From 10cb6f88c6743fc9861cff9a13659bbcc42081ef Mon Sep 17 00:00:00 2001 From: l30054665 Date: Thu, 24 Jul 2025 16:51:49 +0800 Subject: [PATCH 1/6] fuzz Signed-off-by: l30054665 --- .../dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp | 54 +++++++++++++------ .../dm_negotiate_process_fuzzer.cpp | 5 ++ .../dp_init_callback_fuzzer.cpp | 7 ++- .../ipc_cmd_register_fuzzer.cpp | 5 ++ .../ipc_server_client_proxy_fuzzer.cpp | 5 +- .../ipc_server_listener_fuzzer.cpp | 5 +- .../on_softbus_device_online_fuzzer.cpp | 11 ++-- 7 files changed, 69 insertions(+), 23 deletions(-) diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp index dafa558a4..19faa0e88 100644 --- a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ +#include #include #include #include @@ -29,39 +30,58 @@ void DmAnonyousFuzzTest(const uint8_t* data, size_t size) if ((data == nullptr) || (size < sizeof(int32_t))) { return; } + FuzzedDataProvider fdp(data, size); std::vector strList; int64_t testNumber = 123; - int64_t decimal = 10; - strList.push_back("test1"); - strList.push_back("test2"); + std::string test1 = fdp.ConsumeRandomLengthString(); + std::string test2 = fdp.ConsumeRandomLengthString(); + strList.push_back(test1); + strList.push_back(test2); GetAnonyStringList(strList); std::vector intList; intList.push_back(1); GetAnonyInt32List(intList); + std::string key1 = fdp.ConsumeRandomLengthString(); + std::string key2 = fdp.ConsumeRandomLengthString(); + std::string key3 = fdp.ConsumeRandomLengthString(); + std::string value1 = fdp.ConsumeRandomLengthString(); + std::string value2 = fdp.ConsumeRandomLengthString(); JsonObject jsonObj; - jsonObj["key1"] = testNumber; - jsonObj["key2"] = "value2"; - jsonObj["key3"] = true; - IsUint32(jsonObj, "key1"); - IsUint64(jsonObj, "key1"); - IsBool(jsonObj, "key3"); + jsonObj[key1] = testNumber; + jsonObj[key2] = value2; + jsonObj[key3] = true; + IsUint32(jsonObj, key1); + IsUint64(jsonObj, key1); + IsBool(jsonObj, key3); std::map paramMap; - paramMap["key1"] = "value1"; - paramMap["key2"] = "value2"; + paramMap[key1] = value1; + paramMap[key2] = value2; std::map paramMap2 = {}; std::string jsonStr = ConvertMapToJsonString(paramMap); ParseMapFromJsonString(jsonStr, paramMap2); - StringToInt("123", decimal); - StringToInt64("123", decimal); + IsJsonValIntegerString(jsonObj, key2); +} + +void DmAnonyousFuzzTestFirst(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + std::string str1 = fdp.ConsumeRandomLengthString(); + std::string str2 = fdp.ConsumeRandomLengthString(); int32_t versionNum = 0; + int64_t decimal = 10; + int64_t testNumber = 123; + StringToInt(str1, decimal); + StringToInt64(str1, decimal); GetVersionNumber("1.0.0", versionNum); GetCallerPkgName("com.example.app#test"); GetSubscribeId("123#12345"); std::multimap unorderedmap; - unorderedmap.insert(std::make_pair("key1", testNumber)); - IsValueExist(unorderedmap, "key1", testNumber); + unorderedmap.insert(std::make_pair(str1, testNumber)); + IsValueExist(unorderedmap, str1, testNumber); GetSubStr("test#123", "#", 0); - IsJsonValIntegerString(jsonObj, "key2"); } } } @@ -71,6 +91,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ OHOS::DistributedHardware::DmAnonyousFuzzTest(data, size); - + OHOS::DistributedHardware::DmAnonyousFuzzTestFirst(data, size); return 0; } diff --git a/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp b/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp index 51c8eb047..a4f412c51 100644 --- a/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp +++ b/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ +#include #include "dm_negotiate_process_fuzzer.h" #include @@ -70,7 +71,11 @@ void DmNegotiateProcessFuzzTest(const uint8_t* data, size_t size) if ((data == nullptr) || (size < sizeof(int32_t))) { return; } + FuzzedDataProvider fdp(data, size); std::shared_ptr context = std::make_shared(); + context->needBind = fdp.ConsumeBool(); + context->needAgreeCredential = fdp.ConsumeBool(); + context->needAuth = fdp.ConsumeBool(); NoCredNoAclImportAuthType noCredNoAclImportAuthType; noCredNoAclImportAuthType.NegotiateHandle(context); NoCredNoAclInputAuthType noCredNoAclInputAuthType; diff --git a/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp b/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp index db548cd8e..7e8b2d0be 100644 --- a/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp +++ b/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ +#include #include #include #include @@ -45,11 +46,15 @@ void DpInitedCallbackFirstFuzzTest(const uint8_t* data, size_t size) if ((data == nullptr) || (size < sizeof(int32_t))) { return; } + FuzzedDataProvider fdp(data, size); DpInitedCallback dpInitedCallback; std::unordered_map