diff --git a/frameworks/concurrent_task_client/libconcurrent_task_client.versionscript b/frameworks/concurrent_task_client/libconcurrent_task_client.versionscript index 591eb0e01b1b123db9f662b1ac52a74227c2a30d..7c3520b7192e34729ff32db75b481a67f760c220 100644 --- a/frameworks/concurrent_task_client/libconcurrent_task_client.versionscript +++ b/frameworks/concurrent_task_client/libconcurrent_task_client.versionscript @@ -16,6 +16,7 @@ extern "C++" { OHOS::ConcurrentTask::ConcurrentTaskClient::*; }; + CTC_QueryInterval; local: *; }; \ No newline at end of file diff --git a/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp b/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp index 0f6ee7955b69ed84a48e1716444471c4d4548038..e442480cc61bef57b68daa8fc3626e030d0edb07 100644 --- a/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp +++ b/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp @@ -25,14 +25,14 @@ #include "qos_interface.h" #include "qos_policy.h" #include "system_ability_definition.h" +#include using namespace OHOS::ConcurrentTask; using namespace OHOS::QOS; namespace OHOS { -const uint8_t *g_baseFuzzData = nullptr; -size_t g_baseFuzzSize = 0; -size_t g_baseFuzzPos; +const int START_TIME = 20; +const int END_TIME = 40; #define QUADRUPLE 4 #define LEN 4 @@ -48,31 +48,14 @@ namespace { constexpr int TEST_DATA_TENTH = 10; } -template T GetData() -{ - T object{}; - size_t objectSize = sizeof(object); - if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) { - return object; - } - ErrCode ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize); - if (ret != ERR_OK) { - return {}; - } - g_baseFuzzPos += objectSize; - return object; -} - bool FuzzConcurrentTaskServiceReportData(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { MessageParcel data1; Parcel parcel; sptr iremoteobject = IRemoteObject::Unmarshalling(parcel); - int intdata = GetData(); + int intdata = fdp.ConsumeIntegral(); void *voiddata = &intdata; size_t size1 = sizeof(int); data1.WriteRemoteObject(iremoteobject); @@ -89,14 +72,12 @@ bool FuzzConcurrentTaskServiceReportData(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceReportSceneInfo(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { MessageParcel data1; Parcel parcel; sptr iremoteobject = IRemoteObject::Unmarshalling(parcel); - int intdata = GetData(); + int intdata = fdp.ConsumeIntegral(); void *voiddata = &intdata; size_t size1 = sizeof(int); data1.WriteRemoteObject(iremoteobject); @@ -113,14 +94,12 @@ bool FuzzConcurrentTaskServiceReportSceneInfo(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceQueryInterval(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { MessageParcel data1; Parcel parcel; sptr iremoteobject = IRemoteObject::Unmarshalling(parcel); - int intdata = GetData(); + int intdata = fdp.ConsumeIntegral(); void *voiddata = &intdata; size_t size1 = sizeof(int); data1.WriteRemoteObject(iremoteobject); @@ -137,14 +116,12 @@ bool FuzzConcurrentTaskServiceQueryInterval(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceQueryDeadline(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { MessageParcel data1; Parcel parcel; sptr iremoteobject = IRemoteObject::Unmarshalling(parcel); - int intdata = GetData(); + int intdata = fdp.ConsumeIntegral(); void *voiddata = &intdata; size_t size1 = sizeof(int); data1.WriteRemoteObject(iremoteobject); @@ -161,14 +138,12 @@ bool FuzzConcurrentTaskServiceQueryDeadline(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceSetAudioDeadline(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { MessageParcel data1; Parcel parcel; sptr iremoteobject = IRemoteObject::Unmarshalling(parcel); - int intdata = GetData(); + int intdata = fdp.ConsumeIntegral(); void *voiddata = &intdata; size_t size1 = sizeof(int); data1.WriteRemoteObject(iremoteobject); @@ -185,14 +160,12 @@ bool