diff --git a/test/fuzztest/commonevent_fuzzer/commonevent_fuzzer.cpp b/test/fuzztest/commonevent_fuzzer/commonevent_fuzzer.cpp index acfd6c39a19eca06503311f9442fc6017f7c2461..0c482c3ec2fa4f88e8cfe327e0653fc6f2dcf2ea 100644 --- a/test/fuzztest/commonevent_fuzzer/commonevent_fuzzer.cpp +++ b/test/fuzztest/commonevent_fuzzer/commonevent_fuzzer.cpp @@ -26,12 +26,12 @@ #include "on_demand_start_stop_sa.h" #include "input_method_system_ability.h" #undef private -#include "iremote_object.h" -#include "inputmethod_message_handler.h" +#include "fuzzer/FuzzedDataProvider.h" #include "input_method_controller.h" #include "input_method_core_service_impl.h" +#include "inputmethod_message_handler.h" +#include "iremote_object.h" #include "system_cmd_channel_service_impl.h" - using namespace OHOS::MiscServices; using namespace MessageID; namespace OHOS { @@ -61,7 +61,8 @@ void FuzzOnDemandStartStopSa(const uint8_t *data, size_t size) sptr callback = new (std::nothrow) OnDemandStartStopSa::SaLoadCallback(onDemandStartStopSa); sptr object {nullptr}; - auto fuzzedInt32 = static_cast(size); + FuzzedDataProvider provider(data, size); + int32_t fuzzedInt32 = provider.ConsumeIntegral(); callback->OnLoadSystemAbilitySuccess(fuzzedInt32, object); callback->OnLoadSystemAbilityFail(fuzzedInt32); OnDemandStartStopSa::IncreaseProcessingIpcCnt(); @@ -71,9 +72,10 @@ void FuzzOnDemandStartStopSa(const uint8_t *data, size_t size) void FuzzSwitchOperation(const uint8_t *data, size_t size) { - auto fuzzedUint64 = static_cast(size); - auto fuzzedUint32 = static_cast(size); - auto fuzzedInt32 = static_cast(size); + FuzzedDataProvider provider(data, size); + auto fuzzedUint64 = provider.ConsumeIntegral(); + auto fuzzedUint32 = provider.ConsumeIntegral(); + auto fuzzedInt32 = provider.ConsumeIntegral(); sptr core = new InputMethodCoreServiceImpl(); sptr stub = new SystemCmdChannelServiceImpl(); auto info = std::make_shared(); @@ -99,7 +101,8 @@ void FuzzSwitchOperation(const uint8_t *data, size_t size) void FuzzHandleOperation(const uint8_t *data, size_t size) { - auto fuzzedInt32 = static_cast(size); + FuzzedDataProvider provider(data, size); + auto fuzzedInt32 = provider.ConsumeIntegral(); InputType inputType = static_cast(size); InputClientInfo clientInfo {}; diff --git a/test/fuzztest/imeenabledinfomanager_fuzzer/BUILD.gn b/test/fuzztest/imeenabledinfomanager_fuzzer/BUILD.gn index 83755dec2963a8d06682afb3868e960f1230d8ca..5cdb41d4715d49ee486e0c75019daac0e3b2ef31 100644 --- a/test/fuzztest/imeenabledinfomanager_fuzzer/BUILD.gn +++ b/test/fuzztest/imeenabledinfomanager_fuzzer/BUILD.gn @@ -22,9 +22,11 @@ import("//build/test.gni") ohos_fuzztest("ImeEnabledInfoManagerFuzzTest") { module_out_path = "imf/imf" - fuzz_config_file = "${inputmethod_path}/test/fuzztest/imeenabledinfomanager_fuzzer" + fuzz_config_file = + "${inputmethod_path}/test/fuzztest/imeenabledinfomanager_fuzzer" - include_dirs = [ "${inputmethod_path}/services/adapter/settings_data_provider/include" ] + include_dirs = + [ "${inputmethod_path}/services/adapter/settings_data_provider/include" ] cflags = [ "-g", @@ -64,4 +66,4 @@ group("fuzztest") { deps = [] deps += [ ":ImeEnabledInfoManagerFuzzTest" ] } -############################################################################### \ No newline at end of file +############################################################################### diff --git a/test/fuzztest/imeenabledinfomanager_fuzzer/imeenabledinfomanager_fuzzer.cpp b/test/fuzztest/imeenabledinfomanager_fuzzer/imeenabledinfomanager_fuzzer.cpp index f84e39bc43923e9c3d97e29cc3e0f2b2b6d6b2c8..b434b61bf68ad5cbdffa155bc937ad7806c86f62 