From 398eee0959dd855faac9406526f968b14133ce9e Mon Sep 17 00:00:00 2001 From: liuyuxiu Date: Fri, 22 Mar 2024 18:30:32 +0800 Subject: [PATCH 1/2] qos_manager add new fuzz test Signed-off-by: liuyuxiu --- test/fuzztest/concurrent_fuzzer/BUILD.gn | 2 +- .../concurrent_fuzzer/concurrent_fuzzer.cpp | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) diff --git a/test/fuzztest/concurrent_fuzzer/BUILD.gn b/test/fuzztest/concurrent_fuzzer/BUILD.gn index adcf0ff..b871024 100644 --- a/test/fuzztest/concurrent_fuzzer/BUILD.gn +++ b/test/fuzztest/concurrent_fuzzer/BUILD.gn @@ -15,7 +15,7 @@ import("//build/config/features.gni") import("//build/test.gni") ohos_fuzztest("ConcurrentFuzzTest") { - module_out_path = "qos_manager/qos_manager/" + module_out_path = "qos_manager/" fuzz_config_file = "../../../test/fuzztest/concurrent_fuzzer" include_dirs = [ "../../../include/", diff --git a/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp b/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp index d3917c2..0eba2d3 100644 --- a/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp +++ b/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp @@ -478,6 +478,67 @@ bool FuzzConcurrentTaskServiceStubRequestAuth(const uint8_t* data, size_t size) } return true; } + +bool FuzzConcurrentTaskServiceStubQueryDeadlineInner(const uint8_t* data, size_t size) +{ + g_baseFuzzData = data; + g_baseFuzzSize = size; + g_baseFuzzPos = 0; + MessageParcel data4; + int32_t intData; + const char *str2; + data4.WriteInterfaceToken(ConcurrentTaskServiceStub::GetDescriptor()); + if (size >= sizeof(int32_t)) { + intData = GetData(); + str2 = reinterpret_cast(data + g_baseFuzzPos); + size_t size1 = (size - g_baseFuzzPos) > LEN ? LEN : (size - g_baseFuzzPos); + std::string str(str2, size1); + data4.WriteInt32(intData); + data4.WriteString(str); + } else if (size > 0) { + intData = GetData(); + data4.WriteInt32(intData); + } + + MessageParcel reply; + ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer(); + s.QueryDeadlineInner(data4, reply); + return true; +} + +bool FuzzConcurrentTaskServiceStubRequestAuthInner(const uint8_t* data, size_t size) +{ + if (data == nullptr) { + return false; + } + + MessageParcel data3; + data3.WriteInterfaceToken(ConcurrentTaskServiceStub::GetDescriptor()); + if (size >= sizeof(int)) { + const char *data1 = reinterpret_cast(data); + size_t size1 = size > LEN ? LEN : size; + std::string str1(data1, size1); + data3.WriteString(str1); + } else if (size == 0) { + std::string str1 = ""; + data3.WriteString(str1); + } + + MessageParcel reply; + ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer(); + s.RequestAuthInner(data3, reply); + return true; +} + +bool FuzzConcurrentTaskServiceStringToJson(const uint8_t* data, size_t size) +{ + const char *data1 = reinterpret_cast(data); + size_t size1 = size > LEN ? LEN : size; + std::string str(data1, size1); + ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer(); + s.StringToJson(str); + return true; + } } // namespace OHOS /* Fuzzer entry point */ @@ -510,5 +571,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::FuzzConcurrentTaskServiceAbilityOnStop(data, size); OHOS::FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(data, size); OHOS::FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(data, size); + OHOS::FuzzConcurrentTaskServiceStubQueryDeadlineInner(data, size); + OHOS::FuzzConcurrentTaskServiceStubRequestAuthInner(data, size); + OHOS::FuzzConcurrentTaskServiceStringToJson(data, size); return 0; } -- Gitee From af0f702ce400b1caf557042e2259579f507bf769 Mon Sep 17 00:00:00 2001 From: liuyuxiu Date: Sat, 23 Mar 2024 10:59:50 +0800 Subject: [PATCH 2/2] qos_manager add fuzz test Signed-off-by: liuyuxiu --- .../concurrent_fuzzer/concurrent_fuzzer.cpp | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp b/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp index 0eba2d3..87d5715 100644 --- a/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp +++ b/test/fuzztest/concurrent_fuzzer/concurrent_fuzzer.cpp @@ -20,6 +20,7 @@ #undef private #include "concurrent_task_service_proxy.h" #include "concurrent_task_service.h" +#include "concurrent_task_service_stub.h" #include "securec.h" #include "qos.h" #include "qos_interface.h" @@ -36,6 +37,21 @@ const uint8_t *g_baseFuzzData = nullptr; size_t g_baseFuzzSize = 0; size_t g_baseFuzzPos; #define QUADRUPLE 4 +#define LEN 4 + +class ConcurrentTaskServiceStubFuzer : public ConcurrentTaskServiceStub { +public: + ConcurrentTaskServiceStubFuzer() = default; + virtual ~ConcurrentTaskServiceStubFuzer() = default; + void ReportData(uint32_t resType, int64_t value, const Json::Value& payload) override + {} + void QueryInterval(int queryItem, IntervalReply& queryRs) override + {} + void QueryDeadline(int queryItem, DeadlineReply& ddlReply, const Json::Value& payload) override + {} + void RequestAuth(const Json::Value& payload) override + {} +}; namespace { constexpr int TEST_DATA_FIRST = 1; @@ -537,8 +553,8 @@ bool FuzzConcurrentTaskServiceStringToJson(const uint8_t* data, size_t size) std::string str(data1, size1); ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer(); s.StringToJson(str); - return true; - } + return true; +} } // namespace OHOS /* Fuzzer entry point */ -- Gitee