FuzzConcurrentTaskServiceSetAudioDeadline(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceRequestAuth(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { MessageParcel data1; Parcel parcel; sptr iremoteobject = IRemoteObject::Unmarshalling(parcel); - int intdata = GetData(); + int intdata = fdp.ConsumeIntegral(); void *voiddata = &intdata; size_t size1 = sizeof(int); data1.WriteRemoteObject(iremoteobject); @@ -209,20 +182,15 @@ bool FuzzConcurrentTaskServiceRequestAuth(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceStopRemoteObject(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; ConcurrentTaskClient::GetInstance().StopRemoteObject(); return true; } bool FuzzConcurrentTaskServiceSetThreadQos(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { - int level = GetData(); + int level = fdp.ConsumeIntegral(); level = level % TEST_DATA_TENTH; if (level == TEST_DATA_FIFTH || level == TEST_DATA_SECOND) { QOS::SetThreadQos(QOS::QosLevel::QOS_BACKGROUND); @@ -239,12 +207,10 @@ bool FuzzConcurrentTaskServiceSetThreadQos(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceSetQosForOtherThread(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { - int level = GetData(); - int tid = GetData(); + int level = fdp.ConsumeIntegral(); + int tid = fdp.ConsumeIntegral(); level = level % TEST_DATA_TENTH; if (level == TEST_DATA_FIRST || level == TEST_DATA_SECOND) { QOS::SetQosForOtherThread(QOS::QosLevel::QOS_BACKGROUND, tid); @@ -261,20 +227,15 @@ bool FuzzConcurrentTaskServiceSetQosForOtherThread(const uint8_t* data, size_t s bool FuzzConcurrentTaskServiceResetThreadQos(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; QOS::ResetThreadQos(); return true; } bool FuzzConcurrentTaskServiceResetQosForOtherThread(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { - int tid = GetData(); + int tid = fdp.ConsumeIntegral(); QOS::ResetQosForOtherThread(tid); } return true; @@ -282,9 +243,6 @@ bool FuzzConcurrentTaskServiceResetQosForOtherThread(const uint8_t* data, size_t void FuzzQosPolicyInit(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; QosPolicy qosPolicy; qosPolicy.Init(); return; @@ -292,11 +250,9 @@ void FuzzQosPolicyInit(const uint8_t* data, size_t size) bool FuzzQosInterfaceEnableRtg(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { - bool flag = GetData(); + bool flag = fdp.ConsumeIntegral(); EnableRtg(flag); } return true; @@ -304,20 +260,15 @@ bool FuzzQosInterfaceEnableRtg(const uint8_t* data, size_t size) bool FuzzQosInterfaceQosLeave(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; QosLeave(); return true; } bool FuzzConcurrentTaskServiceAbilityOnStart(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int32_t) + sizeof(int32_t)) { - int32_t sysAbilityId = GetData(); + int32_t sysAbilityId = fdp.ConsumeIntegral(); if ((sysAbilityId > ASSET_SERVICE_ID) && (sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN)) { bool runOnCreate = true; ConcurrentTaskServiceAbility concurrenttaskserviceability = @@ -330,13 +281,11 @@ bool FuzzConcurrentTaskServiceAbilityOnStart(const uint8_t* data, size_t size) bool FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int32_t) + sizeof(int32_t) + sizeof(int32_t)) { - int32_t sysAbilityId = GetData(); - int32_t taskServiceId = GetData(); - std::string deviceId = std::to_string(GetData()); + int32_t sysAbilityId = fdp.ConsumeIntegral(); + int32_t taskServiceId = fdp.ConsumeIntegral(); + std::string deviceId = std::to_string(fdp.ConsumeIntegral()); if ((sysAbilityId > ASSET_SERVICE_ID && sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN) && (taskServiceId > ASSET_SERVICE_ID && taskServiceId < VENDOR_SYS_ABILITY_ID_BEGIN)) { bool runOnCreate = true; @@ -350,13 +299,11 @@ bool FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(const uint8_t* data, siz bool FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int32_t) + sizeof(int32_t) + sizeof(int32_t)) { - int32_t sysAbilityId = GetData(); - int32_t taskServiceId = GetData(); - std::string