From 543d79b22ec210fd5c101c1e0c74fc55cf299b1a Mon Sep 17 00:00:00 2001 From: yueyan Date: Sun, 21 May 2023 23:13:07 +0800 Subject: [PATCH] fix:add fuzz test case for the devmgr and servmgr Signed-off-by: yueyan --- .../manager/include/devhost_service_proxy.h | 8 ++ .../manager/include/devmgr_service_stub.h | 8 ++ .../manager/include/devsvc_manager_stub.h | 8 ++ framework/test/fuzztest/BUILD.gn | 2 + .../devmgr_service_stub_fuzzer/BUILD.gn | 83 ++++++++++++ .../devmgr_service_stub_fuzzer/corpus/init | 7 + .../devmgrservicestub_fuzzer.cpp | 118 +++++++++++++++++ .../devmgrservicestub_fuzzer.h | 14 ++ .../devmgr_service_stub_fuzzer/project.xml | 17 +++ .../devsvc_manager_stub_fuzzer/BUILD.gn | 83 ++++++++++++ .../devsvc_manager_stub_fuzzer/corpus/init | 7 + .../devsvcmanagerstub_fuzzer.cpp | 122 ++++++++++++++++++ .../devsvcmanagerstub_fuzzer.h | 14 ++ .../devsvc_manager_stub_fuzzer/project.xml | 17 +++ 14 files changed, 508 insertions(+) create mode 100644 framework/test/fuzztest/devmgr_service_stub_fuzzer/BUILD.gn create mode 100644 framework/test/fuzztest/devmgr_service_stub_fuzzer/corpus/init create mode 100644 framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.cpp create mode 100644 framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.h create mode 100644 framework/test/fuzztest/devmgr_service_stub_fuzzer/project.xml create mode 100644 framework/test/fuzztest/devsvc_manager_stub_fuzzer/BUILD.gn create mode 100644 framework/test/fuzztest/devsvc_manager_stub_fuzzer/corpus/init create mode 100644 framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.cpp create mode 100644 framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.h create mode 100644 framework/test/fuzztest/devsvc_manager_stub_fuzzer/project.xml diff --git a/adapter/uhdf2/manager/include/devhost_service_proxy.h b/adapter/uhdf2/manager/include/devhost_service_proxy.h index 9442473b1..b614b83f1 100644 --- a/adapter/uhdf2/manager/include/devhost_service_proxy.h +++ b/adapter/uhdf2/manager/include/devhost_service_proxy.h @@ -19,6 +19,10 @@ #include "devhost_service_if.h" #include "hdf_remote_service.h" +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + struct DevHostServiceProxy { struct IDevHostService super; struct HdfRemoteService *remote; @@ -35,4 +39,8 @@ enum { struct IDevHostService *DevHostServiceProxyObtain(uint32_t hostId, struct HdfRemoteService *remote); void DevHostServiceProxyRecycle(struct DevHostServiceProxy *inst); +#ifdef __cplusplus +} +#endif /* __cplusplus */ + #endif /* DEVHOST_SERVICE_PROXY_H */ diff --git a/adapter/uhdf2/manager/include/devmgr_service_stub.h b/adapter/uhdf2/manager/include/devmgr_service_stub.h index 45b02f2f6..246aa53a6 100644 --- a/adapter/uhdf2/manager/include/devmgr_service_stub.h +++ b/adapter/uhdf2/manager/include/devmgr_service_stub.h @@ -22,6 +22,10 @@ #define DEVICE_MANAGER_SERVICE "hdf_device_manager" +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + struct DevmgrServiceStub { struct DevmgrServiceFull super; struct HdfRemoteService *remote; @@ -41,4 +45,8 @@ enum { struct HdfObject *DevmgrServiceStubCreate(void); void DevmgrServiceStubRelease(struct HdfObject *object); +#ifdef __cplusplus +} +#endif /* __cplusplus */ + #endif /* DEVMGR_SERVICE_STUB_H */ diff --git a/adapter/uhdf2/manager/include/devsvc_manager_stub.h b/adapter/uhdf2/manager/include/devsvc_manager_stub.h index 296b1b9f6..e4204db61 100644 --- a/adapter/uhdf2/manager/include/devsvc_manager_stub.h +++ b/adapter/uhdf2/manager/include/devsvc_manager_stub.h @@ -24,6 +24,10 @@ #define DEVICE_SERVICE_MANAGER "hdf_device_service_manager" #define DEVICE_SERVICE_MANAGER_SA_ID 5100 +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + struct DevSvcManagerStub { struct DevSvcManager super; struct HdfRemoteService *remote; @@ -43,4 +47,8 @@ struct HdfDeviceObjectHolder { struct HdfObject *DevSvcManagerStubCreate(void); void DevSvcManagerStubRelease(struct HdfObject *object); +#ifdef __cplusplus +} +#endif /* __cplusplus */ + #endif /* DEVSVC_MANAGER_STUB_H */ diff --git a/framework/test/fuzztest/BUILD.gn b/framework/test/fuzztest/BUILD.gn index 4b41f82df..3b5dfbae9 100644 --- a/framework/test/fuzztest/BUILD.gn +++ b/framework/test/fuzztest/BUILD.gn @@ -11,6 +11,8 @@ group("hdf_framework_fuzztest") { "devmgr_c_fuzzer/unloaddevice_fuzzer:UnloadDeviceFuzzTest", "devmgr_cpp_fuzzer/loaddevice_fuzzer:LoadDeviceFuzzTest", "devmgr_cpp_fuzzer/unloaddevice_fuzzer:UnloadDeviceFuzzTest", + "devmgr_service_stub_fuzzer:DevmgrServiceStubFuzzTest", + "devsvc_manager_stub_fuzzer:DevSvcManagerStubFuzzTest", "ioservice_fuzzer/ioservicebind_fuzzer:IoserviceBindFuzzTest", "ioservice_fuzzer/ioservicegrouplisten_fuzzer:IoserviceGroupListenFuzzTest", "ioservice_fuzzer/ioservicelisten_fuzzer:IoserviceListenFuzzTest", diff --git a/framework/test/fuzztest/devmgr_service_stub_fuzzer/BUILD.gn b/framework/test/fuzztest/devmgr_service_stub_fuzzer/BUILD.gn new file mode 100644 index 000000000..d782703b2 --- /dev/null +++ b/framework/test/fuzztest/devmgr_service_stub_fuzzer/BUILD.gn @@ -0,0 +1,83 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# HDF is dual licensed: you can use it either under the terms of +# the GPL, or the BSD license, at your option. +# See the LICENSE file in the root of this repository for complete details. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") + +hdf_framework_path = "../../../" +hdf_adapter_path = "../../../../adapter" +hdf_interfaces_path = "../../../../interfaces" +module_output_path = "hdf_core/devmgr_service_stub" + +ohos_fuzztest("DevmgrServiceStubFuzzTest") { + module_out_path = module_output_path + fuzz_config_file = + "$hdf_framework_path/test/fuzztest/devmgr_service_stub_fuzzer" + + include_dirs = [ + "$hdf_adapter_path/uhdf2/hdi/include/hdi", + "$hdf_framework_path/include", + "$hdf_adapter_path/uhdf2/manager/include", + "$hdf_framework_path/core/manager/include", + "$hdf_framework_path/core/common/include/manager/", + "$hdf_framework_path/core/host/include", + "$hdf_framework_path/core/shared/include", + "$hdf_framework_path/utils/include", + "$hdf_adapter_path/uhdf2/include/host", + "$hdf_adapter_path/uhdf2/shared/include", + "$hdf_adapter_path/uhdf2/manager/include", + "$hdf_adapter_path/uhdf2/host/include", + "$hdf_adapter_path/uhdf2/security/include", + "$hdf_adapter_path/uhdf2/utils/include", + "$hdf_interfaces_path/inner_api/core", + "$hdf_interfaces_path/inner_api/host/shared", + "$hdf_interfaces_path/inner_api/host/uhdf", + ] + + sources = [ + "$hdf_adapter_path/uhdf2/manager/src/devhost_service_proxy.c", + "$hdf_adapter_path/uhdf2/manager/src/device_token_proxy.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_dump.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_object_config.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_query_device.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_service_full.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_service_stub.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_uevent.c", + "$hdf_adapter_path/uhdf2/manager/src/devsvc_manager_stub.c", + "$hdf_adapter_path/uhdf2/manager/src/driver_installer_full.c", + "$hdf_adapter_path/uhdf2/manager/src/servstat_listener_holder.c", + "$hdf_adapter_path/uhdf2/shared/src/dev_attribute_serialize.c", + "$hdf_adapter_path/uhdf2/shared/src/hcb_config_entry.c", + "$hdf_framework_path/core/common/src/hdf_attribute.c", + "$hdf_framework_path/core/manager/src/devhost_service_clnt.c", + "$hdf_framework_path/core/manager/src/device_token_clnt.c", + "$hdf_framework_path/core/manager/src/devmgr_service.c", + "$hdf_framework_path/core/manager/src/devsvc_manager.c", + "$hdf_framework_path/core/manager/src/hdf_driver_installer.c", + "$hdf_framework_path/core/manager/src/hdf_host_info.c", + "$hdf_framework_path/core/shared/src/hdf_device_info.c", + "$hdf_framework_path/core/shared/src/hdf_object_manager.c", + "$hdf_framework_path/core/shared/src/hdf_service_record.c", + "devmgrservicestub_fuzzer.cpp", + ] + + external_deps = [ + "c_utils:utils", + "hdf_core:libhdf_ipc_adapter", + "hdf_core:libhdf_utils", + "hdf_core:libhdi", + "hiviewdfx_hilog_native:libhilog", + "init:libbegetutil", + ] + + cflags_cc = [ "-gdwarf-2" ] +} + +group("fuzztest") { + testonly = true + deps = [ ":DevmgrServiceStubFuzzTest" ] +} diff --git a/framework/test/fuzztest/devmgr_service_stub_fuzzer/corpus/init b/framework/test/fuzztest/devmgr_service_stub_fuzzer/corpus/init new file mode 100644 index 000000000..5f442389f --- /dev/null +++ b/framework/test/fuzztest/devmgr_service_stub_fuzzer/corpus/init @@ -0,0 +1,7 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# HDF is dual licensed: you can use it either under the terms of +# the GPL, or the BSD license, at your option. +# See the LICENSE file in the root of this repository for complete details. + +FUZZ \ No newline at end of file diff --git a/framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.cpp b/framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.cpp new file mode 100644 index 000000000..007cd5dd7 --- /dev/null +++ b/framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.cpp @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * + * HDF is dual licensed: you can use it either under the terms of + * the GPL, or the BSD license, at your option. + * See the LICENSE file in the root of this repository for complete details. + */ + +#include "devmgrservicestub_fuzzer.h" +#include "devmgr_service_stub.h" +#include "hdf_base.h" +#include "hdf_log.h" + +extern "C" int32_t DevmgrServiceStubDispatch( + struct HdfRemoteService *stub, int code, struct HdfSBuf *data, struct HdfSBuf *reply); + +static const char *g_devmgrInterfaceToken = "HDI.IDeviceManager.V1_0"; +static struct HdfRemoteDispatcher g_devmgrDispatcher = { + .Dispatch = DevmgrServiceStubDispatch, +}; + +static int32_t g_devMgrCode[] = { + DEVMGR_SERVICE_ATTACH_DEVICE_HOST, + DEVMGR_SERVICE_ATTACH_DEVICE, + DEVMGR_SERVICE_DETACH_DEVICE, + DEVMGR_SERVICE_LOAD_DEVICE, + DEVMGR_SERVICE_UNLOAD_DEVICE, + DEVMGR_SERVICE_QUERY_DEVICE, + DEVMGR_SERVICE_LIST_ALL_DEVICE +}; + +static struct DevmgrServiceStub *GetDevmgrServiceStubInstance() +{ + static struct DevmgrServiceStub *instance = nullptr; + if (instance != nullptr) { + return instance; + } + + instance = reinterpret_cast(DevmgrServiceStubCreate()); + if (instance == nullptr) { + HDF_LOGI("%{public}s:%{public}d: failed to create DevmgrServiceStub object", __func__, __LINE__); + return nullptr; + } + + struct HdfRemoteService *remoteService = HdfRemoteServiceObtain((struct HdfObject *)instance, &g_devmgrDispatcher); + if (remoteService == nullptr) { + HDF_LOGI("%{public}s:%{public}d: failed to bind dispatcher", __func__, __LINE__); + return nullptr; + } + if (!HdfRemoteServiceSetInterfaceDesc(remoteService, g_devmgrInterfaceToken)) { + HDF_LOGE("%{public}s:%{public}d: failed to init interface desc", __func__, __LINE__); + HdfRemoteServiceRecycle(remoteService); + return nullptr; + } + + instance->remote = remoteService; + return instance; +} + +static bool AttachDeviceHostFuzzTest(int32_t code, const uint8_t *data, size_t size) +{ + struct DevmgrServiceStub *instance = GetDevmgrServiceStubInstance(); + if (instance == nullptr) { + HDF_LOGE("%{public}s:%{public}d: failed to get DevmgrServiceStub object", __func__, __LINE__); + return false; + } + + struct HdfSBuf *dataBuf = HdfSbufTypedObtain(SBUF_IPC); + if (dataBuf == nullptr) { + HDF_LOGE("%{public}s:%{public}d: failed to create data buf", __func__, __LINE__); + return false; + } + + struct HdfSBuf *replyBuf = HdfSbufTypedObtain(SBUF_IPC); + if (replyBuf == nullptr) { + HDF_LOGE("%{public}s:%{public}d: failed to create reply buf", __func__, __LINE__); + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + return false; + } + + if (!HdfRemoteServiceWriteInterfaceToken(instance->remote, dataBuf)) { + HDF_LOGE("%{public}s:%{public}d: failed to write interface token", __func__, __LINE__); + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + HdfSbufRecycle(replyBuf); + replyBuf = nullptr; + return false; + } + + if (!HdfSbufWriteBuffer(dataBuf, data, size)) { + HDF_LOGE("%{public}s:%{public}d: failed to write data", __func__, __LINE__); + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + HdfSbufRecycle(replyBuf); + replyBuf = nullptr; + return false; + } + + (void)instance->remote->dispatcher->Dispatch( + reinterpret_cast(instance->remote->target), code, dataBuf, replyBuf); + + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + HdfSbufRecycle(replyBuf); + replyBuf = nullptr; + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + int32_t codeSize = sizeof(g_devMgrCode) / sizeof(g_devMgrCode[0]); + for (int32_t i = 0; i < codeSize; ++i) { + int32_t code = g_devMgrCode[i]; + AttachDeviceHostFuzzTest(code, data, size); + } + return HDF_SUCCESS; +} \ No newline at end of file diff --git a/framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.h b/framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.h new file mode 100644 index 000000000..6b81f7b7f --- /dev/null +++ b/framework/test/fuzztest/devmgr_service_stub_fuzzer/devmgrservicestub_fuzzer.h @@ -0,0 +1,14 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * + * HDF is dual licensed: you can use it either under the terms of + * the GPL, or the BSD license, at your option. + * See the LICENSE file in the root of this repository for complete details. + */ + +#ifndef DEV_MGR_SERVICE_STUB_FUZZER_H +#define DEV_MGR_SERVICE_STUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "devmgrservicestub_fuzzer" + +#endif // DEV_MGR_SERVICE_STUB_FUZZER_H \ No newline at end of file diff --git a/framework/test/fuzztest/devmgr_service_stub_fuzzer/project.xml b/framework/test/fuzztest/devmgr_service_stub_fuzzer/project.xml new file mode 100644 index 000000000..4d0bceb0a --- /dev/null +++ b/framework/test/fuzztest/devmgr_service_stub_fuzzer/project.xml @@ -0,0 +1,17 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/framework/test/fuzztest/devsvc_manager_stub_fuzzer/BUILD.gn b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/BUILD.gn new file mode 100644 index 000000000..441dd6f82 --- /dev/null +++ b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/BUILD.gn @@ -0,0 +1,83 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# HDF is dual licensed: you can use it either under the terms of +# the GPL, or the BSD license, at your option. +# See the LICENSE file in the root of this repository for complete details. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") + +hdf_framework_path = "../../../" +hdf_adapter_path = "../../../../adapter" +hdf_interfaces_path = "../../../../interfaces" +module_output_path = "hdf_core/devsvc_manager_stub" + +ohos_fuzztest("DevSvcManagerStubFuzzTest") { + module_out_path = module_output_path + fuzz_config_file = + "$hdf_framework_path/test/fuzztest/devsvc_manager_stub_fuzzer" + + include_dirs = [ + "$hdf_adapter_path/uhdf2/hdi/include/hdi", + "$hdf_framework_path/include", + "$hdf_adapter_path/uhdf2/manager/include", + "$hdf_framework_path/core/manager/include", + "$hdf_framework_path/core/common/include/manager/", + "$hdf_framework_path/core/host/include", + "$hdf_framework_path/core/shared/include", + "$hdf_framework_path/utils/include", + "$hdf_adapter_path/uhdf2/include/host", + "$hdf_adapter_path/uhdf2/shared/include", + "$hdf_adapter_path/uhdf2/manager/include", + "$hdf_adapter_path/uhdf2/host/include", + "$hdf_adapter_path/uhdf2/security/include", + "$hdf_adapter_path/uhdf2/utils/include", + "$hdf_interfaces_path/inner_api/core", + "$hdf_interfaces_path/inner_api/host/shared", + "$hdf_interfaces_path/inner_api/host/uhdf", + ] + + sources = [ + "$hdf_adapter_path/uhdf2/manager/src/devhost_service_proxy.c", + "$hdf_adapter_path/uhdf2/manager/src/device_token_proxy.