From 4fa1bb1aa56ec9a448c7eb4072add8f630b3329d Mon Sep 17 00:00:00 2001 From: liuxiaowei42 Date: Thu, 26 Jun 2025 16:17:17 +0800 Subject: [PATCH 1/2] add fuzz Signed-off-by: liuxiaowei42 --- .../dinputinitsink_fuzzer.cpp | 38 ++++++++++- .../dinputinitsource_fuzzer.cpp | 36 +++++++++- .../BUILD.gn | 1 + ...istributed_input_transport_base_fuzzer.cpp | 65 ++++++++++++++++++- 4 files changed, 137 insertions(+), 3 deletions(-) diff --git a/test/fuzztest/dinputinitsink_fuzzer/dinputinitsink_fuzzer.cpp b/test/fuzztest/dinputinitsink_fuzzer/dinputinitsink_fuzzer.cpp index 93ae58e..911cb59 100644 --- a/test/fuzztest/dinputinitsink_fuzzer/dinputinitsink_fuzzer.cpp +++ b/test/fuzztest/dinputinitsink_fuzzer/dinputinitsink_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -42,6 +42,39 @@ void InitSinkFuzzTest(const uint8_t *data, size_t size) const uint32_t sleepTimeUs = 50 * 1000; usleep(sleepTimeUs); } + +void OnLoadSystemAbilitySuccessFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + int32_t saId = *(reinterpret_cast(data)); + DistributedInput::DistributedInputSinkHandler::SALoadSinkCb saLoadSinkCb; + saLoadSinkCb.OnLoadSystemAbilitySuccess(saId, nullptr); +} + +void OnLoadSystemAbilityFailFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + int32_t saId = *(reinterpret_cast(data)); + DistributedInput::DistributedInputSinkHandler::SALoadSinkCb saLoadSinkCb; + saLoadSinkCb.OnLoadSystemAbilityFail(saId); +} + +void OnRemoteSinkSvrDiedFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + std::string networkId(reinterpret_cast(data), size); + DistributedInput::DistributedInputSinkHandler::GetInstance().OnRemoteSinkSvrDied(nullptr); + DistributedInput::DistributedInputSinkHandler::GetInstance().RegisterPrivacyResources(nullptr); + DistributedInput::DistributedInputSinkHandler::GetInstance().PauseDistributedHardware(networkId); + DistributedInput::DistributedInputSinkHandler::GetInstance().ResumeDistributedHardware(networkId); + DistributedInput::DistributedInputSinkHandler::GetInstance().StopDistributedHardware(networkId); +} } // namespace DistributedHardware } // namespace OHOS @@ -50,5 +83,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ OHOS::DistributedHardware::InitSinkFuzzTest(data, size); + OHOS::DistributedHardware::OnLoadSystemAbilitySuccessFuzzTest(data, size); + OHOS::DistributedHardware::OnLoadSystemAbilityFailFuzzTest(data, size); + OHOS::DistributedHardware::OnRemoteSinkSvrDiedFuzzTest(data, size); return 0; } \ No newline at end of file diff --git a/test/fuzztest/dinputinitsource_fuzzer/dinputinitsource_fuzzer.cpp b/test/fuzztest/dinputinitsource_fuzzer/dinputinitsource_fuzzer.cpp index 98d7120..aa4e396 100644 --- a/test/fuzztest/dinputinitsource_fuzzer/dinputinitsource_fuzzer.cpp +++ b/test/fuzztest/dinputinitsource_fuzzer/dinputinitsource_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2023-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -39,6 +39,37 @@ void InitSourceFuzzTest(const uint8_t *data, size_t size) std::string params(reinterpret_cast(data), size); DistributedInput::DistributedInputSourceHandler::GetInstance().InitSource(params); } + +void OnLoadSystemAbilitySuccessFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + int32_t saId = *(reinterpret_cast(data)); + DistributedInput::DistributedInputSourceHandler::SALoadSourceCb saLoadSourceCb; + saLoadSourceCb.OnLoadSystemAbilitySuccess(saId, nullptr); +} + +void OnLoadSystemAbilityFailFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + int32_t saId = *(reinterpret_cast(data)); + DistributedInput::DistributedInputSourceHandler::SALoadSourceCb saLoadSourceCb; + saLoadSourceCb.OnLoadSystemAbilityFail(saId); +} + +void OnRemoteSourceSvrDiedFuzzTest(const uint8_t *data, size_t size) +{ + (void)data; + (void)size; + DistributedInput::DistributedInputSourceHandler::GetInstance().OnRemoteSourceSvrDied(nullptr); + DistributedInput::DistributedInputSourceHandler::GetInstance().RegisterDistributedHardwareStateListener(nullptr); + DistributedInput::DistributedInputSourceHandler::GetInstance().UnregisterDistributedHardwareStateListener(); + DistributedInput::DistributedInputSourceHandler::GetInstance().RegisterDataSyncTriggerListener(nullptr); + DistributedInput::DistributedInputSourceHandler::GetInstance().UnregisterDataSyncTriggerListener(); +} } // namespace DistributedHardware } // namespace OHOS @@ -47,5 +78,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ OHOS::DistributedHardware::InitSourceFuzzTest(data, size); + OHOS::DistributedHardware::OnLoadSystemAbilitySuccessFuzzTest(data, size); + OHOS::DistributedHardware::OnLoadSystemAbilityFailFuzzTest(data, size); + OHOS::DistributedHardware::OnRemoteSourceSvrDiedFuzzTest(data, size); return 0; } \ No newline at end of file diff --git