From 87b372b19782bf4a1a74c35730bb67da0b627f54 Mon Sep 17 00:00:00 2001
From: huyx <huyuxiang8@h-partners.com>
Date: Wed, 20 Nov 2024 15:27:56 +0800
Subject: [PATCH 1/2] =?UTF-8?q?fuzz=E5=91=8A=E8=AD=A6=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: huyx <huyuxiang8@h-partners.com>
---
 framework/test/fuzztest/BUILD.gn              |  1 -
 .../devicemanagerstart_fuzzer.cpp             | 16 +++++++-
 .../hdfxcollie_fuzzer/BUILD.gn                | 39 -------------------
 .../hdfxcollie_fuzzer/corpus/init             |  7 ----
 .../hdfxcollie_fuzzer/hdfxcollie_fuzzer.cpp   | 32 ---------------
 .../hdfxcollie_fuzzer/hdfxcollie_fuzzer.h     | 14 -------
 .../hdfxcollie_fuzzer/project.xml             | 17 --------
 7 files changed, 14 insertions(+), 112 deletions(-)
 delete mode 100644 framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/BUILD.gn
 delete mode 100644 framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/corpus/init
 delete mode 100644 framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.cpp
 delete mode 100644 framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.h
 delete mode 100644 framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/project.xml

diff --git a/framework/test/fuzztest/BUILD.gn b/framework/test/fuzztest/BUILD.gn
index c9150449c..69830250b 100644
--- a/framework/test/fuzztest/BUILD.gn
+++ b/framework/test/fuzztest/BUILD.gn
@@ -27,6 +27,5 @@ group("hdf_framework_fuzztest") {
     "servmgr_cpp_fuzzer/servstatlistenerstub_fuzzer:ServStatListenerStubFuzzTest",
     "servmgr_cpp_fuzzer/unregisterservicestatuslistener_fuzzer:UnregisterServiceStatusListenerFuzzTest",
     "syscall_fuzzer/syscall_fuzzer:SyscallFuzzTest",
-    "uhdf2_utils_fuzzer/hdfxcollie_fuzzer:HdfXCollieFuzzTest",
   ]
 }
diff --git a/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp b/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp
index 395184474..f107499cd 100644
--- a/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp
+++ b/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp
@@ -19,6 +19,7 @@ extern "C" {
 #include "devmgr_service.h"
 #include "devmgr_service_full.h"
 #include "devmgr_uevent.h"
+#include "hdf_sbuf.h"
 
 #ifdef __cplusplus
 } // extern "C"
@@ -26,7 +27,7 @@ extern "C" {
 
 #define HDF_LOG_TAG devicemanagerstart_fuzzer
 
-static int DeviceManagerStartServiceFuzzTest()
+static int DeviceManagerStartServiceFuzzTest(const uint8_t *data, size_t size)
 {
     HDF_LOGI("start hdf device manager fuzzer");
     int status = HDF_FAILURE;
@@ -54,6 +55,17 @@ static int DeviceManagerStartServiceFuzzTest()
             HDF_LOGI("device manager fuzzer skip loop");
         }
     }
+    struct HdfSBuf *dataBuf = HdfSbufTypedObtain(SBUF_IPC);
+    if (dataBuf == nullptr) {
+        HDF_LOGE("%{public}s:%{public}d: failed to create data buf", __func__, __LINE__);
+        return false;
+    }
+
+    if (!HdfSbufWriteBuffer(dataBuf, data, size)) {
+        HDF_LOGE("%{public}s:%{public}d: failed to write data", __func__, __LINE__);
+        HdfSbufRecycle(dataBuf);
+        return false;
+    }
 
     HDF_LOGI("end of hdf device manager fuzzer, status is %{public}d", status);
     return status;
@@ -66,7 +78,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         return ret;
     }
 
