From e3532cfcc38a29c2635623de41c00d29bad98b34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E4=BA=AE?= Date: Sun, 21 Aug 2022 15:08:18 +0800 Subject: [PATCH] =?UTF-8?q?IssueNo:=20#I5MT5B=20Description:=20Fuzz?= =?UTF-8?q?=E6=B5=8B=E8=AF=95=E5=B4=A9=E6=BA=83(heap-buffer-overflow)=20Si?= =?UTF-8?q?g:=20SIG=5FApplicationFramework=20Feature=20or=20Bugfix:=20Bugf?= =?UTF-8?q?ix=20Binary=20Source:=20No?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 杨亮 Change-Id: Ie9073a332fbe04620eecdd37f9a003a3321e5a90 --- .../addnotificationslots_fuzzer/BUILD.gn | 7 ++- .../addnotificationslots_fuzzer.cpp | 13 +++-- .../addnotificationslots_fuzzer.h | 10 +--- test/fuzztest/addslotbytype_fuzzer/BUILD.gn | 7 ++- .../addslotbytype_fuzzer.cpp | 9 ++- .../addslotbytype_fuzzer.h | 2 + .../cancelnotification_fuzzer/BUILD.gn | 7 ++- .../cancelnotification_fuzzer.cpp | 13 +++-- .../cancelnotification_fuzzer.h | 7 +-- test/fuzztest/fuzz_common_base/BUILD.gn | 23 ++++++++ .../fuzz_common_base/fuzz_common_base.cpp | 57 +++++++++++++++++++ .../fuzz_common_base/fuzz_common_base.h | 30 ++++++++++ .../getnotificationslot_fuzzer/BUILD.gn | 7 ++- .../getnotificationslot_fuzzer.cpp | 9 ++- .../getnotificationslot_fuzzer.h | 10 +--- .../BUILD.gn | 7 ++- .../getnotificationslotnumasbundle_fuzzer.cpp | 13 +++-- .../getnotificationslotnumasbundle_fuzzer.h | 8 +-- .../publishnotification_fuzzer/BUILD.gn | 7 ++- .../publishnotification_fuzzer.cpp | 15 +++-- .../publishnotification_fuzzer.h | 10 +--- .../removenotification_fuzzer/BUILD.gn | 7 ++- .../removenotification_fuzzer.cpp | 11 +++- .../removenotification_fuzzer.h | 2 + .../removenotificationslot_fuzzer/BUILD.gn | 7 ++- .../removenotificationslot_fuzzer.cpp | 9 ++- .../removenotificationslot_fuzzer.h | 2 + .../setnotificationbadgenum_fuzzer/BUILD.gn | 8 ++- .../setnotificationbadgenum_fuzzer.cpp | 12 ++-- .../setnotificationbadgenum_fuzzer.h | 8 +-- 30 files changed, 245 insertions(+), 92 deletions(-) create mode 100644 test/fuzztest/fuzz_common_base/BUILD.gn create mode 100644 test/fuzztest/fuzz_common_base/fuzz_common_base.cpp create mode 100644 test/fuzztest/fuzz_common_base/fuzz_common_base.h diff --git a/test/fuzztest/addnotificationslots_fuzzer/BUILD.gn b/test/fuzztest/addnotificationslots_fuzzer/BUILD.gn index 9122535cb..e4d87870c 100644 --- a/test/fuzztest/addnotificationslots_fuzzer/BUILD.gn +++ b/test/fuzztest/addnotificationslots_fuzzer/BUILD.gn @@ -23,7 +23,7 @@ ohos_fuzztest("AddNotificationSlotsFuzzTest") { fuzz_config_file = "${component_path}/test/fuzztest/addnotificationslots_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -32,7 +32,10 @@ ohos_fuzztest("AddNotificationSlotsFuzzTest") { ] sources = [ "addnotificationslots_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.cpp b/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.cpp index 652be8a9c..bdbd1ccc6 100644 --- a/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.cpp +++ b/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.cpp @@ -23,15 +23,15 @@ constexpr uint8_t SLOT_VISIBLENESS_TYPE_NUM = 4; constexpr uint8_t SLOT_TYPE_NUM = 5; namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { - std::string stringData = reinterpret_cast(data); + std::string stringData(data); Notification::NotificationSlot slot; slot.SetDescription(stringData); slot.SetEnableLight(*data % ENABLE); slot.SetEnableVibration(*data % ENABLE); - slot.SetLedLightColor(U32_AT(data)); + slot.SetLedLightColor(GetU32Data(data)); uint8_t level = *data % SLOT_LEVEL_NUM; Notification::NotificationSlot::NotificationLevel notificatoinLevel = @@ -57,6 +57,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr && size >= GetU32Size()) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.h b/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.h index 5b3992afc..32b2436d3 100644 --- a/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.h +++ b/test/fuzztest/addnotificationslots_fuzzer/addnotificationslots_fuzzer.h @@ -16,14 +16,8 @@ #ifndef TEST_FUZZTEST_ADDNOTIFICATIONSLOTS_FUZZER_ADDNOTIFICATIONSLOTS_FUZZER_H #define TEST_FUZZTEST_ADDNOTIFICATIONSLOTS_FUZZER_ADDNOTIFICATIONSLOTS_FUZZER_H -#define FUZZ_PROJECT_NAME "addnotificationslots_fuzzer" - -#include +#include "fuzz_common_base.h" -uint32_t U32_AT(const uint8_t *ptr) -{ - // convert fuzz input data to an integer - return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; -} +#define FUZZ_PROJECT_NAME "addnotificationslots_fuzzer" #endif // TEST_FUZZTEST_ADDNOTIFICATIONSLOTS_FUZZER_ADDNOTIFICATIONSLOTS_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/addslotbytype_fuzzer/BUILD.gn b/test/fuzztest/addslotbytype_fuzzer/BUILD.gn index fda93e854..87afcae05 100644 --- a/test/fuzztest/addslotbytype_fuzzer/BUILD.gn +++ b/test/fuzztest/addslotbytype_fuzzer/BUILD.gn @@ -22,7 +22,7 @@ ohos_fuzztest("AddSlotByTypeFuzzTest") { module_out_path = module_output_path fuzz_config_file = "${component_path}/test/fuzztest/addslotbytype_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -31,7 +31,10 @@ ohos_fuzztest("AddSlotByTypeFuzzTest") { ] sources = [ "addslotbytype_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.cpp b/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.cpp index 545293a85..22c95e0b3 100644 --- a/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.cpp +++ b/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.cpp @@ -20,7 +20,7 @@ constexpr uint8_t SLOT_TYPE_NUM = 5; namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { uint8_t type = *data % SLOT_TYPE_NUM; Notification::NotificationConstant::SlotType slotType = Notification::NotificationConstant::SlotType(type); @@ -32,6 +32,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.h b/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.h index a53388f42..3eef93eb6 100644 --- a/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.h +++ b/test/fuzztest/addslotbytype_fuzzer/addslotbytype_fuzzer.h @@ -16,6 +16,8 @@ #ifndef TEST_FUZZTEST_ADDSLOTBYTYPE_FUZZER_ADDSLOTBYTYPE_FUZZER_H #define TEST_FUZZTEST_ADDSLOTBYTYPE_FUZZER_ADDSLOTBYTYPE_FUZZER_H +#include "fuzz_common_base.h" + #define FUZZ_PROJECT_NAME "AddSlotByType_fuzzer" #endif // TEST_FUZZTEST_ADDSLOTBYTYPE_FUZZER_ADDSLOTBYTYPE_FUZZER_H diff --git a/test/fuzztest/cancelnotification_fuzzer/BUILD.gn b/test/fuzztest/cancelnotification_fuzzer/BUILD.gn index 93ff2aca5..1e9c69bc7 100644 --- a/test/fuzztest/cancelnotification_fuzzer/BUILD.gn +++ b/test/fuzztest/cancelnotification_fuzzer/BUILD.gn @@ -22,7 +22,7 @@ ohos_fuzztest("CancelNotificationFuzzTest") { module_out_path = module_output_path fuzz_config_file = "${component_path}/test/fuzztest/cancelnotification_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -31,7 +31,10 @@ ohos_fuzztest("CancelNotificationFuzzTest") { ] sources = [ "cancelnotification_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.cpp b/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.cpp index b5d76b9da..389adbab8 100644 --- a/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.cpp +++ b/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.cpp @@ -18,10 +18,10 @@ #include "notification_helper.h" namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { - std::string label = reinterpret_cast(data); - int32_t notificationId = static_cast(U32_AT(data)); + std::string label(data); + int32_t notificationId = static_cast(GetU32Data(data)); return Notification::NotificationHelper::CancelNotification(label, notificationId) == ERR_OK; } } @@ -30,6 +30,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr && size >= GetU32Size()) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.h b/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.h index 51bb27c9d..5d9628559 100644 --- a/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.h +++ b/test/fuzztest/cancelnotification_fuzzer/cancelnotification_fuzzer.h @@ -16,13 +16,10 @@ #ifndef TEST_FUZZTEST_CANCELNOTIFICATION_FUZZER_CANCELNOTIFICATION_FUZZER_H #define TEST_FUZZTEST_CANCELNOTIFICATION_FUZZER_CANCELNOTIFICATION_FUZZER_H +#include "fuzz_common_base.h" + #define FUZZ_PROJECT_NAME "cancelnotification_fuzzer" #include -uint32_t U32_AT(const uint8_t *ptr) -{ - // convert fuzz input data to an integer - return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; -} #endif // TEST_FUZZTEST_CANCELNOTIFICATION_FUZZER_CANCELNOTIFICATION_FUZZER_H diff --git a/test/fuzztest/fuzz_common_base/BUILD.gn b/test/fuzztest/fuzz_common_base/BUILD.gn new file mode 100644 index 000000000..837ab3402 --- /dev/null +++ b/test/fuzztest/fuzz_common_base/BUILD.gn @@ -0,0 +1,23 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +static_library("fuzz_common_base") { + sources = [ "fuzz_common_base.cpp" ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + public_deps = [ "//commonlibrary/c_utils/base:utils" ] +} diff --git a/test/fuzztest/fuzz_common_base/fuzz_common_base.cpp b/test/fuzztest/fuzz_common_base/fuzz_common_base.cpp new file mode 100644 index 000000000..e81927603 --- /dev/null +++ b/test/fuzztest/fuzz_common_base/fuzz_common_base.cpp @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "fuzz_common_base.h" + +extern "C" { +static constexpr uint32_t U32_AT_SIZE = 4; +static constexpr uint32_t MAX_MEMORY_SIZE = 4 * 1024 * 1024; + +uint32_t GetU32Size() +{ + return U32_AT_SIZE; +} + +uint32_t GetU32Data(const char* ptr) +{ + // convert fuzz input data to an integer + return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; +} + +char* ParseData(const uint8_t* data, size_t size) +{ + if (data == nullptr) { + return nullptr; + } + + if (size > MAX_MEMORY_SIZE) { + return nullptr; + } + + char* ch = (char *)malloc(size + 1); + if (ch == nullptr) { + return nullptr; + } + + (void)memset_s(ch, size + 1, 0x00, size + 1); + if (memcpy_s(ch, size, data, size) != EOK) { + free(ch); + ch = nullptr; + return nullptr; + } + + return ch; +} +} \ No newline at end of file diff --git a/test/fuzztest/fuzz_common_base/fuzz_common_base.h b/test/fuzztest/fuzz_common_base/fuzz_common_base.h new file mode 100644 index 000000000..f1dcc75e1 --- /dev/null +++ b/test/fuzztest/fuzz_common_base/fuzz_common_base.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FUZZ_COMMON_BASE_H +#define FUZZ_COMMON_BASE_H + +#include +#include "securec.h" + +extern "C" { +uint32_t GetU32Size(); + +uint32_t GetU32Data(const char* ptr); + +char* ParseData(const uint8_t* data, size_t size); +} + +#endif // FUZZ_COMMON_BASE_H diff --git a/test/fuzztest/getnotificationslot_fuzzer/BUILD.gn b/test/fuzztest/getnotificationslot_fuzzer/BUILD.gn index 7b6605c2d..e4c124e11 100644 --- a/test/fuzztest/getnotificationslot_fuzzer/BUILD.gn +++ b/test/fuzztest/getnotificationslot_fuzzer/BUILD.gn @@ -23,7 +23,7 @@ ohos_fuzztest("GetNotificationSlotFuzzTest") { fuzz_config_file = "${component_path}/test/fuzztest/getnotificationslot_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -32,7 +32,10 @@ ohos_fuzztest("GetNotificationSlotFuzzTest") { ] sources = [ "getnotificationslot_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.cpp b/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.cpp index efa8cf467..e79265e37 100644 --- a/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.cpp +++ b/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.cpp @@ -20,7 +20,7 @@ constexpr uint8_t SLOT_TYPE_NUM = 5; namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { uint8_t type = *data % SLOT_TYPE_NUM; Notification::NotificationConstant::SlotType slotType = Notification::NotificationConstant::SlotType(type); @@ -33,6 +33,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.h b/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.h index d704a6a7a..b14614dd4 100644 --- a/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.h +++ b/test/fuzztest/getnotificationslot_fuzzer/getnotificationslot_fuzzer.h @@ -16,14 +16,8 @@ #ifndef TEST_FUZZTEST_GETNOTIFICATIONSLOT_FUZZER_GETNOTIFICATIONSLOT_FUZZER_H #define