deviceId = std::to_string(GetData()); + int32_t sysAbilityId = fdp.ConsumeIntegral(); + int32_t taskServiceId = fdp.ConsumeIntegral(); + std::string deviceId = std::to_string(fdp.ConsumeIntegral()); if ((sysAbilityId > ASSET_SERVICE_ID && sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN) && (taskServiceId > ASSET_SERVICE_ID && taskServiceId < VENDOR_SYS_ABILITY_ID_BEGIN)) { bool runOnCreate = true; @@ -370,14 +317,12 @@ bool FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(const uint8_t* data, bool FuzzConcurrentTaskClientReportData(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(pid_t) + sizeof(uint32_t)) { - uint32_t resType = GetData(); - int64_t value = GetData(); + uint32_t resType = fdp.ConsumeIntegral(); + int64_t value = fdp.ConsumeIntegral(); std::unordered_map mapPayload; - mapPayload["218211"] = std::to_string(GetData()); + mapPayload["218211"] = std::to_string(fdp.ConsumeIntegral()); ConcurrentTaskClient::GetInstance().ReportData(resType, value, mapPayload); } return true; @@ -385,13 +330,11 @@ bool FuzzConcurrentTaskClientReportData(const uint8_t* data, size_t size) bool FuzzConcurrentTaskClientReportSceneInfo(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(pid_t) + sizeof(uint32_t)) { - uint32_t type = GetData(); + uint32_t type = fdp.ConsumeIntegral(); std::unordered_map mapPayload; - mapPayload["218222"] = std::to_string(GetData()); + mapPayload["218222"] = std::to_string(fdp.ConsumeIntegral()); ConcurrentTaskClient::GetInstance().ReportSceneInfo(type, mapPayload); } return true; @@ -399,11 +342,9 @@ bool FuzzConcurrentTaskClientReportSceneInfo(const uint8_t* data, size_t size) bool FuzzConcurrentTaskClientQueryInterval(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { - int queryItem = GetData(); + int queryItem = fdp.ConsumeIntegral(); queryItem = queryItem % (QURRY_TYPE_MAX + 1); IntervalReply queryRs; ConcurrentTaskClient::GetInstance().QueryInterval(queryItem, queryRs); @@ -413,15 +354,13 @@ bool FuzzConcurrentTaskClientQueryInterval(const uint8_t* data, size_t size) bool FuzzConcurrentTaskClientQueryDeadline(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(pid_t) + sizeof(uint32_t)) { - int queryItem = GetData(); + int queryItem = fdp.ConsumeIntegral(); queryItem = queryItem % (QURRY_TYPE_MAX + 1); DeadlineReply ddlReply; - pid_t pid = GetData(); - uint32_t qos = GetData(); + pid_t pid = fdp.ConsumeIntegral(); + uint32_t qos = fdp.ConsumeIntegral(); std::unordered_map mapPayload; mapPayload.insert(std::pair(pid, qos)); ConcurrentTaskClient::GetInstance().QueryDeadline(queryItem, ddlReply, mapPayload); @@ -431,27 +370,23 @@ bool FuzzConcurrentTaskClientQueryDeadline(const uint8_t* data, size_t size) bool FuzzConcurrentTaskClientSetAudioDeadline(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { - int queryItem = GetData(); + int queryItem = fdp.ConsumeIntegral(); queryItem = queryItem % (AUDIO_DDL_REMOVE_THREAD + 1); IntervalReply queryRs; - ConcurrentTaskClient::GetInstance().SetAudioDeadline(queryItem, 20, 40, queryRs); + ConcurrentTaskClient::GetInstance().SetAudioDeadline(queryItem, START_TIME, END_TIME, queryRs); } return true; } bool FuzzConcurrentTaskClinetRequestAuth(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int32_t)) { MessageParcel data1; std::unordered_map mapPayload; - mapPayload["2182"] = std::to_string(GetData()); + mapPayload["2182"] = std::to_string(fdp.ConsumeIntegral()); ConcurrentTaskClient::GetInstance().RequestAuth(mapPayload); } return true; @@ -459,24 +394,19 @@ bool FuzzConcurrentTaskClinetRequestAuth(const uint8_t* data, size_t size) bool FuzzConcurrentTaskClientStopRemoteObject(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; ConcurrentTaskClient::GetInstance().StopRemoteObject(); return true; } bool FuzzConcurrentTaskControllerInterfaceReportData(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(uint32_t) + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint32_t)) { - uint32_t