From c54df4204bd3346cb89b77aca9b315651c6341e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=A8=E4=BA=AE?= Date: Tue, 25 Oct 2022 17:15:48 +0800 Subject: [PATCH] =?UTF-8?q?IssueNo:=20#I5XMRB=20Description:=20Fuzz?= =?UTF-8?q?=E7=94=A8=E4=BE=8B=E5=A4=B1=E8=B4=A5=EF=BC=88head-buffer-overfl?= =?UTF-8?q?ow=EF=BC=89=20Sig:=20SIG=5FApplicationFramework=20Feature=20or?= =?UTF-8?q?=20Bugfix:=20Bugfix=20Binary=20Source:=20No?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 杨亮 Change-Id: I6b4a0c9f80abdc2f5c23dc4bda572a45bd687f62 --- .../addnotificationslot_fuzzer/addnotificationslot_fuzzer.cpp | 2 +- test/fuzztest/cancelgroup_fuzzer/cancelgroup_fuzzer.cpp | 2 +- .../enabledistributed_fuzzer/enabledistributed_fuzzer.cpp | 2 +- .../getallactivenotifications_fuzzer.cpp | 2 +- .../getnotificationslotsforbundle_fuzzer.cpp | 2 +- .../removenotificationsbybundle_fuzzer.cpp | 2 +- .../setnotificationsenabledforallbundles_fuzzer.cpp | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/test/fuzztest/addnotificationslot_fuzzer/addnotificationslot_fuzzer.cpp b/test/fuzztest/addnotificationslot_fuzzer/addnotificationslot_fuzzer.cpp index d107c934b..65029144d 100644 --- a/test/fuzztest/addnotificationslot_fuzzer/addnotificationslot_fuzzer.cpp +++ b/test/fuzztest/addnotificationslot_fuzzer/addnotificationslot_fuzzer.cpp @@ -57,7 +57,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ char *ch = ParseData(data, size); - if (ch != nullptr) { + if (ch != nullptr && size > GetU32Size()) { OHOS::DoSomethingInterestingWithMyAPI(ch, size); free(ch); ch = nullptr; diff --git a/test/fuzztest/cancelgroup_fuzzer/cancelgroup_fuzzer.cpp b/test/fuzztest/cancelgroup_fuzzer/cancelgroup_fuzzer.cpp index d24e2df04..8d97595d5 100644 --- a/test/fuzztest/cancelgroup_fuzzer/cancelgroup_fuzzer.cpp +++ b/test/fuzztest/cancelgroup_fuzzer/cancelgroup_fuzzer.cpp @@ -50,7 +50,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ char *ch = ParseData(data, size); - if (ch != nullptr) { + if (ch != nullptr && size > GetU32Size()) { OHOS::DoSomethingInterestingWithMyAPI(ch, size); free(ch); ch = nullptr; diff --git a/test/fuzztest/enabledistributed_fuzzer/enabledistributed_fuzzer.cpp b/test/fuzztest/enabledistributed_fuzzer/enabledistributed_fuzzer.cpp index d6fc7949b..8a9d4f58d 100644 --- a/test/fuzztest/enabledistributed_fuzzer/enabledistributed_fuzzer.cpp +++ b/test/fuzztest/enabledistributed_fuzzer/enabledistributed_fuzzer.cpp @@ -47,7 +47,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ char *ch = ParseData(data, size); - if (ch != nullptr) { + if (ch != nullptr && size > GetU32Size()) { OHOS::DoSomethingInterestingWithMyAPI(ch, size); free(ch); ch = nullptr; diff --git a/test/fuzztest/getallactivenotifications_fuzzer/getallactivenotifications_fuzzer.cpp b/test/fuzztest/getallactivenotifications_fuzzer/getallactivenotifications_fuzzer.cpp index 255bf5db7..e809f6570 100644 --- a/test/fuzztest/getallactivenotifications_fuzzer/getallactivenotifications_fuzzer.cpp +++ b/test/fuzztest/getallactivenotifications_fuzzer/getallactivenotifications_fuzzer.cpp @@ -48,7 +48,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ char *ch = ParseData(data, size); - if (ch != nullptr) { + if (ch != nullptr && size > GetU32Size()) { OHOS::DoSomethingInterestingWithMyAPI(ch, size); free(ch); ch = nullptr; diff --git a/test/fuzztest/getnotificationslotsforbundle_fuzzer/getnotificationslotsforbundle_fuzzer.cpp b/test/fuzztest/getnotificationslotsforbundle_fuzzer/getnotificationslotsforbundle_fuzzer.cpp index 94a46feb1..6a8eca2aa 100644 --- a/test/fuzztest/getnotificationslotsforbundle_fuzzer/getnotificationslotsforbundle_fuzzer.cpp +++ b/test/fuzztest/getnotificationslotsforbundle_fuzzer/getnotificationslotsforbundle_fuzzer.cpp @@ -42,7 +42,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ char *ch = ParseData(data, size); - if (ch != nullptr) { + if (ch != nullptr && size > GetU32Size()) { OHOS::DoSomethingInterestingWithMyAPI(ch, size); free(ch); ch = nullptr; diff --git a/test/fuzztest/removenotificationsbybundle_fuzzer/removenotificationsbybundle_fuzzer.cpp b/test/fuzztest/removenotificationsbybundle_fuzzer/removenotificationsbybundle_fuzzer.cpp index 31fe973f1..5740274d4 100644 --- a/test/fuzztest/removenotificationsbybundle_fuzzer/removenotificationsbybundle_fuzzer.cpp +++ b/test/fuzztest/removenotificationsbybundle_fuzzer/removenotificationsbybundle_fuzzer.cpp @@ -37,7 +37,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ char *ch = ParseData(data, size); - if (ch != nullptr) { + if (ch != nullptr && size > GetU32Size()) { OHOS::DoSomethingInterestingWithMyAPI(ch, size); free(ch); ch = nullptr; diff --git a/test/fuzztest/setnotificationsenabledforallbundles_fuzzer/setnotificationsenabledforallbundles_fuzzer.cpp b/test/fuzztest/setnotificationsenabledforallbundles_fuzzer/setnotificationsenabledforallbundles_fuzzer.cpp index b02ccad33..11cc5836b 100644 --- a/test/fuzztest/setnotificationsenabledforallbundles_fuzzer/setnotificationsenabledforallbundles_fuzzer.cpp +++ b/test/fuzztest/setnotificationsenabledforallbundles_fuzzer/setnotificationsenabledforallbundles_fuzzer.cpp @@ -47,7 +47,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ char *ch = ParseData(data, size); - if (ch != nullptr) { + if (ch != nullptr && size > GetU32Size()) { OHOS::DoSomethingInterestingWithMyAPI(ch, size); free(ch); ch = nullptr; -- Gitee