From 3238d43ce3ea02fb86f0aae7c483470c5578f38b Mon Sep 17 00:00:00 2001 From: cheerful_ricky Date: Mon, 1 Sep 2025 20:17:32 +0800 Subject: [PATCH] fix fuzz uaf issue, each case should use new service and sleep for ffrt execute task Signed-off-by: cheerful_ricky --- .../servicedumpstate_fuzzer/dumpstate_fuzzer.cpp | 2 +- .../servicefinishreceiver_fuzzer/finishreceiver_fuzzer.cpp | 3 ++- .../freezeandunfreeze_fuzzer.cpp | 3 ++- .../publishcommonevent_fuzzer.cpp | 2 +- .../setstaticsubscriberstate_fuzzer.cpp | 3 ++- .../stickycommonevent_fuzzer.cpp | 3 ++- .../unsubscribecommonevent_fuzzer.cpp | 3 ++- .../subscribecommonevent_fuzzer.cpp | 3 ++- .../commoneventmanagerservice_fuzzer.cpp | 3 +-- 9 files changed, 15 insertions(+), 10 deletions(-) diff --git a/test/fuzztest/commoneventmanagerservice/servicedumpstate_fuzzer/dumpstate_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/servicedumpstate_fuzzer/dumpstate_fuzzer.cpp index 900668d0..e8883423 100644 --- a/test/fuzztest/commoneventmanagerservice/servicedumpstate_fuzzer/dumpstate_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/servicedumpstate_fuzzer/dumpstate_fuzzer.cpp @@ -27,7 +27,7 @@ using namespace OHOS::EventFwk; namespace OHOS { bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { - sptr service = CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) CommonEventManagerService(); service->Init(); AAFwk::Want want; diff --git a/test/fuzztest/commoneventmanagerservice/servicefinishreceiver_fuzzer/finishreceiver_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/servicefinishreceiver_fuzzer/finishreceiver_fuzzer.cpp index 226aa518..19889012 100644 --- a/test/fuzztest/commoneventmanagerservice/servicefinishreceiver_fuzzer/finishreceiver_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/servicefinishreceiver_fuzzer/finishreceiver_fuzzer.cpp @@ -41,7 +41,7 @@ public: bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { - sptr service = CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) CommonEventManagerService(); service->Init(); MatchingSkills matchingSkills; @@ -58,6 +58,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) bool funcResult1 = false; service->FinishReceiver(commonEventListener, fdp->ConsumeIntegral(), fdp->ConsumeRandomLengthString(), fdp->ConsumeBool(), funcResult1); + usleep(10000); return true; } } diff --git a/test/fuzztest/commoneventmanagerservice/servicefreezeandunfreeze_fuzzer/freezeandunfreeze_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/servicefreezeandunfreeze_fuzzer/freezeandunfreeze_fuzzer.cpp index 7914f26d..e9766bea 100644 --- a/test/fuzztest/commoneventmanagerservice/servicefreezeandunfreeze_fuzzer/freezeandunfreeze_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/servicefreezeandunfreeze_fuzzer/freezeandunfreeze_fuzzer.cpp @@ -26,7 +26,7 @@ using namespace OHOS::EventFwk; namespace OHOS { bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { - sptr service = CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) CommonEventManagerService(); service->Init(); bool funcResult1 = false; @@ -38,6 +38,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) pidList.insert(fdp->ConsumeIntegral()); } service->SetFreezeStatus(pidList, fdp->ConsumeBool(), funcResult1); + usleep(10000); return true; } } diff --git a/test/fuzztest/commoneventmanagerservice/servicepublishcommonevent_fuzzer/publishcommonevent_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/servicepublishcommonevent_fuzzer/publishcommonevent_fuzzer.cpp index ccaf5c1f..ace4d39d 100644 --- a/test/fuzztest/commoneventmanagerservice/servicepublishcommonevent_fuzzer/publishcommonevent_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/servicepublishcommonevent_fuzzer/publishcommonevent_fuzzer.cpp @@ -28,7 +28,7 @@ namespace OHOS { bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { - sptr service = CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) CommonEventManagerService(); service->Init(); AAFwk::Want want; diff --git a/test/fuzztest/commoneventmanagerservice/servicesetstaticsubscriberstate_fuzzer/setstaticsubscriberstate_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/servicesetstaticsubscriberstate_fuzzer/setstaticsubscriberstate_fuzzer.cpp index 3fe8c9a0..762571f5 100644 --- a/test/fuzztest/commoneventmanagerservice/servicesetstaticsubscriberstate_fuzzer/setstaticsubscriberstate_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/servicesetstaticsubscriberstate_fuzzer/setstaticsubscriberstate_fuzzer.cpp @@ -26,7 +26,7 @@ using namespace OHOS::EventFwk; namespace OHOS { bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { - sptr service = CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) CommonEventManagerService(); service->Init(); std::vector events; @@ -35,6 +35,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) } int32_t funcResult1 = -1; service->SetStaticSubscriberStateByEvents(events, fdp->ConsumeBool(), funcResult1); + usleep(10000); return true; } } diff --git a/test/fuzztest/commoneventmanagerservice/servicestickycommonevent_fuzzer/stickycommonevent_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/servicestickycommonevent_fuzzer/stickycommonevent_fuzzer.cpp index ace95481..999711ca 100644 --- a/test/fuzztest/commoneventmanagerservice/servicestickycommonevent_fuzzer/stickycommonevent_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/servicestickycommonevent_fuzzer/stickycommonevent_fuzzer.cpp @@ -27,7 +27,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { std::string event = fdp->ConsumeRandomLengthString(); - sptr service = EventFwk::CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) EventFwk::CommonEventManagerService(); service->Init(); AAFwk::Want want; @@ -47,6 +47,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) service->GetStickyCommonEvent(fdp->ConsumeRandomLengthString(), stickyCommonEvent, funcResult1); service->RemoveStickyCommonEvent(event, funcResult); + usleep(10000); return true; } } diff --git a/test/fuzztest/commoneventmanagerservice/servicesubscribecommonevent_fuzzer/unsubscribecommonevent_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/servicesubscribecommonevent_fuzzer/unsubscribecommonevent_fuzzer.cpp index 8be2cbb4..a6291429 100644 --- a/test/fuzztest/commoneventmanagerservice/servicesubscribecommonevent_fuzzer/unsubscribecommonevent_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/servicesubscribecommonevent_fuzzer/unsubscribecommonevent_fuzzer.cpp @@ -42,7 +42,7 @@ public: bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { bool enabled = fdp->ConsumeBool(); - sptr service = CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) CommonEventManagerService(); service->Init(); MatchingSkills matchingSkills; @@ -59,6 +59,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) service->SubscribeCommonEvent(subscribeInfo, commonEventListener, fdp->ConsumeIntegral(), funcResult); service->UnsubscribeCommonEvent(commonEventListener, funcResult); + usleep(10000); return true; } } diff --git a/test/fuzztest/commoneventmanagerservice/serviceunsubscribecommonevent_fuzzer/subscribecommonevent_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice/serviceunsubscribecommonevent_fuzzer/subscribecommonevent_fuzzer.cpp index 5a897503..82eabaa3 100644 --- a/test/fuzztest/commoneventmanagerservice/serviceunsubscribecommonevent_fuzzer/subscribecommonevent_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice/serviceunsubscribecommonevent_fuzzer/subscribecommonevent_fuzzer.cpp @@ -42,7 +42,7 @@ public: bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) { bool enabled = fdp->ConsumeBool(); - sptr service = CommonEventManagerService::GetInstance(); + sptr service = new (std::nothrow) CommonEventManagerService(); service->Init(); MatchingSkills matchingSkills; @@ -59,6 +59,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) service->SubscribeCommonEvent(subscribeInfo, commonEventListener, fdp->ConsumeIntegral(), funcResult); service->UnsubscribeCommonEventSync(commonEventListener, funcResult); + usleep(10000); return true; } } diff --git a/test/fuzztest/commoneventmanagerservice_fuzzer/commoneventmanagerservice_fuzzer.cpp b/test/fuzztest/commoneventmanagerservice_fuzzer/commoneventmanagerservice_fuzzer.cpp index c864556f..2a748b37 100644 --- a/test/fuzztest/commoneventmanagerservice_fuzzer/commoneventmanagerservice_fuzzer.cpp +++ b/test/fuzztest/commoneventmanagerservice_fuzzer/commoneventmanagerservice_fuzzer.cpp @@ -29,8 +29,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) int32_t code = fdp->ConsumeIntegral(); bool enabled = fdp->ConsumeBool(); EventFwk::CommonEventManagerService::GetInstance(); - sptr service = - sptr(new EventFwk::CommonEventManagerService()); + sptr service = new (std::nothrow) EventFwk::CommonEventManagerService(); service->Init(); AAFwk::Want want; EventFwk::CommonEventData commonEventData; -- Gitee