-    ret = DeviceManagerStartServiceFuzzTest();
+    ret = DeviceManagerStartServiceFuzzTest(data, size);
     if (ret != HDF_SUCCESS) {
         HDF_LOGE("DeviceManagerStartServiceFuzzTest failed, ret is %{public}d", ret);
         return ret;
diff --git a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/BUILD.gn b/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/BUILD.gn
deleted file mode 100644
index aeb320049..000000000
--- a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/BUILD.gn
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright (c) 2024 Huawei Device Co., Ltd.
-#
-# HDF is dual licensed: you can use it either under the terms of
-# the GPL, or the BSD license, at your option.
-# See the LICENSE file in the root of this repository for complete details.
-
-import("//build/config/features.gni")
-import("//build/ohos.gni")
-import("//build/test.gni")
-import("//drivers/hdf_core/adapter/uhdf2/uhdf.gni")
-
-module_output_path = "hdf_core/hdf_core/uhdf2_utils_fuzzer"
-
-ohos_fuzztest("HdfXCollieFuzzTest") {
-  module_out_path = module_output_path
-
-  fuzz_config_file =
-      "$hdf_framework_path/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer"
-
-  include_dirs = [ "$hdf_uhdf_path/utils/include" ]
-
-  sources = [ "hdfxcollie_fuzzer.cpp" ]
-
-  deps = [ "$hdf_uhdf_path/pub_utils:libpub_utils" ]
-
-  external_deps = [
-    "c_utils:utils",
-    "hilog:libhilog",
-  ]
-
-  if (hicollie_enabled) {
-    defines = [ "HDFHICOLLIE_ENABLE" ]
-  }
-}
-
-group("fuzztest") {
-  testonly = true
-  deps = [ ":HdfXCollieFuzzTest" ]
-}
diff --git a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/corpus/init b/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/corpus/init
deleted file mode 100644
index f707fb4e4..000000000
--- a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/corpus/init
+++ /dev/null
@@ -1,7 +0,0 @@
-# Copyright (c) 2024 Huawei Device Co., Ltd.
-#
-# HDF is dual licensed: you can use it either under the terms of
-# the GPL, or the BSD license, at your option.
-# See the LICENSE file in the root of this repository for complete details.
-
-FUZZ
\ No newline at end of file
diff --git a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.cpp b/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.cpp
deleted file mode 100644
index 899721282..000000000
--- a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.cpp
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (c) 2024 Huawei Device Co., Ltd.
- *
- * HDF is dual licensed: you can use it either under the terms of
- * the GPL, or the BSD license, at your option.
- * See the LICENSE file in the root of this repository for complete details.
- */
-
-#include "hdfxcollie_fuzzer.h"
-
-#include "hdf_xcollie.h"
-#include "hdf_base.h"
-#include "hdf_core_log.h"
-#define HDF_LOG_TAG hdfxcollie_fuzzer
-
-static int HdfXCollieFuzzTest()
-{
-    ::OHOS::HdfXCollie& inst = ::OHOS::HdfXCollie::GetInstance();
-    (void)inst;
-    return HDF_SUCCESS;
-}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
-{
-    int ret = HDF_FAILURE;
-    ret = HdfXCollieFuzzTest();
-    if (ret != HDF_SUCCESS) {
-        HDF_LOGE("HdfXCollieFuzzTest failed, ret is %{public}d", ret);
-        return ret;
-    }
-    return HDF_SUCCESS;
-}
diff --git a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.h b/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.h
deleted file mode 100644
index 2d92aa543..000000000
--- a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/hdfxcollie_fuzzer.h
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
- * Copyright (c) 2024 Huawei Device Co., Ltd.
- *
- * HDF is dual licensed: you can use it either under the terms of
- * the GPL, or the BSD license, at your option.
- * See the LICENSE file in the root of this repository for complete details.
- */
-
-#ifndef HDF_XCOLLIE_FUZZER_H
-#define HDF_XCOLLIE_FUZZER_H
-
-#define FUZZ_PROJECT_NAME "hdfxcollie_fuzzer"
-
-#endif // HDF_XCOLLIE_FUZZER_H
\ No newline at end of file
diff --git a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/project.xml b/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/project.xml
deleted file mode 100644
index c39057510..000000000
--- a/framework/test/fuzztest/uhdf2_utils_fuzzer/hdfxcollie_fuzzer/project.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (c) 2024 Huawei Device Co., Ltd.
-
-     HDF is dual licensed: you can use it either under the terms of
-     the GPL, or the BSD license, at your option.
-     See the LICENSE file in the root of this repository for complete details.
--->
-<fuzz_config>
-  <fuzztest>
-    <!-- maximum length of a test input -->
-    <max_len>0</max_len>
-    <!-- maximum total time in seconds to run the fuzzer -->
-    <max_total_time>10</max_total_time>
-    <!-- memory usage limit in Mb -->
-    <rss_limit_mb>128</rss_limit_mb>
-  </fuzztest>
-</fuzz_config>
-- 
Gitee


From a8729308416ad01478b916ab27d21feb8e2a0723 Mon Sep 17 00:00:00 2001
From: huyx <huyuxiang8@h-partners.com>
Date: Wed, 20 Nov 2024 17:20:54 +0800
Subject: [PATCH 2/2] =?UTF-8?q?fuzz=E5=91=8A=E8=AD=A6=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: huyx <huyuxiang8@h-partners.com>
---
 .../devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp b/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp
index f107499cd..c6e16ea0b 100644
--- a/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp
+++ b/framework/test/fuzztest/devicemanagerstart_fuzzer/devicemanagerstart_fuzzer.cpp
@@ -10,6 +10,7 @@
 
 #include "hdf_base.h"
 #include "hdf_core_log.h"
+#include "hdf_sbuf.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -19,7 +20,6 @@ extern "C" {
 #include "devmgr_service.h"
 #include "devmgr_service_full.h"
 #include "devmgr_uevent.h"
-#include "hdf_sbuf.h"
 
 #ifdef __cplusplus
 } // extern "C"
-- 
Gitee