100644 --- a/test/fuzztest/imeenabledinfomanager_fuzzer/imeenabledinfomanager_fuzzer.cpp +++ b/test/fuzztest/imeenabledinfomanager_fuzzer/imeenabledinfomanager_fuzzer.cpp @@ -19,6 +19,7 @@ #define protected public #include "ime_enabled_info_manager.h" #undef private +#include "fuzzer/FuzzedDataProvider.h" using namespace OHOS::MiscServices; namespace OHOS { @@ -33,7 +34,8 @@ std::string GetString(const uint8_t *data, size_t size) void FuzzInit(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); std::map> fullImeInfos; std::vector imeInfos; @@ -49,7 +51,8 @@ void FuzzInit(const uint8_t *data, size_t size) void FuzzSwitch(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); std::vector imeInfos; for (size_t i = 0; i < size; i++) { @@ -63,13 +66,15 @@ void FuzzSwitch(const uint8_t *data, size_t size) void FuzzDelete(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); ImeEnabledInfoManager::GetInstance().Delete(userId); } void FuzzAddPackage(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); FullImeInfo imeInfo; imeInfo.prop.name = fuzzedString; @@ -79,14 +84,16 @@ void FuzzAddPackage(const uint8_t *data, size_t size) void FuzzDeletePackage(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); ImeEnabledInfoManager::GetInstance().Delete(userId, fuzzedString); } void FuzzUpdateEnabledStatus(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto enabledStatus = static_cast(size); auto fuzzedString = GetString(data, size); ImeEnabledInfoManager::GetInstance().Update(userId, fuzzedString, fuzzedString + "ext", enabledStatus); @@ -94,7 +101,8 @@ void FuzzUpdateEnabledStatus(const uint8_t *data, size_t size) void FuzzGetEnabledState(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); auto enabledStatus = EnabledStatus::DISABLED; ImeEnabledInfoManager::GetInstance().GetEnabledState(userId, fuzzedString, enabledStatus); @@ -102,7 +110,8 @@ void FuzzGetEnabledState(const uint8_t *data, size_t size) void FuzzGetEnabledStates(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); std::vector props; for (size_t i = 0; i < size; i++) { @@ -116,14 +125,16 @@ void FuzzGetEnabledStates(const uint8_t *data, size_t size) void FuzzIsDefaultFullMode(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); ImeEnabledInfoManager::GetInstance().IsDefaultFullMode(userId, fuzzedString); } void FuzzSetCurrentIme(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); std::string imeId = fuzzedString; if (size % EVEN_CHECK_NUMBER == 0) { @@ -138,7 +149,8 @@ void FuzzSetCurrentIme(const uint8_t *data, size_t size) void FuzzSetTmpIme(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); auto fuzzedString = GetString(data, size); std::string imeId = fuzzedString; if (size % EVEN_CHECK_NUMBER == 0) { @@ -149,24 +161,28 @@ void FuzzSetTmpIme(const uint8_t *data, size_t size) void FuzzGetCurrentImeCfg(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); ImeEnabledInfoManager::GetInstance().GetCurrentImeCfg(userId); } void FuzzIsDefaultImeSet(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); ImeEnabledInfoManager::GetInstance().IsDefaultImeSet(userId); } void FuzzOnFullExperienceTableChanged(const uint8_t *data, size_t size) { - auto userId = static_cast(size); + FuzzedDataProvider provider(data, size); + auto userId = provider.ConsumeIntegral(); ImeEnabledInfoManager::GetInstance().OnFullExperienceTableChanged(userId); } void FuzzGetEnabledStateInner(const uint8_t *data, size_t size) { + FuzzedDataProvider provider(data, size); static std::vector props; static std::vector imeInfos; static