authFormMap; + DistributedDeviceProfile::TrustedDeviceInfo trustedDeviceInfo; + std::string extraDataStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); DmDeviceInfo deviceInfo; + deviceInfo.extraData = extraDataStr; + dpInitedCallback.ConvertToTrustedDeviceInfo(authFormMap, deviceInfo, trustedDeviceInfo); deviceInfo.extraData = ""; - DistributedDeviceProfile::TrustedDeviceInfo trustedDeviceInfo; dpInitedCallback.ConvertToTrustedDeviceInfo(authFormMap, deviceInfo, trustedDeviceInfo); deviceInfo.extraData = "extraInfo"; diff --git a/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp b/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp index 99d41ffae..5c6e7f592 100644 --- a/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp +++ b/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp @@ -12,6 +12,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + +#include #include "ipc_cmd_register_fuzzer.h" #include @@ -41,8 +43,11 @@ void IpcCmdRegisterFuzzTest(const uint8_t* data, size_t size) if ((data == nullptr) || (size == 0)) { return; } + FuzzedDataProvider fdp(data, size); int32_t cmdCode = UNREGISTER_DEVICE_MANAGER_LISTENER; std::shared_ptr req = std::make_shared(); + std::string pkgNameStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); + req->SetPkgName(pkgNameStr); std::shared_ptr rsp = std::make_shared(); MessageParcel data1; MessageParcel reply1; diff --git a/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp b/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp index 6f11a2ea2..043ced437 100644 --- a/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp +++ b/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ +#include #include "ipc_server_client_proxy_fuzzer.h" #include @@ -31,11 +32,13 @@ void IpcServerClientProxyFuzzTest(const uint8_t* data, size_t size) if ((data == nullptr) || (size == 0)) { return; } - + FuzzedDataProvider fdp(data, size); int32_t cmdCode = UNREGISTER_DEVICE_MANAGER_LISTENER; std::shared_ptr req = std::make_shared(); std::shared_ptr rsp = std::make_shared(); sptr remoteObject = nullptr; + std::string pkgNameStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); + req->SetPkgName(pkgNameStr); auto instance = new IpcServerClientProxy(remoteObject); if (instance != nullptr) { diff --git a/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp b/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp index b7c8de713..10b09cbd7 100644 --- a/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp +++ b/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp @@ -13,6 +13,7 @@ * limitations under the License. */ +#include #include "ipc_server_listener_fuzzer.h" #include @@ -31,10 +32,12 @@ void IpcServerListenerFuzzTest(const uint8_t* data, size_t size) if ((data == nullptr) || (size == 0)) { return; } + FuzzedDataProvider fdp(data, size); + std::string pkgNameStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); int32_t cmdCode = UNREGISTER_DEVICE_MANAGER_LISTENER; std::shared_ptr req = std::make_shared(); std::shared_ptr rsp = std::make_shared(); - + req->SetPkgName(pkgNameStr); std::shared_ptr ipcServerListener = std::make_shared(); ipcServerListener->SendRequest(cmdCode, req, rsp); } diff --git a/test/softbusfuzztest/onsoftbusdeviceonline_fuzzer/on_softbus_device_online_fuzzer.cpp b/test/softbusfuzztest/onsoftbusdeviceonline_fuzzer/on_softbus_device_online_fuzzer.cpp index db02ee986..db547d5f6 100644 --- a/test/softbusfuzztest/onsoftbusdeviceonline_fuzzer/on_softbus_device_online_fuzzer.cpp +++ b/test/softbusfuzztest/onsoftbusdeviceonline_fuzzer/on_softbus_device_online_fuzzer.cpp @@ -13,6 +13,8 @@ * limitations under the License. */ +#include + #include #include #include @@ -29,10 +31,13 @@ void OnSoftbusDeviceOnlineFuzzTest(const uint8_t* data, size_t size) if ((data == nullptr) || (size < sizeof(uint16_t) || (size > DM_MAX_DEVICE_ID_LEN))) { return; } - + auto info = std::make_unique(); + FuzzedDataProvider fdp(data, size); std::shared_ptr softbusListener = std::make_shared(); - NodeBasicInfo *info = nullptr; - softbusListener->OnSoftbusDeviceOnline(info); + info->deviceTypeId = fdp.ConsumeIntegral(); + info->osType = fdp.ConsumeIntegral(); + + softbusListener->OnSoftbusDeviceOnline(info.get()); } } } -- Gitee From 6443b632bc515cc56837fb0c1ed5d75bd7170358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B0=9A?