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_dump.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_object_config.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_query_device.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_service_full.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_service_stub.c", + "$hdf_adapter_path/uhdf2/manager/src/devmgr_uevent.c", + "$hdf_adapter_path/uhdf2/manager/src/devsvc_manager_stub.c", + "$hdf_adapter_path/uhdf2/manager/src/driver_installer_full.c", + "$hdf_adapter_path/uhdf2/manager/src/servstat_listener_holder.c", + "$hdf_adapter_path/uhdf2/shared/src/dev_attribute_serialize.c", + "$hdf_adapter_path/uhdf2/shared/src/hcb_config_entry.c", + "$hdf_framework_path/core/common/src/hdf_attribute.c", + "$hdf_framework_path/core/manager/src/devhost_service_clnt.c", + "$hdf_framework_path/core/manager/src/device_token_clnt.c", + "$hdf_framework_path/core/manager/src/devmgr_service.c", + "$hdf_framework_path/core/manager/src/devsvc_manager.c", + "$hdf_framework_path/core/manager/src/hdf_driver_installer.c", + "$hdf_framework_path/core/manager/src/hdf_host_info.c", + "$hdf_framework_path/core/shared/src/hdf_device_info.c", + "$hdf_framework_path/core/shared/src/hdf_object_manager.c", + "$hdf_framework_path/core/shared/src/hdf_service_record.c", + "devsvcmanagerstub_fuzzer.cpp", + ] + + external_deps = [ + "c_utils:utils", + "hdf_core:libhdf_ipc_adapter", + "hdf_core:libhdf_utils", + "hdf_core:libhdi", + "hiviewdfx_hilog_native:libhilog", + "init:libbegetutil", + ] + + cflags_cc = [ "-gdwarf-2" ] +} + +group("fuzztest") { + testonly = true + deps = [ ":DevSvcManagerStubFuzzTest" ] +} diff --git a/framework/test/fuzztest/devsvc_manager_stub_fuzzer/corpus/init b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/corpus/init new file mode 100644 index 000000000..5f442389f --- /dev/null +++ b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/corpus/init @@ -0,0 +1,7 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# HDF is dual licensed: you can use it either under the terms of +# the GPL, or the BSD license, at your option. +# See the LICENSE file in the root of this repository for complete details. + +FUZZ \ No newline at end of file diff --git a/framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.cpp b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.cpp new file mode 100644 index 000000000..958fa27e8 --- /dev/null +++ b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.cpp @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * + * HDF is dual licensed: you can use it either under the terms of + * the GPL, or the BSD license, at your option. + * See the LICENSE file in the root of this repository for complete details. + */ + +#include "devsvcmanagerstub_fuzzer.h" +#include "devsvc_manager_proxy.h" +#include "devsvc_manager_stub.h" +#include "hdf_log.h" + +extern "C" int DevSvcManagerStubDispatch( + struct HdfRemoteService *service, int code, struct HdfSBuf *data, struct HdfSBuf *reply); + +static const char* g_svcmgrInterfaceToken = "HDI.IServiceManager.V1_0"; +static struct HdfRemoteDispatcher g_servmgrDispatcher = { + .Dispatch = DevSvcManagerStubDispatch +}; + +static int32_t servmgrCode[] = { + DEVSVC_MANAGER_ADD_SERVICE, + DEVSVC_MANAGER_UPDATE_SERVICE, + DEVSVC_MANAGER_GET_SERVICE, + DEVSVC_MANAGER_REGISTER_SVCLISTENER, + DEVSVC_MANAGER_UNREGISTER_SVCLISTENER, + DEVSVC_MANAGER_LIST_ALL_SERVICE, + DEVSVC_MANAGER_LIST_SERVICE, + DEVSVC_MANAGER_REMOVE_SERVICE, + DEVSVC_MANAGER_LIST_SERVICE_BY_INTERFACEDESC, +}; + +static