std::vector enabledInfos; @@ -177,10 +193,10 @@ void FuzzGetEnabledStateInner(const uint8_t *data, size_t size) prop.id = std::to_string(i) + fuzzedString; props.push_back(prop); } - auto userId = static_cast(size); + auto userId = provider.ConsumeIntegral(); auto fuzzedBool = static_cast(data[0] % 2); - auto fuzzUint32 = static_cast(size); - auto fuzzInt32 = static_cast(size); + auto fuzzUint32 = provider.ConsumeIntegral(); + auto fuzzInt32 = provider.ConsumeIntegral(); EnabledStatus status = static_cast(fuzzInt32); FullImeInfo imeInfo = { .isNewIme = fuzzedBool, .tokenId = fuzzUint32, .appId = fuzzedString, .versionCode = fuzzUint32 }; diff --git a/test/fuzztest/imeeventmonitormanager_fuzzer/imeeventmonitormanager_fuzzer.cpp b/test/fuzztest/imeeventmonitormanager_fuzzer/imeeventmonitormanager_fuzzer.cpp index a713402fd8c2d2e2f934331048d04f4e5417f2b7..5911d16d9f6577311fabba24849545194223a36b 100644 --- a/test/fuzztest/imeeventmonitormanager_fuzzer/imeeventmonitormanager_fuzzer.cpp +++ b/test/fuzztest/imeeventmonitormanager_fuzzer/imeeventmonitormanager_fuzzer.cpp @@ -14,7 +14,7 @@ */ #include "imeeventmonitormanager_fuzzer.h" - +#include "fuzzer/FuzzedDataProvider.h" #include "ime_event_monitor_manager.h" #include "ime_setting_listener_test_impl.h" @@ -23,16 +23,18 @@ namespace OHOS { constexpr size_t THRESHOLD = 10; void FuzzRegisterImeEventListener(const uint8_t *rawData, size_t size) { + FuzzedDataProvider provider(rawData, size); auto listener = std::make_shared(); - ImeEventMonitorManager::GetInstance().RegisterImeEventListener(static_cast(size), nullptr); - ImeEventMonitorManager::GetInstance().RegisterImeEventListener(static_cast(size), listener); + ImeEventMonitorManager::GetInstance().RegisterImeEventListener(provider.ConsumeIntegral(), nullptr); + ImeEventMonitorManager::GetInstance().RegisterImeEventListener(provider.ConsumeIntegral(), listener); } void FuzzUnRegisterImeEventListener(const uint8_t *rawData, size_t size) { + FuzzedDataProvider provider(rawData, size); auto listener = std::make_shared(); - ImeEventMonitorManager::GetInstance().UnRegisterImeEventListener(static_cast(size), nullptr); - ImeEventMonitorManager::GetInstance().UnRegisterImeEventListener(static_cast(size), listener); + ImeEventMonitorManager::GetInstance().UnRegisterImeEventListener(provider.ConsumeIntegral(), nullptr); + ImeEventMonitorManager::GetInstance().UnRegisterImeEventListener(provider.ConsumeIntegral(), listener); } /* Fuzzer entry point */ diff --git a/test/fuzztest/imfhisyseventreport_fuzzer/imfhisyseventreport_fuzzer.cpp b/test/fuzztest/imfhisyseventreport_fuzzer/imfhisyseventreport_fuzzer.cpp index d52e30125e33fadcda0993cf9510eb5a8af3a594..eb277a316acaa78ef3310f8c1242fbb1265d87a3 100644 --- a/test/fuzztest/imfhisyseventreport_fuzzer/imfhisyseventreport_fuzzer.cpp +++ b/test/fuzztest/imfhisyseventreport_fuzzer/imfhisyseventreport_fuzzer.cpp @@ -31,13 +31,14 @@ #include #include -#include "imfhisyseventreport_fuzzer.h" +#include "fuzzer/FuzzedDataProvider.h" #include "global.h" #include "hisysevent_base_manager.h" #include "hisysevent_listener.h" #include "hisysevent_manager.h" #include "hisysevent_query_callback.h" #include "hisysevent_record.h" +#include "imfhisyseventreport_fuzzer.h" using namespace OHOS::MiscServices; namespace OHOS { @@ -59,12 +60,13 @@ void TestClientAttach01(const uint8_t *data, size_t size) void TestClientAttach02(const uint8_t *data, size_t size) { + FuzzedDataProvider provider(data, size); std::string fuzzedString(reinterpret_cast(data), size); auto paramPeerName = fuzzedString; - auto paramPeerUserId = static_cast(size); - auto paramPeerPid = static_cast(size); - auto errCode = static_cast(size); - auto paramIsShowkeyboard = static_cast(data[0] % 2); + auto paramPeerUserId = provider.ConsumeIntegral(); + auto paramPeerPid = provider.ConsumeIntegral(); + auto errCode = provider.ConsumeIntegral(); + auto paramIsShowkeyboard = provider.ConsumeBool(); auto paramImeName = fuzzedString; auto info = HiSysOriginalInfo::Builder() .SetPeerName(paramPeerName) @@ -81,12 +83,13 @@ void TestClientAttach02(const uint8_t *data, size_t size) void TestClientShow(const uint8_t *data, size_t size) { + FuzzedDataProvider provider(data, size); std::string fuzzedString(reinterpret_cast(data), size); auto paramPeerName = fuzzedString; - auto paramPeerUserId = static_cast(size); - auto paramPeerPid = static_cast(size); - auto errCode = static_cast(size); - auto paramIEventCode = static_cast(size); + auto paramPeerUserId = provider.ConsumeIntegral(); + auto paramPeerPid = provider.ConsumeIntegral(); + auto errCode = provider.ConsumeIntegral(); + auto paramIEventCode = provider.ConsumeIntegral(); auto paramImeName = fuzzedString; auto info = HiSysOriginalInfo::Builder() .SetPeerName(paramPeerName) @@ -102,12 +105,13 @@ void TestClientShow(const uint8_t *data, size_t size) void TestStartInput(const uint8_t *data, size_t size) { + FuzzedDataProvider provider(data, size); std::string fuzzedString(reinterpret_cast(data), size); auto paramPeerName = fuzzedString; - auto paramPeerPid = static_cast(size); - auto errCode = static_cast(size); - auto paramIsShowkeyboard = static_cast(data[0] % 2); - auto paramIEventCode = static_cast(size); + auto paramPeerPid = provider.ConsumeIntegral(); + auto errCode = provider.ConsumeIntegral(); + auto paramIsShowkeyboard = provider.ConsumeBool(); + auto paramIEventCode = provider.ConsumeIntegral(); auto info = HiSysOriginalInfo::Builder() .SetPeerName(paramPeerName) .SetPeerPid(paramPeerPid) @@ -120,11 +124,12 @@ void TestStartInput(const uint8_t *data, size_t size) void TestBaseTextOperation(const uint8_t *data, size_t size) { + FuzzedDataProvider provider(data, size); std::string fuzzedString(reinterpret_cast(data), size); auto paramPeerName = fuzzedString; - auto paramPeerPid = static_cast(size); - auto errCode = static_cast(size); - auto paramIEventCode = static_cast(size); + auto paramPeerPid = provider.ConsumeIntegral(); + auto errCode = provider.ConsumeIntegral(); + auto paramIEventCode = provider.ConsumeIntegral(); auto info = HiSysOriginalInfo::Builder() .SetPeerName(paramPeerName) .SetPeerPid(paramPeerPid) @@ -137,7 +142,8 @@ void TestBaseTextOperation(const uint8_t *data, size_t size) void TestRecordBaseTextOperationStatistics(const uint8_t *data, size_t size) { - auto code = static_cast(size); + FuzzedDataProvider provider(data, size); + auto code = provider.ConsumeIntegral(); auto info = HiSysOriginalInfo::Builder() .SetErrCode(code) .Build(); @@ -147,7 +153,8 @@ void TestRecordBaseTextOperationStatistics(const uint8_t *data, size_t size) void TestIntervalIndex(const uint8_t *data, size_t size) { - auto fuzzInt32 = static_cast(size); + FuzzedDataProvider provider(data, size); + auto fuzzInt32 = provider.ConsumeIntegral(); ImaHiSysEventReporter::GetInstance().GetBaseTextOperationSucceedIntervalIndex(fuzzInt32); ImaHiSysEventReporter::GetInstance().ReportStatisticsEvent(); ImaHiSysEventReporter::GetInstance().ModImeCbTimeConsumeInfo(fuzzInt32); @@ -155,8 +162,9 @@ void TestIntervalIndex(const uint8_t *data, size_t size) void TestInputMethodSysEvent(const uint8_t *data, size_t size) { - auto fuzzInt32 = static_cast(size); - auto fuzzUint32 = static_cast(size); + FuzzedDataProvider provider(data, size); + auto fuzzInt32 = provider.ConsumeIntegral(); + auto fuzzUint32 = provider.ConsumeIntegral(); std::string fuzzedString(reinterpret_cast(data), size); using TimerCallback = std::function; TimerCallback tc; @@ -170,8 +178,9 @@ void TestInputMethodSysEvent(const uint8_t *data, size_t size) void TestOnDemandStartStopSa(const uint8_t *data, size_t size) { - auto fuzzInt32 = static_cast(size); - auto fuzzUint32 = static_cast(size); + FuzzedDataProvider provider(data, size); + auto fuzzInt32 = provider.ConsumeIntegral(); + auto fuzzUint32 = provider.ConsumeIntegral(); std::string fuzzedString(reinterpret_cast(data), size); using TimerCallback = std::function; TimerCallback tc; diff --git a/test/fuzztest/inputmethodability_fuzzer/inputmethodability_fuzzer.cpp b/test/fuzztest/inputmethodability_fuzzer/inputmethodability_fuzzer.cpp index 33e703491005658ec6c7504aea891144bd9dd814..11886674c22b935b731efd8f4308035dc69c9a9e 100644 --- a/test/fuzztest/inputmethodability_fuzzer/inputmethodability_fuzzer.cpp +++ b/test/fuzztest/inputmethodability_fuzzer/inputmethodability_fuzzer.cpp @@ -22,6 +22,7 @@ #include "input_method_ability.h" #undef private +#include "fuzzer/FuzzedDataProvider.h" #include "input_client_service_impl.h" #include "input_method_engine_listener_impl.h" @@ -198,10 +199,11 @@ void TestInterfaceCoverage(int32_t dataInt32, bool dataBool, std::u16string &tex extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ + FuzzedDataProvider provider(data, size); std::string fuzzedString(reinterpret_cast(data), size); - auto fuzzedInt32 = static_cast(size); - auto fuzzedUint64 = static_cast(size); - auto fuzzedInt64 = static_cast(size); + auto fuzzedInt32 = provider.ConsumeIntegral(); + auto fuzzedUint64 = provider.ConsumeIntegral(); + auto fuzzedInt64 = provider.ConsumeIntegral(); InputClientInfo clientInfo; if (!OHOS::InitializeClientInfo(clientInfo)) { return false; diff --git a/test/fuzztest/inputmethodcontroller_fuzzer/inputmethodcontroller_fuzzer.cpp b/test/fuzztest/inputmethodcontroller_fuzzer/inputmethodcontroller_fuzzer.cpp index 17601cf767e2f21fcc34ef9806312b5ba0fd8497..0e77a1bdf391eab5ea0f0dedb9c95a31c62e5a65 100644 --- a/test/fuzztest/inputmethodcontroller_fuzzer/inputmethodcontroller_fuzzer.cpp +++ b/test/fuzztest/inputmethodcontroller_fuzzer/inputmethodcontroller_fuzzer.cpp @@ -24,6 +24,7 @@ #include #include +#include "fuzzer/FuzzedDataProvider.h" #include "global.h" #include "input_attribute.h" #include "key_event.h" @@ -415,16 +416,17 @@ void FUZZOnTextChangedListener(const uint8_t *data, size_t size) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ + FuzzedDataProvider provider(data, size); std::string fuzzedString(data, data + size); std::u16string fuzzedU16String = u"insert text"; - auto fuzzedInt = static_cast(size); - auto fuzzedInt32 = static_cast(size); - auto fuzzedUint32 = static_cast(size); - auto fuzzedint64 = static_cast(size); + auto fuzzedInt = provider.ConsumeIntegral(); + auto fuzzedInt32 = provider.ConsumeIntegral(); + auto fuzzedUint32 = provider.ConsumeIntegral(); + auto fuzzedint64 = provider.ConsumeIntegral(); auto fuzzedDouble = static_cast(size); auto fuzzedTrigger = static_cast(size); - auto fuzzedBool = static_cast(data[0] % 2); + auto fuzzedBool = provider.ConsumeBool(); OHOS::sptr imc = InputMethodController::GetInstance(); diff --git a/test/fuzztest/inputmethodsystemability_fuzzer/inputmethodsystemability_fuzzer.cpp b/test/fuzztest/inputmethodsystemability_fuzzer/inputmethodsystemability_fuzzer.cpp