date: Mon, 5 May 2025 16:42:24 +0800 Subject: [PATCH 3/4] Fuzz fix Signed-off-by: l30005037 --- .../cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp | 4 +++- .../datashareservicestub_fuzzer.cpp | 4 +++- .../kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp | 4 +++- .../objectservicestub_fuzzer/objectservicestub_fuzzer.cpp | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp index e40d4b8f4..a05bc852f 100644 --- a/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/cloudservicestub_fuzzer/cloudservicestub_fuzzer.cpp @@ -34,6 +34,8 @@ namespace OHOS { constexpr int USER_ID = 100; constexpr int INST_INDEX = 0; const std::u16string INTERFACE_TOKEN = u"OHOS.CloudData.CloudServer"; +constexpr uint32_t CODE_MIN = 0; +constexpr uint32_t CODE_MAX = CloudService::TransId::TRANS_BUTT + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; @@ -74,7 +76,7 @@ bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) AllocAndSetHapToken(); - uint32_t code = provider.ConsumeIntegral(); + uint32_t code = provider.ConsumeIntegralInRange(CODE_MIN, CODE_MAX); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); diff --git a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp index 07764e369..6053615ea 100644 --- a/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/datashareservicestub_fuzzer/datashareservicestub_fuzzer.cpp @@ -29,6 +29,8 @@ using namespace OHOS::DataShare; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DataShare.IDataShareService"; +constexpr uint32_t CODE_MIN = 0; +constexpr uint32_t CODE_MAX = IDataShareService::DATA_SHARE_SERVICE_CMD_MAX + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; @@ -39,7 +41,7 @@ bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) dataShareServiceImpl->OnBind( { "DataShareServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - uint32_t code = provider.ConsumeIntegral(); + uint32_t code = provider.ConsumeIntegralInRange(CODE_MIN, CODE_MAX); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); diff --git a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp index c13abaefc..0603b21be 100644 --- a/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/kvdbservicestub_fuzzer/kvdbservicestub_fuzzer.cpp @@ -31,6 +31,8 @@ using namespace OHOS::DistributedKv; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DistributedKv.KVFeature"; +constexpr uint32_t CODE_MIN = 0; +constexpr uint32_t CODE_MAX = static_cast(KVDBServiceInterfaceCode::TRANS_BUTT) + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; @@ -46,7 +48,7 @@ bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) Bootstrap::GetInstance().LoadCheckers(); Bootstrap::GetInstance().LoadNetworks(); - uint32_t code = provider.ConsumeIntegral(); + uint32_t code = provider.ConsumeIntegralInRange(CODE_MIN, CODE_MAX); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); diff --git a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp index 123d71837..e78cd4fdb 100644 --- a/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/objectservicestub_fuzzer/objectservicestub_fuzzer.cpp @@ -29,6 +29,8 @@ using namespace OHOS::DistributedObject; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DistributedObject.IObjectService"; +constexpr uint32_t CODE_MIN = 0; +constexpr uint32_t CODE_MAX = static_cast(ObjectCode::OBJECTSTORE_SERVICE_CMD_MAX) + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; @@ -39,7 +41,7 @@ bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) objectServiceImpl->OnBind( { "ObjectServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - uint32_t code = provider.ConsumeIntegral(); + uint32_t code = provider.ConsumeIntegralInRange(CODE_MIN, CODE_MAX); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); -- Gitee From 1222ced105e45f6e8ce30f71a9d83c915e0c768b Mon Sep 17 00:00:00 2001 From: l30005037 Date: Mon, 5 May 2025 16:50:59 +0800 Subject: [PATCH 4/4] Fuzz fix Signed-off-by: l30005037 --- .../dataservicestub_fuzzer/dataservicestub_fuzzer.cpp | 4 +++- .../rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp | 4 +++- .../test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp b/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp index 006ae7d8b..2b2d8bfd1 100644 --- a/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp +++ b/services/distributeddataservice/app/test/fuzztest/dataservicestub_fuzzer/dataservicestub_fuzzer.cpp @@ -28,10 +28,12 @@ using namespace OHOS::DistributedKv; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.DistributedKv.IKvStoreDataService"; +const uint32_t CODE_MIN = 0; +const uint32_t CODE_MAX = 10; bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { - uint32_t code = provider.ConsumeIntegral(); + uint32_t code = provider.ConsumeIntegralInRange(CODE_MIN, CODE_MAX); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); std::vector remaining_data = provider.ConsumeRemainingBytes(); diff --git a/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp index dc9ce4447..c390660af 100644 --- a/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/rdbresultsetstub_fuzzer/rdbresultsetstub_fuzzer.cpp @@ -30,11 +30,13 @@ using namespace OHOS::DistributedRdb; namespace OHOS { +using Code = NativeRdb::RemoteResultSet::Code; const std::u16string INTERFACE_TOKEN = u"OHOS::NativeRdb.IResultSet"; bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) { - uint32_t code = provider.ConsumeIntegral(); + const int min = 0; + uint32_t code = provider.ConsumeIntegralInRange(min, Code::CMD_MAX); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); diff --git a/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp b/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp index dda78ef65..fe376bd1a 100644 --- a/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp +++ b/services/distributeddataservice/service/test/fuzztest/udmfservice_fuzzer/udmfservice_fuzzer.cpp @@ -31,6 +31,8 @@ using namespace OHOS::UDMF; namespace OHOS { const std::u16string INTERFACE_TOKEN = u"OHOS.UDMF.UdmfService"; +constexpr uint32_t CODE_MIN = 0; +constexpr uint32_t CODE_MAX = static_cast(UdmfServiceInterfaceCode::CODE_BUTT) + 1; constexpr size_t NUM_MIN = 5; constexpr size_t NUM_MAX = 12; static constexpr int ID_LEN = 32; @@ -58,7 +60,7 @@ bool OnRemoteRequestFuzz(FuzzedDataProvider &provider) udmfServiceImpl->OnBind( { "UdmfServiceStubFuzz", static_cast(IPCSkeleton::GetSelfTokenID()), std::move(executor) }); - uint32_t code = provider.ConsumeIntegral(); + uint32_t code = provider.ConsumeIntegralInRange(CODE_MIN, CODE_MAX); std::vector remaining_data = provider.ConsumeRemainingBytes(); MessageParcel request; request.WriteInterfaceToken(INTERFACE_TOKEN); -- Gitee