struct DevSvcManagerStub *GetDevSvcManagerStubInstance() +{ + static struct DevSvcManagerStub *instance; + if (instance != NULL) { + return instance; + } + + instance = reinterpret_cast(DevSvcManagerStubCreate()); + if (instance == nullptr) { + HDF_LOGI("%{public}s:%{public}d: failed to create DevSvcManagerStub object", __func__, __LINE__); + return nullptr; + } + + struct HdfRemoteService *remoteService = HdfRemoteServiceObtain((struct HdfObject *)instance, &g_servmgrDispatcher); + if (remoteService == nullptr) { + HDF_LOGI("%{public}s:%{public}d: failed to bind dispatcher", __func__, __LINE__); + return nullptr; + } + + if (!HdfRemoteServiceSetInterfaceDesc(remoteService, g_svcmgrInterfaceToken)) { + HDF_LOGE("%{public}s: failed to init interface desc", __func__); + HdfRemoteServiceRecycle(remoteService); + return nullptr; + } + + instance->remote = remoteService; + return instance; +} + +static bool DevsvcManagerFuzzTest(int32_t code, const uint8_t *data, size_t size) +{ + struct DevSvcManagerStub *instance = GetDevSvcManagerStubInstance(); + if (instance == nullptr) { + HDF_LOGE("%{public}s:%{public}d: failed to get DevSvcManagerStub object", __func__, __LINE__); + return false; + } + + struct HdfSBuf *dataBuf = HdfSbufTypedObtain(SBUF_IPC); + if (dataBuf == nullptr) { + HDF_LOGE("%{public}s:%{public}d: failed to create data buf", __func__, __LINE__); + return false; + } + + struct HdfSBuf *replyBuf = HdfSbufTypedObtain(SBUF_IPC); + if (replyBuf == nullptr) { + HDF_LOGE("%{public}s:%{public}d: failed to create reply buf", __func__, __LINE__); + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + return false; + } + + if (!HdfRemoteServiceWriteInterfaceToken(instance->remote, dataBuf)) { + HDF_LOGE("%{public}s:%{public}d: failed to write interface token", __func__, __LINE__); + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + HdfSbufRecycle(replyBuf); + replyBuf = nullptr; + return false; + } + + if (!HdfSbufWriteBuffer(dataBuf, data, size)) { + HDF_LOGE("%{public}s:%{public}d: failed to write data", __func__, __LINE__); + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + HdfSbufRecycle(replyBuf); + replyBuf = nullptr; + return false; + } + + (void)instance->remote->dispatcher->Dispatch( + reinterpret_cast(instance->remote->target), code, dataBuf, replyBuf); + + HdfSbufRecycle(dataBuf); + dataBuf = nullptr; + HdfSbufRecycle(replyBuf); + replyBuf = nullptr; + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + int32_t codeSize = sizeof(servmgrCode) / sizeof(servmgrCode[0]); + for (int32_t i = 0; i < codeSize; ++i) { + int32_t code = servmgrCode[i]; + DevsvcManagerFuzzTest(code, data, size); + } + return HDF_SUCCESS; +} + diff --git a/framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.h b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.h new file mode 100644 index 000000000..1f8cf9e2f --- /dev/null +++ b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/devsvcmanagerstub_fuzzer.h @@ -0,0 +1,14 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * + * HDF is dual licensed: you can use it either under the terms of + * the GPL, or the BSD license, at your option. + * See the LICENSE file in the root of this repository for complete details. + */ + +#ifndef DEV_SVC_MANAGER_STUB_FUZZER_H +#define DEV_SVC_MANAGER_STUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "devsvcmanagerstub_fuzzer" + +#endif // DEV_SVC_MANAGER_STUB_FUZZER_H \ No newline at end of file diff --git a/framework/test/fuzztest/devsvc_manager_stub_fuzzer/project.xml b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/project.xml new file mode 100644 index 000000000..4d0bceb0a --- /dev/null +++ b/framework/test/fuzztest/devsvc_manager_stub_fuzzer/project.xml @@ -0,0 +1,17 @@ + + + + + + 1000 + + 120 + + 2048 + + -- Gitee