From cfb11ccb19f1ae53b7e81f3ee4221341d8478cb0 Mon Sep 17 00:00:00 2001
From: wangpggg <wangpeng477@huawei.com>
Date: Tue, 19 Nov 2024 19:33:21 +0800
Subject: [PATCH] modify fuzz testcases

Signed-off-by: wangpeng <wangpeng477@huawei.com>
---
 .../remotefileshare_fuzzer.cpp                |  4 +--
 .../servicereverse_fuzzer.cpp                 | 31 ++++++++++++-------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp
index f0dbb7436..06ae9b6ba 100644
--- a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp
+++ b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp
@@ -142,7 +142,7 @@ bool ShareFilePathIoctlFdFuzzTest(const uint8_t* data, size_t size)
     int32_t ret = 0;
     int32_t dirFd;
 
-    if (size == 0) {
+    if (data == nullptr || size < sizeof(int)) {
         return false;
     }
 
@@ -168,7 +168,7 @@ bool ShareFilePathIoctlFdFuzzTest(const uint8_t* data, size_t size)
         close(dirFd);
         return false;
     }
-    sc.srcFd = size;
+    sc.srcFd = *(reinterpret_cast<const int*>(data));
 
     ret = ioctl(dirFd, HMDFS_IOC_SET_SHARE_PATH, &sc);
     if (ret < 0) {
diff --git a/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp b/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp
index 5ad5da087..f1edd63b3 100644
--- a/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp
+++ b/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp
@@ -34,7 +34,6 @@
 using namespace OHOS::FileManagement::Backup;
 
 namespace OHOS {
-constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
 constexpr uint8_t MAX_CALL_TRANSACTION = 24;
 constexpr int32_t SHIFT_FIRST = 24;
@@ -56,6 +55,11 @@ uint32_t ConvertToUint32(const uint8_t* ptr)
 
 bool BackupFuzzTest(const uint8_t *data, size_t size)
 {
+    /* Validate the length of size */
+    if (data == nullptr || size < U32_AT_SIZE) {
+        return false;
+    }
+
     uint32_t code = ConvertToUint32(data);
     if (code > static_cast<uint32_t>(IServiceReverseInterfaceCode::SERVICER_BACKUP_ON_TASK_FINISHED)) {
         return true;
@@ -77,6 +81,11 @@ bool BackupFuzzTest(const uint8_t *data, size_t size)
 
 bool RestoreFuzzTest(const uint8_t *data, size_t size)
 {
+    /* Validate the length of size */
+    if (data == nullptr || size < U32_AT_SIZE) {
+        return false;
+    }
+
     uint32_t code = ConvertToUint32(data);
     if (code < static_cast<uint32_t>(IServiceReverseInterfaceCode::SERVICER_RESTORE_ON_SUB_TASK_STARTED) ||
         code > static_cast<uint32_t>(IServiceReverseInterfaceCode::SERVICER_RESTORE_ON_FILE_READY)) {
@@ -99,6 +108,11 @@ bool RestoreFuzzTest(const uint8_t *data, size_t size)
 
 bool IncrementalBackupFuzzTest(const uint8_t *data, size_t size)
 {
+    /* Validate the length of size */
+    if (data == nullptr || size < U32_AT_SIZE) {
+        return false;
+    }
+
     uint32_t code = ConvertToUint32(data);
     if (code < static_cast<uint32_t>(IServiceReverseInterfaceCode::SERVICER_INCREMENTAL_BACKUP_ON_FILE_READY) ||
         code > static_cast<uint32_t>(IServiceReverseInterfaceCode::SERVICER_INCREMENTAL_BACKUP_ON_TASK_FINISHED)) {
@@ -121,6 +135,11 @@ bool IncrementalBackupFuzzTest(const uint8_t *data, size_t size)
 
 bool IncrementalRestoreFuzzTest(const uint8_t *data, size_t size)
 {
+    /* Validate the length of size */
+    if (data == nullptr || size < U32_AT_SIZE) {
+        return false;
+    }
+
     uint32_t code = ConvertToUint32(data);
     if (code < static_cast<uint32_t>(IServiceReverseInterfaceCode::SERVICER_INCREMENTAL_RESTORE_ON_SUB_TASK_STARTED) ||
         code > static_cast<uint32_t>(IServiceReverseInterfaceCode::SERVICER_INCREMENTAL_RESTORE_ON_FILE_READY)) {
@@ -145,16 +164,6 @@ bool IncrementalRestoreFuzzTest(const uint8_t *data, size_t size)
 /* Fuzzer entry point */
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-    /* Run your code on data */
-    if (data == nullptr) {
-        return 0;
-    }
-
-    /* Validate the length of size */
-    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
-        return 0;
-    }
-
     OHOS::BackupFuzzTest(data, size);
     OHOS::RestoreFuzzTest(data, size);
     OHOS::IncrementalBackupFuzzTest(data, size);
-- 
Gitee