From c6687e46213306e7b4dd6ec40f4652912f99586e Mon Sep 17 00:00:00 2001 From: fengyang Date: Wed, 23 Apr 2025 10:15:18 +0800 Subject: [PATCH] =?UTF-8?q?FUZZ=E6=95=B4=E6=94=B9=E6=A8=A1=E6=8B=9F?= =?UTF-8?q?=E6=95=B0=E6=8D=AE=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: fengyang --- .../appgroupcallbackstub_fuzzer.cpp | 41 +------ .../bundleactiveobserver_fuzzer.cpp | 56 +++------- .../bundleactiveonremoterequest_fuzzer.cpp | 39 +------ ...leactivepowerstatecallbackproxy_fuzzer.cpp | 105 ++++-------------- 4 files changed, 44 insertions(+), 197 deletions(-) diff --git a/test/fuzztest/appgroupcallbackstub_fuzzer/appgroupcallbackstub_fuzzer.cpp b/test/fuzztest/appgroupcallbackstub_fuzzer/appgroupcallbackstub_fuzzer.cpp index 721a867..3b493d0 100644 --- a/test/fuzztest/appgroupcallbackstub_fuzzer/appgroupcallbackstub_fuzzer.cpp +++ b/test/fuzztest/appgroupcallbackstub_fuzzer/appgroupcallbackstub_fuzzer.cpp @@ -21,16 +21,11 @@ #include "app_group_callback_stub.h" #include "iservice_registry.h" #include "system_ability_definition.h" +#include namespace OHOS { namespace DeviceUsageStats { - constexpr uint32_t U32_AT_SIZE = 4; constexpr uint32_t MAX_CODE = 2; // current max code is 2 - constexpr uint8_t TWENTYFOUR = 24; - constexpr uint8_t SIXTEEN = 16; - constexpr uint8_t EIGHT = 8; - constexpr uint8_t TWO = 2; - constexpr uint8_t THREE = 3; const std::u16string APP_GOUNP_ACTIVE_TOKEN = u"OHOS.DeviceUsageStats.IAppGroupCallback"; class TestAppGroupChangeCallback : public AppGroupCallbackStub { @@ -43,15 +38,10 @@ namespace DeviceUsageStats { return ERR_OK; } - uint32_t GetU32Data(const char* ptr) - { - return (ptr[0] << TWENTYFOUR) | (ptr[1] << SIXTEEN) | (ptr[TWO] << EIGHT) | (ptr[THREE]); - } - - bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) + bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider* fdp) { DelayedSingleton::GetInstance()->NativeTokenGet(); - uint32_t code = GetU32Data(data); + uint32_t code = fdp->ConsumeIntegral(); MessageParcel datas; datas.WriteInterfaceToken(APP_GOUNP_ACTIVE_TOKEN); datas.WriteBuffer(data, size); @@ -68,29 +58,8 @@ namespace DeviceUsageStats { /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - return 0; - } - - if (size < OHOS::DeviceUsageStats::U32_AT_SIZE) { - return 0; - } - char* ch = (char *)malloc(size + 1); - if (ch == nullptr) { - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size, data, size) != EOK) { - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(ch, size); - free(ch); - ch = nullptr; + FuzzedDataProvider fdp(data, size); + OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(&fdp); return 0; } diff --git a/test/fuzztest/bundleactiveobserver_fuzzer/bundleactiveobserver_fuzzer.cpp b/test/fuzztest/bundleactiveobserver_fuzzer/bundleactiveobserver_fuzzer.cpp index e0687eb..f048f94 100644 --- a/test/fuzztest/bundleactiveobserver_fuzzer/bundleactiveobserver_fuzzer.cpp +++ b/test/fuzztest/bundleactiveobserver_fuzzer/bundleactiveobserver_fuzzer.cpp @@ -26,20 +26,10 @@ namespace OHOS { namespace DeviceUsageStats { - constexpr uint32_t U32_AT_SIZE = 4; - constexpr uint8_t TWENTYFOUR = 24; - constexpr uint8_t SIXTEEN = 16; - constexpr uint8_t EIGHT = 8; - constexpr uint8_t TWO = 2; - constexpr uint8_t THREE = 3; bool g_isInited = false; - uint32_t GetU32Data(const char* ptr) - { - return (ptr[0] << TWENTYFOUR) | (ptr[1] << SIXTEEN) | (ptr[TWO] << EIGHT) | (ptr[THREE]); - } - bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) + bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider* fdp) { DelayedSingleton::GetInstance()->NativeTokenGet(); if (!g_isInited) { @@ -50,26 +40,27 @@ namespace DeviceUsageStats { DelayedSingleton::GetInstance()->RegisterAppGroupCallBack(appGroupCallback); DelayedSingleton::GetInstance()->UnRegisterAppGroupCallBack(appGroupCallback); bool result = false; - int32_t userId = static_cast(GetU32Data(data)); - std::string inputBundlName(data); + int32_t userId = fdp->ConsumeIntegral(); + std::string inputBundlName = fdp->ConsumeRandomLengthString(); DelayedSingleton::GetInstance()->IsBundleIdle(result, inputBundlName, userId); DelayedSingleton::GetInstance()->IsBundleUsePeriod(result, inputBundlName, userId); DelayedSingleton::GetInstance()->GetApplicationUsePeriodicallyConfig(); return true; } - bool BundleActiveServiceDumpFuzzTest(const char* data, size_t size) + bool BundleActiveServiceDumpFuzzTest(FuzzedDataProvider* fdp) { - int32_t fd = static_cast(GetU32Data(data)); + int32_t fd = fdp->ConsumeIntegral(); std::vector args; - args = {to_utf16(std::to_string(GetU32Data(data)))}; + uint32_t data = fdp->ConsumeIntegral(); + args = {to_utf16(std::to_string(data))}; DelayedSingleton::GetInstance()->Dump(fd, args); DelayedSingleton::GetInstance()->AllowDump(); std::vector dumpOption = { - std::to_string(GetU32Data(data)), std::to_string(GetU32Data(data)), - std::to_string(GetU32Data(data)), std::to_string(GetU32Data(data)), - std::to_string(GetU32Data(data)), std::to_string(GetU32Data(data))}; + std::to_string(data), std::to_string(data), + std::to_string(data), std::to_string(data), + std::to_string(data), std::to_string(data)}; std::vector dumpInfo; DelayedSingleton::GetInstance()->ShellDump(dumpOption, dumpInfo); dumpInfo.clear(); @@ -88,30 +79,9 @@ namespace DeviceUsageStats { /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - return 0; - } - - if (size < OHOS::DeviceUsageStats::U32_AT_SIZE) { - return 0; - } - char* ch = (char *)malloc(size + 1); - if (ch == nullptr) { - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size, data, size) != EOK) { - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(ch, size); - OHOS::DeviceUsageStats::BundleActiveServiceDumpFuzzTest(ch, size); - free(ch); - ch = nullptr; + FuzzedDataProvider fdp(data, size); + OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(&fdp); + OHOS::DeviceUsageStats::BundleActiveServiceDumpFuzzTest(&fdp); return 0; } diff --git a/test/fuzztest/bundleactiveonremoterequest_fuzzer/bundleactiveonremoterequest_fuzzer.cpp b/test/fuzztest/bundleactiveonremoterequest_fuzzer/bundleactiveonremoterequest_fuzzer.cpp index 5f648ed..2f4e4ef 100644 --- a/test/fuzztest/bundleactiveonremoterequest_fuzzer/bundleactiveonremoterequest_fuzzer.cpp +++ b/test/fuzztest/bundleactiveonremoterequest_fuzzer/bundleactiveonremoterequest_fuzzer.cpp @@ -24,25 +24,15 @@ namespace OHOS { namespace DeviceUsageStats { - constexpr uint32_t U32_AT_SIZE = 4; constexpr uint32_t MAX_CODE = 14; // current max code is 14 - constexpr uint8_t TWENTYFOUR = 24; - constexpr uint8_t SIXTEEN = 16; - constexpr uint8_t EIGHT = 8; - constexpr uint8_t TWO = 2; - constexpr uint8_t THREE = 3; const std::u16string BUNDLE_ACTIVE_TOKEN = u"OHOS.DeviceUsageStats.IBundleActiveService"; bool isInited = false; - uint32_t GetU32Data(const char* ptr) - { - return (ptr[0] << TWENTYFOUR) | (ptr[1] << SIXTEEN) | (ptr[TWO] << EIGHT) | (ptr[THREE]); - } - bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) + bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider* fdp) { DelayedSingleton::GetInstance()->NativeTokenGet(); - uint32_t code = GetU32Data(data); + uint32_t code = fdp->ConsumeIntegral(); MessageParcel datas; datas.WriteInterfaceToken(BUNDLE_ACTIVE_TOKEN); datas.WriteBuffer(data, size); @@ -62,29 +52,8 @@ namespace DeviceUsageStats { /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - return 0; - } - - if (size < OHOS::DeviceUsageStats::U32_AT_SIZE) { - return 0; - } - char* ch = (char *)malloc(size + 1); - if (ch == nullptr) { - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size, data, size) != EOK) { - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(ch, size); - free(ch); - ch = nullptr; + FuzzedDataProvider fdp(data, size); + OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(&fdp); return 0; } diff --git a/test/fuzztest/bundleactivepowerstatecallbackproxy_fuzzer/bundleactivepowerstatecallbackproxy_fuzzer.cpp b/test/fuzztest/bundleactivepowerstatecallbackproxy_fuzzer/bundleactivepowerstatecallbackproxy_fuzzer.cpp index 0a3488e..c1c8d91 100644 --- a/test/fuzztest/bundleactivepowerstatecallbackproxy_fuzzer/bundleactivepowerstatecallbackproxy_fuzzer.cpp +++ b/test/fuzztest/bundleactivepowerstatecallbackproxy_fuzzer/bundleactivepowerstatecallbackproxy_fuzzer.cpp @@ -43,51 +43,10 @@ namespace DeviceUsageStats { static std::string g_defaultFormName = "defaultformname"; static int32_t DEFAULT_DIMENSION = 4; static int64_t DEFAULT_FORMID = 1; - constexpr uint32_t U32_AT_SIZE = 4; - - const uint8_t* g_data = nullptr; - size_t g_size = 0; - size_t g_pos; - - template - T GetData() - { - T object {}; - size_t objectSize = sizeof(object); - if (g_data == nullptr || objectSize > g_size - g_pos) { - return object; - } - errno_t ret = memcpy_s(&object, objectSize, g_data + g_pos, objectSize); - if (ret != EOK) { - return {}; - } - g_pos += objectSize; - return object; - } - - std::string GetStringFromData(int strlen) - { - if (strlen <= 0) { - return ""; - } - char cstr[strlen]; - cstr[strlen - 1] = '\0'; - for (int i = 0; i < strlen - 1; i++) { - char tmp = GetData(); - if (tmp == '\0') { - tmp = '1'; - } - cstr[i] = tmp; - } - std::string str(cstr); - return str; - } - bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) + bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider* fdp) { - g_data = data; - g_size = size; - uint32_t code = GetData(); + uint32_t code = fdp->ConsumeIntegral(); PowerMgr::PowerState state = static_cast(code); auto bundleActiveCore = std::make_shared(); BundleActivePowerStateCallbackService BundleActivePowerStateCallbackService(bundleActiveCore); @@ -95,17 +54,15 @@ namespace DeviceUsageStats { return true; } - bool BundleActiveClientFuzzTest(const uint8_t* data, size_t size) + bool BundleActiveClientFuzzTest(FuzzedDataProvider* fdp) { - g_data = data; - g_size = size; bool result = false; - int32_t userId = GetData(); - std::string inputBundleName = GetStringFromData(size); + uint32_t userId = fdp->ConsumeIntegral(); + std::string inputBundleName = fdp->ConsumeRandomLengthString(); sptr appGroupCallback = nullptr; - int32_t intervalType = GetData(); - int64_t beginTime = GetData(); - int64_t endTime = GetData(); + int32_t intervalType = fdp->ConsumeIntegral(); + int64_t beginTime = fdp->ConsumeIntegral(); + int64_t endTime = fdp->ConsumeIntegral(); DelayedSingleton::GetInstance()->GetBundleActiveProxy(); DelayedSingleton::GetInstance()->RegisterAppGroupCallBack(appGroupCallback); @@ -123,9 +80,8 @@ namespace DeviceUsageStats { std::vector bundleActiveEvent; DelayedSingleton::GetInstance()->QueryBundleEvents(bundleActiveEvent, beginTime, endTime, userId); - - int32_t newGroup = GetData(); - std::string bundleName = GetStringFromData(size); + int32_t newGroup = fdp->ConsumeIntegral(); + std::string bundleName = fdp->ConsumeRandomLengthString(); DelayedSingleton::GetInstance()->SetAppGroup(bundleName, newGroup, userId); std::vector eventStats; @@ -136,17 +92,14 @@ namespace DeviceUsageStats { return true; } - bool BundleActiveEventListFuzzTest(const uint8_t* data, size_t size) + bool BundleActiveEventListFuzzTest(FuzzedDataProvider* fdp) { - g_data = data; - g_size = size; - BundleActiveEventList right; - int64_t resultData = GetData(); + int64_t resultData = fdp->ConsumeIntegral(); auto combiner = std::make_shared(); BundleActiveEvent event; - event.bundleName_ = GetStringFromData(size); - event.continuousTaskAbilityName_ = GetStringFromData(size); - event.timeStamp_ = GetData(); + event.bundleName_ = fdp->ConsumeRandomLengthString(); + event.continuousTaskAbilityName_ = fdp->ConsumeRandomLengthString(); + event.timeStamp_ = fdp->ConsumeIntegral(); combiner->Size(); combiner->FindBestIndex(resultData); @@ -156,17 +109,15 @@ namespace DeviceUsageStats { return true; } - bool BundleActiveStatsCombinerFuzzTest(const uint8_t* data, size_t size) + bool BundleActiveStatsCombinerFuzzTest(FuzzedDataProvider* fdp) { - g_data = data; - g_size = size; auto combiner = std::make_shared>(); auto stats = std::make_shared(); auto packageStat = std::make_shared(); stats->bundleStats_.emplace("normal", packageStat); packageStat = nullptr; stats->bundleStats_.emplace("default", packageStat); - int64_t beginTime = GetData(); + int64_t beginTime = fdp->ConsumeIntegral(); std::vector accumulatedResult; combiner->combine(stats, accumulatedResult, beginTime); @@ -175,29 +126,17 @@ namespace DeviceUsageStats { eventCombiner->combine(stats, activeEventResult, beginTime); return true; } - bool SetGPos() - { - g_pos = 0; - return true; - } } // namespace DeviceUsageStats } // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - return 0; - } - - if (size < OHOS::DeviceUsageStats::U32_AT_SIZE) { - return 0; - } + FuzzedDataProvider fdp(data, size); OHOS::DeviceUsageStats::SetGPos(); - OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(data, size); - OHOS::DeviceUsageStats::BundleActiveClientFuzzTest(data, size); - OHOS::DeviceUsageStats::BundleActiveEventListFuzzTest(data, size); - OHOS::DeviceUsageStats::BundleActiveStatsCombinerFuzzTest(data, size); + OHOS::DeviceUsageStats::DoSomethingInterestingWithMyAPI(&fdp); + OHOS::DeviceUsageStats::BundleActiveClientFuzzTest(&fdp); + OHOS::DeviceUsageStats::BundleActiveEventListFuzzTest(&fdp); + OHOS::DeviceUsageStats::BundleActiveStatsCombinerFuzzTest(&fdp); return 0; } \ No newline at end of file -- Gitee