index 2e42f2dbc38972609d9806e38b4230a70f8b090e..5b099bdf35b354ef131ea198f9c3155e896bcd43 100644 --- a/test/fuzztest/inputmethodsystemability_fuzzer/inputmethodsystemability_fuzzer.cpp +++ b/test/fuzztest/inputmethodsystemability_fuzzer/inputmethodsystemability_fuzzer.cpp @@ -24,17 +24,18 @@ #include #include "accesstoken_kit.h" +#include "fuzzer/FuzzedDataProvider.h" #include "global.h" #include "ime_cfg_manager.h" +#include "ime_enabled_info_manager.h" #include "input_method_controller.h" -#include "inputmethodsystemability_fuzzer.h" #include "input_method_core_service_impl.h" -#include "system_cmd_channel_service_impl.h" -#include "ime_enabled_info_manager.h" +#include "inputmethodsystemability_fuzzer.h" #include "iservice_registry.h" #include "message_parcel.h" #include "nativetoken_kit.h" #include "system_ability_definition.h" +#include "system_cmd_channel_service_impl.h" #include "text_listener.h" #include "token_setproc.h" @@ -91,7 +92,8 @@ void FuzzOnScreenUnlock() void SystemAbility(const uint8_t *data, size_t size) { - auto fuzzedUint32 = static_cast(size); + FuzzedDataProvider provider(data, size); + auto fuzzedUint32 = provider.ConsumeIntegral(); DelayedSingleton::GetInstance()->ReleaseInput(nullptr, fuzzedUint32); } } // namespace OHOS @@ -99,7 +101,8 @@ void SystemAbility(const uint8_t *data, size_t size) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ - const int32_t userId = static_cast(size); + FuzzedDataProvider provider(data, size); + const int32_t userId = provider.ConsumeIntegral(); std::string fuzzedString(reinterpret_cast(data), size); OHOS::FuzzOnUser(userId, fuzzedString); diff --git a/test/fuzztest/perusersession_fuzzer/perusersession_fuzzer.cpp b/test/fuzztest/perusersession_fuzzer/perusersession_fuzzer.cpp index f19f250b7fba47daf47677a8a7e6606fcd5d0742..61e21da48c03393d900bb42f3695a2422ccfe803 100644 --- a/test/fuzztest/perusersession_fuzzer/perusersession_fuzzer.cpp +++ b/test/fuzztest/perusersession_fuzzer/perusersession_fuzzer.cpp @@ -25,6 +25,7 @@ #include #include +#include "fuzzer/FuzzedDataProvider.h" #include "global.h" #include "iinput_method_agent.h" #include "iinput_method_core.h" @@ -93,7 +94,8 @@ bool FuzzPerUserSession(const uint8_t *rawData, size_t size) static std::shared_ptr userSessions = std::make_shared(MAIN_USER_ID); userSessions->OnRegisterProxyIme(core, agent->AsObject()); - int32_t type = 4; + FuzzedDataProvider provider(rawData, size); + int32_t type = provider.ConsumeIntegral(); userSessions->OnUnRegisteredProxyIme(static_cast(type), core); userSessions->IsProxyImeEnable(); @@ -101,11 +103,9 @@ bool FuzzPerUserSession(const uint8_t *rawData, size_t size) userSessions->OnSetCoreAndAgent(core, agent->AsObject()); userSessions->OnShowCurrentInput(DEFAULT_DISPLAY_ID); sptr agentObject = nullptr; - clientInfo.isShowKeyboard = false; + clientInfo.isShowKeyboard = provider.ConsumeBool(); std::pair imeInfo; userSessions->OnStartInput(clientInfo, agentObject, imeInfo); - clientInfo.isShowKeyboard = true; - userSessions->OnStartInput(clientInfo, agentObject, imeInfo); userSessions->NotifyImeChangeToClients(property, subProperty); userSessions->OnHideCurrentInput(DEFAULT_DISPLAY_ID); userSessions->OnHideInput(client); diff --git a/test/fuzztest/systemabilitystubfuzztest/common/imf_sa_stub_fuzz_util.cpp b/test/fuzztest/systemabilitystubfuzztest/common/imf_sa_stub_fuzz_util.cpp index 7dedfd8b86cbc91f05a180c2182353af7e0a61e3..7b86f5d5824e408cf516cff0ec11b17559ddd781 100644 --- a/test/fuzztest/systemabilitystubfuzztest/common/imf_sa_stub_fuzz_util.cpp +++ b/test/fuzztest/systemabilitystubfuzztest/common/imf_sa_stub_fuzz_util.cpp @@ -16,17 +16,18 @@ #include "imf_sa_stub_fuzz_util.h" #include "accesstoken_kit.h" +#include "fuzzer/FuzzedDataProvider.h" #include "global.h" #include "ime_cfg_manager.h" +#include "input_client_service_impl.h" +#include "input_method_agent_service_impl.h" +#include "input_method_core_service_impl.h" #include "iservice_registry.h" #include "message_parcel.h" #include "nativetoken_kit.h" #include "system_ability_definition.h" #include "text_listener.h" #include "token_setproc.h" -#include "input_client_service_impl.h" -#include "input_method_agent_service_impl.h" -#include "input_method_core_service_impl.h" namespace OHOS { namespace MiscServices { @@ -67,12 +68,14 @@ bool ImfSaStubFuzzUtil::SwitchIpcCode(IInputMethodSystemAbilityIpcCode code, Mes if (!datas.WriteParcelable(&clientInfoInner)) { return false; } + break; } case IInputMethodSystemAbilityIpcCode::COMMAND_SHOW_INPUT: { sptr client = new (std::nothrow) InputClientServiceImpl(); if (client == nullptr || !datas.WriteRemoteObject(client->AsObject())) { return false; } + break; } case IInputMethodSystemAbilityIpcCode::COMMAND_SET_CORE_AND_AGENT: { sptr core = new InputMethodCoreServiceImpl(); @@ -81,28 +84,33 @@ bool ImfSaStubFuzzUtil::SwitchIpcCode(IInputMethodSystemAbilityIpcCode code, Mes || !datas.WriteRemoteObject(agent->AsObject())) { return false; } + break; } case IInputMethodSystemAbilityIpcCode::COMMAND_UN_REGISTERED_PROXY_IME: { sptr core = new InputMethodCoreServiceImpl(); if (core == nullptr || !datas.WriteInt32(fuzzedInt32) || !datas.WriteRemoteObject(core->AsObject())) { return false; } + break; } case IInputMethodSystemAbilityIpcCode::COMMAND_RELEASE_INPUT: { sptr client = new (std::nothrow) InputClientServiceImpl(); if (client == nullptr || !datas.WriteRemoteObject(client->AsObject())) { return false; } + break; } case IInputMethodSystemAbilityIpcCode::COMMAND_HIDE_INPUT: { sptr client = new (std::nothrow) InputClientServiceImpl(); if (client == nullptr || !datas.WriteRemoteObject(client->AsObject())) { return false; } + break; } default: return true; } + return true; } bool ImfSaStubFuzzUtil::FuzzInputMethodSystemAbility(const uint8_t *rawData, size_t size, @@ -111,7 +119,8 @@ bool ImfSaStubFuzzUtil::FuzzInputMethodSystemAbility(const uint8_t *rawData, siz if (!isInitialize_) { Initialize(); } - auto fuzzedInt32 = static_cast(size); + FuzzedDataProvider provider(rawData, size); + auto fuzzedInt32 = provider.ConsumeIntegral(); GrantNativePermission(); MessageParcel datas; diff --git a/test/fuzztest/systemcmdchannelstub_fuzzer/systemcmdchannelstub_fuzzer.cpp b/test/fuzztest/systemcmdchannelstub_fuzzer/systemcmdchannelstub_fuzzer.cpp index 878881386ab6f5f07675e4868bf5f2a7f127d0d0..abddf70a0723bcfb7266f32b8acbe476734cade7 100644 --- a/test/fuzztest/systemcmdchannelstub_fuzzer/systemcmdchannelstub_fuzzer.cpp +++ b/test/fuzztest/systemcmdchannelstub_fuzzer/systemcmdchannelstub_fuzzer.cpp @@ -18,8 +18,9 @@ #include #include -#include "system_cmd_channel_service_impl.h" +#include "fuzzer/FuzzedDataProvider.h" #include "message_parcel.h" +#include "system_cmd_channel_service_impl.h" using namespace OHOS::MiscServices; namespace OHOS { @@ -37,8 +38,9 @@ uint32_t ConvertToUint32(const uint8_t *ptr) } bool FuzzSystemCmdChannelStub(const uint8_t *rawData, size_t size) { + FuzzedDataProvider provider(rawData, size); InputType fuzzedBool = static_cast(rawData[0] % 2); - auto fuzzedUint32 = static_cast(size); + auto fuzzedUint32 = provider.ConsumeIntegral(); uint32_t code = ConvertToUint32(rawData); rawData = rawData + OFFSET;