From 772ab59f4c06e47979c0942fc815b6166e507db6 Mon Sep 17 00:00:00 2001
From: shenpeixing <shenpeixing2@huawei.com>
Date: Fri, 7 Feb 2025 10:37:40 +0800
Subject: [PATCH] =?UTF-8?q?=E9=9C=87=E6=84=9Fseek=E5=8A=9F=E8=83=BD?=
 =?UTF-8?q?=E6=B7=BB=E5=8A=A0fuzz=E7=94=A8=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: shenpeixing <shenpeixing2@huawei.com>
---
 test/fuzztest/vibrator/BUILD.gn               |  1 +
 .../seektimeonpackage_fuzzer/BUILD.gn         | 57 ++++++++++++
 .../seektimeonpackage_fuzzer/corpus/init      | 14 +++
 .../seektimeonpackage_fuzzer/project.xml      | 25 ++++++
 .../seektimeonpackage_fuzzer.cpp              | 88 +++++++++++++++++++
 .../seektimeonpackage_fuzzer.h                | 21 +++++
 6 files changed, 206 insertions(+)
 create mode 100644 test/fuzztest/vibrator/seektimeonpackage_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/vibrator/seektimeonpackage_fuzzer/corpus/init
 create mode 100644 test/fuzztest/vibrator/seektimeonpackage_fuzzer/project.xml
 create mode 100644 test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.cpp
 create mode 100644 test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.h

diff --git a/test/fuzztest/vibrator/BUILD.gn b/test/fuzztest/vibrator/BUILD.gn
index 88e4a83..e6d9a79 100644
--- a/test/fuzztest/vibrator/BUILD.gn
+++ b/test/fuzztest/vibrator/BUILD.gn
@@ -26,6 +26,7 @@ group("fuzztest") {
     "playprimitiveeffect_fuzzer:fuzztest",
     "playvibratorcustom_fuzzer:fuzztest",
     "preprocess_fuzzer:fuzztest",
+    "seektimeonpackage_fuzzer:fuzztest",
     "setloopcount_fuzzer:fuzztest",
     "setparameters_fuzzer:fuzztest",
     "setusage_fuzzer:fuzztest",
diff --git a/test/fuzztest/vibrator/seektimeonpackage_fuzzer/BUILD.gn b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/BUILD.gn
new file mode 100644
index 0000000..0487025
--- /dev/null
+++ b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/BUILD.gn
@@ -0,0 +1,57 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+import("./../../../../miscdevice.gni")
+
+ohos_fuzztest("SeekTimeOnPackageFuzzTest") {
+  module_out_path = FUZZ_MODULE_OUT_PATH
+
+  fuzz_config_file =
+      "$SUBSYSTEM_DIR/test/fuzztest/vibrator/seektimeonpackage_fuzzer"
+
+  include_dirs = [
+    "$SUBSYSTEM_DIR/frameworks/native/vibrator",
+    "$SUBSYSTEM_DIR/test/fuzztest/vibrator/seektimeonpackage_fuzzer",
+  ]
+
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+
+  sources = [ "seektimeonpackage_fuzzer.cpp" ]
+
+  deps =
+      [ "$SUBSYSTEM_DIR/frameworks/native/vibrator:vibrator_interface_native" ]
+
+  external_deps = [
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken_shared",
+    "access_token:libtokensetproc_shared",
+    "c_utils:utils",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = []
+  deps += [
+    # deps file
+    ":SeekTimeOnPackageFuzzTest",
+  ]
+}
diff --git a/test/fuzztest/vibrator/seektimeonpackage_fuzzer/corpus/init b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/corpus/init
new file mode 100644
index 0000000..65af8ee
--- /dev/null
+++ b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/corpus/init
@@ -0,0 +1,14 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/vibrator/seektimeonpackage_fuzzer/project.xml b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/project.xml
new file mode 100644
index 0000000..2eb360c
--- /dev/null
+++ b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2025 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>120</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>2048</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.cpp b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.cpp
new file mode 100644
index 0000000..588b434
--- /dev/null
+++ b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.cpp
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "seektimeonpackage_fuzzer.h"
+
+#include "accesstoken_kit.h"
+#include "nativetoken_kit.h"
+#include "securec.h"
+#include "token_setproc.h"
+#include "vibrator_agent.h"
+
+namespace OHOS {
+using namespace Security::AccessToken;
+using Security::AccessToken::AccessTokenID;
+namespace {
+constexpr size_t DATA_MIN_SIZE = 20;
+} // namespace
+
+template<class T>
+size_t GetObject(const uint8_t *data, size_t size, T &object)
+{
+    size_t objectSize = sizeof(object);
+    if (objectSize > size) {
+        return 0;
+    }
+    errno_t ret = memcpy_s(&object, objectSize, data, objectSize);
+    if (ret != EOK) {
+        return 0;
+    }
+    return objectSize;
+}
+
+void SetUpTestCase()
+{
+    const char **perms = new (std::nothrow) const char *[1];
+    if (perms == nullptr) {
+        return;
+    }
+    perms[0] = "ohos.permission.VIBRATE";
+    TokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .processName = "SeekTimeOnPackageTest",
+        .aplStr = "system_core",
+    };
+    uint64_t tokenId = GetAccessTokenId(&infoInstance);
+    SetSelfTokenID(tokenId);
+    AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+void SeekTimeOnPackageFuzzTest(const uint8_t *data, size_t size)
+{
+    if (data == nullptr || size < DATA_MIN_SIZE) {
+        return;
+    }
+    SetUpTestCase();
+    VibratorPackage packageIn{ 0 };
+    VibratorPackage packageOut{ 0 };
+    size_t startPos = 0;
+    startPos += GetObject<int32_t>(data + startPos, size - startPos, packageOut.patternNum);
+    GetObject<int32_t>(data + startPos, size - startPos, packageOut.packageDuration);
+    int32_t seekTime{ 0 };
+    OHOS::Sensors::SeekTimeOnPackage(seekTime, packageIn, packageOut);
+}
+} // namespace OHOS
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    OHOS::SeekTimeOnPackageFuzzTest(data, size);
+    return 0;
+}
\ No newline at end of file
diff --git a/test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.h b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.h
new file mode 100644
index 0000000..bf965af
--- /dev/null
+++ b/test/fuzztest/vibrator/seektimeonpackage_fuzzer/seektimeonpackage_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SEEK_TIME_ON_PACKAGE_FUZZER_H
+#define SEEK_TIME_ON_PACKAGE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "seektimeonpackage_fuzzer"
+
+#endif // SEEK_TIME_ON_PACKAGE_FUZZER_H
\ No newline at end of file
-- 
Gitee