TEST_FUZZTEST_GETNOTIFICATIONSLOT_FUZZER_GETNOTIFICATIONSLOT_FUZZER_H -#define FUZZ_PROJECT_NAME "getnotificationslot_fuzzer" - -#include +#include "fuzz_common_base.h" -uint32_t U32_AT(const uint8_t *ptr) -{ - // convert fuzz input data to an integer - return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; -} +#define FUZZ_PROJECT_NAME "getnotificationslot_fuzzer" #endif // TEST_FUZZTEST_GETNOTIFICATIONSLOT_FUZZER_GETNOTIFICATIONSLOT_FUZZER_H diff --git a/test/fuzztest/getnotificationslotnumasbundle_fuzzer/BUILD.gn b/test/fuzztest/getnotificationslotnumasbundle_fuzzer/BUILD.gn index 5a1a638d3..931dc5348 100644 --- a/test/fuzztest/getnotificationslotnumasbundle_fuzzer/BUILD.gn +++ b/test/fuzztest/getnotificationslotnumasbundle_fuzzer/BUILD.gn @@ -23,7 +23,7 @@ ohos_fuzztest("GetNotificationSlotNumAsBundleFuzzTest") { fuzz_config_file = "${component_path}/test/fuzztest/getnotificationslotnumasbundle_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -32,7 +32,10 @@ ohos_fuzztest("GetNotificationSlotNumAsBundleFuzzTest") { ] sources = [ "getnotificationslotnumasbundle_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.cpp b/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.cpp index 14da1968c..e777038f8 100644 --- a/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.cpp +++ b/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.cpp @@ -18,12 +18,12 @@ #include "notification_helper.h" namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { Notification::NotificationBundleOption bundleOption; - std::string bundleName = reinterpret_cast(data); + std::string bundleName (data); bundleOption.SetBundleName(bundleName); - int32_t uid = static_cast(U32_AT(data)); + int32_t uid = static_cast(GetU32Data(data)); bundleOption.SetUid(uid); uint64_t num; return Notification::NotificationHelper::GetNotificationSlotNumAsBundle(bundleOption, num) == ERR_OK; @@ -34,6 +34,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr && size >= GetU32Size()) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.h b/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.h index 7f361f4f3..9632713f1 100644 --- a/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.h +++ b/test/fuzztest/getnotificationslotnumasbundle_fuzzer/getnotificationslotnumasbundle_fuzzer.h @@ -16,14 +16,8 @@ #ifndef TEST_FUZZTEST_GETNOTIFICATIONSLOTNUMASBUNDLE_FUZZER_GETNOTIFICATIONSLOTNUMASBUNDLE_FUZZER_H #define TEST_FUZZTEST_GETNOTIFICATIONSLOTNUMASBUNDLE_FUZZER_GETNOTIFICATIONSLOTNUMASBUNDLE_FUZZER_H -#include +#include "fuzz_common_base.h" #define FUZZ_PROJECT_NAME "getnotificationslotnumasbundle_fuzzer" -uint32_t U32_AT(const uint8_t *ptr) -{ - // convert fuzz input data to an integer - return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; -} - #endif // TEST_FUZZTEST_GETNOTIFICATIONSLOTNUMASBUNDLE_FUZZER_GETNOTIFICATIONSLOTNUMASBUNDLE_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/publishnotification_fuzzer/BUILD.gn b/test/fuzztest/publishnotification_fuzzer/BUILD.gn index 18e28369a..a202ab689 100644 --- a/test/fuzztest/publishnotification_fuzzer/BUILD.gn +++ b/test/fuzztest/publishnotification_fuzzer/BUILD.gn @@ -23,7 +23,7 @@ ohos_fuzztest("PublishNotificationFuzzTest") { fuzz_config_file = "${component_path}/test/fuzztest/publishnotification_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -32,7 +32,10 @@ ohos_fuzztest("PublishNotificationFuzzTest") { ] sources = [ "publishnotification_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.cpp b/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.cpp index e77c99167..cdcd93d23 100644 --- a/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.cpp +++ b/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.cpp @@ -23,20 +23,20 @@ namespace OHOS { constexpr uint8_t SLOT_TYPE_NUM = 5; constexpr uint8_t FLAG_STATUS = 3; } - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { - std::string stringData = reinterpret_cast(data); + std::string