resType = GetData(); - int64_t value = GetData(); + uint32_t resType = fdp.ConsumeIntegral(); + int64_t value = fdp.ConsumeIntegral(); Json::Value jsValue; - jsValue["1111"] = std::to_string(GetData()); - jsValue["2222"] = std::to_string(GetData()); + jsValue["1111"] = std::to_string(fdp.ConsumeIntegral()); + jsValue["2222"] = std::to_string(fdp.ConsumeIntegral()); TaskControllerInterface::GetInstance().ReportData(resType, value, jsValue); } return true; @@ -484,14 +414,12 @@ bool FuzzConcurrentTaskControllerInterfaceReportData(const uint8_t* data, size_t bool FuzzConcurrentTaskControllerInterfaceReportSceneInfo(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t)) { - uint32_t resType = GetData(); + uint32_t resType = fdp.ConsumeIntegral(); Json::Value jsValue; - jsValue["1111"] = std::to_string(GetData()); - jsValue["2222"] = std::to_string(GetData()); + jsValue["1111"] = std::to_string(fdp.ConsumeIntegral()); + jsValue["2222"] = std::to_string(fdp.ConsumeIntegral()); TaskControllerInterface::GetInstance().ReportSceneInfo(resType, jsValue); } return true; @@ -499,12 +427,10 @@ bool FuzzConcurrentTaskControllerInterfaceReportSceneInfo(const uint8_t* data, s bool FuzzConcurrentTaskControllerInterfaceQueryInterval(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { ConcurrentTaskService s = ConcurrentTaskService(); - int queryItem = GetData(); + int queryItem = fdp.ConsumeIntegral(); queryItem = queryItem % (QURRY_TYPE_MAX + 1); IntervalReply queryRs; TaskControllerInterface::GetInstance().QueryInterval(queryItem, queryRs); @@ -514,16 +440,14 @@ bool FuzzConcurrentTaskControllerInterfaceQueryInterval(const uint8_t* data, siz bool FuzzConcurrentTaskControllerInterfaceQueryDeadline(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int) + sizeof(int)) { - int deadlineType = GetData(); + int deadlineType = fdp.ConsumeIntegral(); deadlineType = deadlineType % (MSG_GAME + 1); DeadlineReply queryRs; Json::Value jsValue; - jsValue["2123"] = std::to_string(GetData()); - jsValue["2333"] = std::to_string(GetData()); + jsValue["2123"] = std::to_string(fdp.ConsumeIntegral()); + jsValue["2333"] = std::to_string(fdp.ConsumeIntegral()); ConcurrentTaskService s = ConcurrentTaskService(); TaskControllerInterface::GetInstance().QueryDeadline(deadlineType, queryRs, jsValue); } @@ -532,28 +456,24 @@ bool FuzzConcurrentTaskControllerInterfaceQueryDeadline(const uint8_t* data, siz bool FuzzConcurrentTaskControllerInterfaceSetAudioDeadline(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { ConcurrentTaskService s = ConcurrentTaskService(); - int queryItem = GetData(); + int queryItem = fdp.ConsumeIntegral(); queryItem = queryItem % (AUDIO_DDL_REMOVE_THREAD + 1); IntervalReply queryRs; - TaskControllerInterface::GetInstance().SetAudioDeadline(queryItem, 20, 40, queryRs); + TaskControllerInterface::GetInstance().SetAudioDeadline(queryItem, START_TIME, END_TIME, queryRs); } return true; } bool FuzzConcurrentTaskControllerInterfaceRequestAuth(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int) + sizeof(int)) { Json::Value payload; - payload["2187"] = std::to_string(GetData()); - payload["2376"] = std::to_string(GetData()); + payload["2187"] = std::to_string(fdp.ConsumeIntegral()); + payload["2376"] = std::to_string(fdp.ConsumeIntegral()); ConcurrentTaskService s = ConcurrentTaskService(); TaskControllerInterface::GetInstance().RequestAuth(payload); } @@ -574,12 +494,10 @@ bool FuzzConcurrentTaskControllerInterfaceRelease(const uint8_t* data, size_t si bool FuzzQosControllerGetThreadQosForOtherThread(const uint8_t* data, size_t size) { - g_baseFuzzData = data; - g_baseFuzzSize = size; - g_baseFuzzPos = 0; + FuzzedDataProvider fdp(data, size); if (size > sizeof(int)) { enum QosLevel level; - int tid = GetData(); + int tid = fdp.ConsumeIntegral(); QosController::GetInstance().GetThreadQosForOtherThread(level, tid); } return true;