a/test/fuzztest/distributedinputtransportbase_fuzzer/BUILD.gn b/test/fuzztest/distributedinputtransportbase_fuzzer/BUILD.gn index f12ceec..372aacb 100644 --- a/test/fuzztest/distributedinputtransportbase_fuzzer/BUILD.gn +++ b/test/fuzztest/distributedinputtransportbase_fuzzer/BUILD.gn @@ -79,6 +79,7 @@ ohos_fuzztest("DistributedInputTransportBaseFuzzTest") { "HI_LOG_ENABLE", "DH_LOG_TAG=\"DistributedInputTransportBaseFuzzTest\"", "LOG_DOMAIN=0xD004120", + "private=public", ] } diff --git a/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp b/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp index c0c3bbd..e88107f 100644 --- a/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp +++ b/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -54,6 +55,63 @@ void OnBytesReceivedFuzzTest(const uint8_t *data, size_t size) uint32_t dataLen = static_cast(size); DistributedInput::DistributedInputTransportBase::GetInstance().OnBytesReceived(sessionId, msg, dataLen); } + +void GetSessionIdByDevIdFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + std::string srcId(reinterpret_cast(data), size); + DistributedInput::DistributedInputTransportBase::GetInstance().GetSessionIdByDevId(srcId); +} + +void HandleSessionFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + int32_t sessionId = *(reinterpret_cast(data)); + std::string message(reinterpret_cast(data), size); + DistributedInput::DistributedInputTransportBase::GetInstance().HandleSession(sessionId, message); +} + +void OnSessionClosedFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t sessionId = fdp.ConsumeIntegral(); + int32_t reasonValue = fdp.ConsumeIntegral(); + ShutdownReason reason = static_cast(reasonValue); + + DistributedInput::DistributedInputTransportBase::GetInstance().RegisterSinkHandleSessionCallback(nullptr); + DistributedInput::DistributedInputTransportBase::GetInstance().RegisterSrcHandleSessionCallback(nullptr); + DistributedInput::DistributedInputTransportBase::GetInstance().RegisterSourceManagerCallback(nullptr); + DistributedInput::DistributedInputTransportBase::GetInstance().OnSessionClosed(sessionId, reason); +} + +void EraseSessionIdFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + std::string remoteDevId(reinterpret_cast(data), size); + sptr callback = nullptr; + DistributedInput::DistributedInputTransportBase::GetInstance().RegisterSessionStateCb(callback); + DistributedInput::DistributedInputTransportBase::GetInstance().UnregisterSessionStateCb(); + DistributedInput::DistributedInputTransportBase::GetInstance().GetCurrentSessionId(); + DistributedInput::DistributedInputTransportBase::GetInstance().StopAllSession(); + DistributedInput::DistributedInputTransportBase::GetInstance().EraseSessionId(remoteDevId); +} + +void InitFuzzTest(const uint8_t *data, size_t size) +{ + (void)data; + (void)size; + DistributedInput::DistributedInputTransportBase::GetInstance().Init(); + DistributedInput::DistributedInputTransportBase::GetInstance().CreateServerSocket(); +} } // namespace DistributedHardware } // namespace OHOS @@ -63,5 +121,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) /* Run your code on data */ OHOS::DistributedHardware::StartSessionFuzzTest(data, size); OHOS::DistributedHardware::OnBytesReceivedFuzzTest(data, size); + OHOS::DistributedHardware::GetSessionIdByDevIdFuzzTest(data, size); + OHOS::DistributedHardware::HandleSessionFuzzTest(data, size); + OHOS::DistributedHardware::OnSessionClosedFuzzTest(data, size); + OHOS::DistributedHardware::EraseSessionIdFuzzTest(data, size); + OHOS::DistributedHardware::InitFuzzTest(data, size); return 0; } \ No newline at end of file -- Gitee From e53acdf51003eecf017cee4c0cb785ccd9fc45db Mon Sep 17 00:00:00 2001 From: liuxiaowei42 Date: Thu, 26 Jun 2025 12:03:45 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=E5=91=8A=E8=AD=A6=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: liuxiaowei42 --- .../distributed_input_transport_base_fuzzer.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp b/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp index e88107f..a8dcdb6 100644 --- a/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp +++ b/test/fuzztest/distributedinputtransportbase_fuzzer/distributed_input_transport_base_fuzzer.cpp @@ -77,7 +77,7 @@ void HandleSessionFuzzTest(const uint8_t *data, size_t size) void OnSessionClosedFuzzTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < (sizeof(int32_t) + sizeof(int32_t)))) { return; } FuzzedDataProvider fdp(data, size); @@ -110,7 +110,6 @@ void InitFuzzTest(const uint8_t *data, size_t size) (void)data; (void)size; DistributedInput::DistributedInputTransportBase::GetInstance().Init(); - DistributedInput::DistributedInputTransportBase::GetInstance().CreateServerSocket(); } } // namespace DistributedHardware } // namespace OHOS -- Gitee