= Date: Thu, 24 Jul 2025 12:40:22 +0000 Subject: [PATCH 2/6] update test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李尚 --- .../ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp b/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp index 10b09cbd7..5aa6ddbf5 100644 --- a/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp +++ b/test/servicesfuzztest/ipcserverlistener_fuzzer/ipc_server_listener_fuzzer.cpp @@ -33,7 +33,7 @@ void IpcServerListenerFuzzTest(const uint8_t* data, size_t size) return; } FuzzedDataProvider fdp(data, size); - std::string pkgNameStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); + std::string pkgNameStr = fdp.ConsumeRandomLengthString(50); int32_t cmdCode = UNREGISTER_DEVICE_MANAGER_LISTENER; std::shared_ptr req = std::make_shared(); std::shared_ptr rsp = std::make_shared(); -- Gitee From b080ab5c8b40b3beec52b9a8bd08ee962b35037a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B0=9A?= Date: Thu, 24 Jul 2025 12:40:43 +0000 Subject: [PATCH 3/6] update test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李尚 --- .../ipc_server_client_proxy_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp b/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp index 043ced437..63f775bec 100644 --- a/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp +++ b/test/servicesfuzztest/ipcserverclientproxy_fuzzer/ipc_server_client_proxy_fuzzer.cpp @@ -37,7 +37,7 @@ void IpcServerClientProxyFuzzTest(const uint8_t* data, size_t size) std::shared_ptr req = std::make_shared(); std::shared_ptr rsp = std::make_shared(); sptr remoteObject = nullptr; - std::string pkgNameStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); + std::string pkgNameStr = fdp.ConsumeRandomLengthString(50); req->SetPkgName(pkgNameStr); auto instance = new IpcServerClientProxy(remoteObject); -- Gitee From 842a7da62ab1b9401529bc31623bf575ab6f3bce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B0=9A?= Date: Thu, 24 Jul 2025 12:41:30 +0000 Subject: [PATCH 4/6] update test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李尚 --- .../ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp b/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp index 5c6e7f592..14eda3455 100644 --- a/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp +++ b/test/servicesfuzztest/ipccmdregister_fuzzer/ipc_cmd_register_fuzzer.cpp @@ -46,11 +46,12 @@ void IpcCmdRegisterFuzzTest(const uint8_t* data, size_t size) FuzzedDataProvider fdp(data, size); int32_t cmdCode = UNREGISTER_DEVICE_MANAGER_LISTENER; std::shared_ptr req = std::make_shared(); - std::string pkgNameStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); + std::string pkgNameStr = fdp.ConsumeRandomLengthString(50); req->SetPkgName(pkgNameStr); std::shared_ptr rsp = std::make_shared(); MessageParcel data1; MessageParcel reply1; + data1.WriteString(pkgNameStr); IpcCmdRegister::GetInstance().SetRequest(cmdCode, req, data1); IpcCmdRegister::GetInstance().ReadResponse(cmdCode, data1, rsp); -- Gitee From f12827c1d0dae5b3178f8ddc09d08b0908739365 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B0=9A?= Date: Thu, 24 Jul 2025 12:42:18 +0000 Subject: [PATCH 5/6] update test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李尚 --- test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp index 19faa0e88..65859d533 100644 --- a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp @@ -32,7 +32,7 @@ void DmAnonyousFuzzTest(const uint8_t* data, size_t size) } FuzzedDataProvider fdp(data, size); std::vector strList; - int64_t testNumber = 123; + int64_t testNumber = fdp.ConsumeIntegral(); std::string test1 = fdp.ConsumeRandomLengthString(); std::string test2 = fdp.ConsumeRandomLengthString(); strList.push_back(test1); @@ -72,7 +72,7 @@ void DmAnonyousFuzzTestFirst(const uint8_t* data, size_t size) std::string str2 = fdp.ConsumeRandomLengthString(); int32_t versionNum = 0; int64_t decimal = 10; - int64_t testNumber = 123; + int64_t testNumber = fdp.ConsumeIntegral(); StringToInt(str1, decimal); StringToInt64(str1, decimal); GetVersionNumber("1.0.0", versionNum); -- Gitee From 8862e1573cf5ee41cb39d7d0372e8bfd5db11193 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=B0=9A?= Date: Thu, 24 Jul 2025 12:46:09 +0000 Subject: [PATCH 6/6] update test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 李尚 --- .../dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp b/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp index 7e8b2d0be..03656da4b 100644 --- a/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp +++ b/test/servicesfuzztest/dpinitcallback_fuzzer/dp_init_callback_fuzzer.cpp @@ -50,7 +50,7 @@ void DpInitedCallbackFirstFuzzTest(const uint8_t* data, size_t size) DpInitedCallback dpInitedCallback; std::unordered_map authFormMap; DistributedDeviceProfile::TrustedDeviceInfo trustedDeviceInfo; - std::string extraDataStr = fdp.ConsumeRandomLengthString(DM_MAX_DEVICE_ID_LEN); + std::string extraDataStr = fdp.ConsumeRandomLengthString(50); DmDeviceInfo deviceInfo; deviceInfo.extraData = extraDataStr; dpInitedCallback.ConvertToTrustedDeviceInfo(authFormMap, deviceInfo, trustedDeviceInfo); -- Gitee