stringData(data); Notification::NotificationRequest request; request.SetAlertOneTime(*data % ENABLE); - int32_t style = static_cast(U32_AT(data)); + int32_t style = static_cast(GetU32Data(data)); Notification::NotificationRequest::BadgeStyle badgeStyle = Notification::NotificationRequest::BadgeStyle(style); request.SetBadgeIconStyle(badgeStyle); request.SetBadgeNumber(style); request.SetClassification(stringData); - uint32_t color = U32_AT(data); + uint32_t color = GetU32Data(data); request.SetColor(color); request.SetColorEnabled(*data % ENABLE); @@ -83,6 +83,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr && size >= GetU32Size()) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.h b/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.h index cf6356f20..753bfc61e 100644 --- a/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.h +++ b/test/fuzztest/publishnotification_fuzzer/publishnotification_fuzzer.h @@ -16,14 +16,8 @@ #ifndef TEST_FUZZTEST_PUBLISHNOTIFICATION_FUZZER_PUBLISHNOTIFICATION_FUZZER_H #define TEST_FUZZTEST_PUBLISHNOTIFICATION_FUZZER_PUBLISHNOTIFICATION_FUZZER_H -#define FUZZ_PROJECT_NAME "publishnotification_fuzzer" - -#include +#include "fuzz_common_base.h" -uint32_t U32_AT(const uint8_t *ptr) -{ - // convert fuzz input data to an integer - return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; -} +#define FUZZ_PROJECT_NAME "publishnotification_fuzzer" #endif // TEST_FUZZTEST_PUBLISHNOTIFICATION_FUZZER_PUBLISHNOTIFICATION_FUZZER_H diff --git a/test/fuzztest/removenotification_fuzzer/BUILD.gn b/test/fuzztest/removenotification_fuzzer/BUILD.gn index fcb4f7dff..cc8a80556 100644 --- a/test/fuzztest/removenotification_fuzzer/BUILD.gn +++ b/test/fuzztest/removenotification_fuzzer/BUILD.gn @@ -22,7 +22,7 @@ ohos_fuzztest("RemoveNotificationFuzzTest") { module_out_path = module_output_path fuzz_config_file = "${component_path}/test/fuzztest/removenotification_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -31,7 +31,10 @@ ohos_fuzztest("RemoveNotificationFuzzTest") { ] sources = [ "removenotification_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.cpp b/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.cpp index e0ffe410b..1fb67911a 100644 --- a/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.cpp +++ b/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.cpp @@ -18,9 +18,9 @@ #include "notification_helper.h" namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { - std::string key = reinterpret_cast(data); + std::string key(data); return Notification::NotificationHelper::RemoveNotification(key); } } @@ -29,7 +29,12 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.h b/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.h index 9ce1fca6d..6c24ded57 100644 --- a/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.h +++ b/test/fuzztest/removenotification_fuzzer/removenotification_fuzzer.h @@ -16,6 +16,8 @@ #ifndef TEST_FUZZTEST_REMOVENOTIFICATION_FUZZER_REMOVENOTIFICATION_FUZZER_H #define TEST_FUZZTEST_REMOVENOTIFICATION_FUZZER_REMOVENOTIFICATION_FUZZER_H +#include "fuzz_common_base.h" + #define FUZZ_PROJECT_NAME "removenotification_fuzzer" #endif // TEST_FUZZTEST_REMOVENOTIFICATION_FUZZER_REMOVENOTIFICATION_FUZZER_H diff --git a/test/fuzztest/removenotificationslot_fuzzer/BUILD.gn b/test/fuzztest/removenotificationslot_fuzzer/BUILD.gn index ca8f1b94e..1ad0cdedf 100644 --- a/test/fuzztest/removenotificationslot_fuzzer/BUILD.gn +++ b/test/fuzztest/removenotificationslot_fuzzer/BUILD.gn @@ -23,7 +23,7 @@ ohos_fuzztest("RemoveNotificationSlotFuzzTest") { fuzz_config_file = "${component_path}/test/fuzztest/removenotificationslot_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -32,7 +32,10 @@ ohos_fuzztest("RemoveNotificationSlotFuzzTest") { ] sources = [ "removenotificationslot_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", diff --git a/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.cpp b/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.cpp