From af96e05804393c84f1ebbdd26320669c5a813188 Mon Sep 17 00:00:00 2001 From: zhouoaoteng Date: Sat, 6 Jul 2024 18:16:06 +0800 Subject: [PATCH] fix:bug Signed-off-by: zhouoaoteng --- test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp | 10 ++++++++++ .../backupsaanother_fuzzer/backupsaanother_fuzzer.cpp | 7 +++++++ .../backupsaappend_fuzzer/backupsaappend_fuzzer.cpp | 6 ++++++ .../remotefileshare_fuzzer/remotefileshare_fuzzer.cpp | 11 +++++++++++ .../svcrestoredepsmanager_fuzzer.cpp | 10 ++++++++-- 5 files changed, 42 insertions(+), 2 deletions(-) diff --git a/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp b/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp index c1c7a5866..085f0c877 100644 --- a/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp +++ b/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp @@ -25,6 +25,8 @@ using namespace std; using namespace OHOS::FileManagement::Backup; constexpr uint8_t MAX_CALL_TRANSACTION = 10; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; template T TypeCast(const uint8_t *data, int *pos = nullptr) @@ -287,6 +289,14 @@ bool CmdGetBackupInfoFuzzTest(shared_ptr extension, const ui extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } auto extBackup = std::make_shared(); auto extension = std::make_shared(extBackup); diff --git a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp b/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp index f4457b4fb..90cf25620 100644 --- a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp +++ b/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp @@ -34,6 +34,8 @@ using namespace OHOS::FileManagement::Backup; namespace OHOS { constexpr int32_t SERVICE_ID = 5203; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; bool CmdGetFileHandleFuzzTest(const uint8_t *data, size_t size) { @@ -302,6 +304,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + OHOS::CmdGetFileHandleFuzzTest(data, size); OHOS::CmdAppendBundlesBackupSessionFuzzTest(data, size); OHOS::CmdReleaseFuzzTest(data, size); diff --git a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp index fd7499f8d..3064caf55 100644 --- a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp +++ b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp @@ -34,6 +34,8 @@ using namespace OHOS::FileManagement::Backup; namespace OHOS { constexpr int32_t SERVICE_ID = 5203; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; bool CmdInitRestoreSessionFuzzTest(const uint8_t *data, size_t size) { @@ -234,6 +236,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } OHOS::CmdInitRestoreSessionFuzzTest(data, size); OHOS::CmdInitBackupSessionFuzzTest(data, size); OHOS::CmdPublishFileFuzzTest(data, size); diff --git a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp index f0dbb7436..7852ada3f 100644 --- a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp +++ b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp @@ -27,9 +27,12 @@ #include "securec.h" namespace OHOS { +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; namespace AppFileService { namespace ModuleRemoteFileShare { namespace { + constexpr int HMDFS_CID_SIZE = 64; constexpr unsigned HMDFS_IOC = 0xf2; const char* g_sharePATH = "/data/storage/el2/distributedfiles/.share"; @@ -186,6 +189,14 @@ bool ShareFilePathIoctlFdFuzzTest(const uint8_t* data, size_t size) extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } OHOS::AppFileService::ModuleRemoteFileShare::ShareFilePathIoctlFdFuzzTest(data, size); OHOS::AppFileService::ModuleRemoteFileShare::ShareFilePathIoctlCidFuzzTest(data, size); OHOS::AppFileService::ModuleRemoteFileShare::ShareFilePathIoctlFdAndCidFuzzTest(data, size); diff --git a/test/fuzztest/svcrestoredepsmanager_fuzzer/svcrestoredepsmanager_fuzzer.cpp b/test/fuzztest/svcrestoredepsmanager_fuzzer/svcrestoredepsmanager_fuzzer.cpp index 313d32160..60639a08a 100644 --- a/test/fuzztest/svcrestoredepsmanager_fuzzer/svcrestoredepsmanager_fuzzer.cpp +++ b/test/fuzztest/svcrestoredepsmanager_fuzzer/svcrestoredepsmanager_fuzzer.cpp @@ -26,6 +26,7 @@ using namespace OHOS::FileManagement::Backup; using namespace std; namespace OHOS { +constexpr size_t FOO_MAX_LEN = 1024; constexpr size_t U32_AT_SIZE = 3; constexpr int SPLITE_SIZE = 5; constexpr size_t REDUNDENT_SIZE = 2; @@ -106,7 +107,6 @@ bool SvcRestoreDepsManagerFuzzTest(const uint8_t *data, size_t size) return true; } -} // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) @@ -116,6 +116,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } + /* Validate the length of size */ + if (size <= OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + OHOS::SvcRestoreDepsManagerFuzzTest(data, size); return 0; -} \ No newline at end of file +} +} // namespace OHOS \ No newline at end of file -- Gitee