index e10f807c3..3eb7e4f02 100644 --- a/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.cpp +++ b/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.cpp @@ -20,7 +20,7 @@ constexpr uint8_t SLOT_TYPE_NUM = 5; namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { uint8_t type = *data % SLOT_TYPE_NUM; Notification::NotificationConstant::SlotType slotType = Notification::NotificationConstant::SlotType(type); @@ -32,6 +32,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.h b/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.h index 4649800f3..508f0612c 100644 --- a/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.h +++ b/test/fuzztest/removenotificationslot_fuzzer/removenotificationslot_fuzzer.h @@ -16,6 +16,8 @@ #ifndef TEST_FUZZTEST_REMOVENOTIFICATIONSLOT_FUZZER_REMOVENOTIFICATIONSLOT_FUZZER_H #define TEST_FUZZTEST_REMOVENOTIFICATIONSLOT_FUZZER_REMOVENOTIFICATIONSLOT_FUZZER_H +#include "fuzz_common_base.h" + #define FUZZ_PROJECT_NAME "removenotificationslot_fuzzer" #endif // TEST_FUZZTEST_REMOVENOTIFICATIONSLOT_FUZZER_REMOVENOTIFICATIONSLOT_FUZZER_H diff --git a/test/fuzztest/setnotificationbadgenum_fuzzer/BUILD.gn b/test/fuzztest/setnotificationbadgenum_fuzzer/BUILD.gn index 744555069..49162f6eb 100644 --- a/test/fuzztest/setnotificationbadgenum_fuzzer/BUILD.gn +++ b/test/fuzztest/setnotificationbadgenum_fuzzer/BUILD.gn @@ -23,7 +23,7 @@ ohos_fuzztest("SetNotificationBadgeNumFuzzTest") { fuzz_config_file = "${component_path}/test/fuzztest/setnotificationbadgenum_fuzzer" - include_dirs = [] + include_dirs = [ "${component_path}/test/fuzztest/fuzz_common_base" ] cflags = [ "-g", "-O0", @@ -32,12 +32,14 @@ ohos_fuzztest("SetNotificationBadgeNumFuzzTest") { ] sources = [ "setnotificationbadgenum_fuzzer.cpp" ] - deps = [ "${frameworks_module_ans_path}:ans_innerkits" ] + deps = [ + "${component_path}/test/fuzztest/fuzz_common_base:fuzz_common_base", + "${frameworks_module_ans_path}:ans_innerkits", + ] external_deps = [ "ability_base:want", "ability_base:zuri", - "c_utils:utils", "hiviewdfx_hilog_native:libhilog", "multimedia_image_standard:image_native", "relational_store:native_rdb", diff --git a/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.cpp b/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.cpp index b89068681..0c9400963 100644 --- a/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.cpp +++ b/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.cpp @@ -16,11 +16,10 @@ #include "setnotificationbadgenum_fuzzer.h" #include "notification_helper.h" - namespace OHOS { - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) { - return Notification::NotificationHelper::SetNotificationBadgeNum(U32_AT(data)) == ERR_OK; + return Notification::NotificationHelper::SetNotificationBadgeNum(GetU32Data(data)) == ERR_OK; } } @@ -28,6 +27,11 @@ namespace OHOS { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ - OHOS::DoSomethingInterestingWithMyAPI(data, size); + char *ch = ParseData(data, size); + if (ch != nullptr && size >= GetU32Size()) { + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + } return 0; } diff --git a/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.h b/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.h index 1d2517607..77dd37aa0 100644 --- a/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.h +++ b/test/fuzztest/setnotificationbadgenum_fuzzer/setnotificationbadgenum_fuzzer.h @@ -16,14 +16,8 @@ #ifndef TEST_FUZZTEST_SETNOTIFICATIONBADGENUM_FUZZER_SETNOTIFICATIONBADGENUM_FUZZER_H #define TEST_FUZZTEST_SETNOTIFICATIONBADGENUM_FUZZER_SETNOTIFICATIONBADGENUM_FUZZER_H -#include +#include "fuzz_common_base.h" #define FUZZ_PROJECT_NAME "setnotificationbadgenum_fuzzer" -uint32_t U32_AT(const uint8_t *ptr) -{ - // convert fuzz input data to an integer - return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; -} - #endif // TEST_FUZZTEST_SETNOTIFICATIONBADGENUM_FUZZER_SETNOTIFICATIONBADGENUM_FUZZER_H \ No newline at end of file -- Gitee