From 1ea2af6f90cbde9bd5b6df5f2c74367e406e9c8a Mon Sep 17 00:00:00 2001
From: wuzhihuitmac <wuzhihui4@huawei.com>
Date: Wed, 8 Mar 2023 10:26:10 +0000
Subject: [PATCH 1/2] add fuzz case about IsSupportEffect&PlayVibratorCustom

Signed-off-by: wuzhihuitmac <wuzhihui4@huawei.com>
Change-Id: Ia365fb41035dd07b9b95f4f03f585fce35e5b397
---
 .../native/vibrator/test/fuzztest/BUILD.gn    |  2 +
 .../fuzztest/issupporteffect_fuzzer/BUILD.gn  | 49 +++++++++++++
 .../issupporteffect_fuzzer/corpus/init        | 14 ++++
 .../issupporteffect_fuzzer.cpp                | 70 +++++++++++++++++++
 .../issupporteffect_fuzzer.h                  | 22 ++++++
 .../issupporteffect_fuzzer/project.xml        | 25 +++++++
 .../playvibratorcustom_fuzzer/BUILD.gn        | 49 +++++++++++++
 .../playvibratorcustom_fuzzer/corpus/init     | 14 ++++
 .../playvibratorcustom_fuzzer.cpp             | 67 ++++++++++++++++++
 .../playvibratorcustom_fuzzer.h               | 22 ++++++
 .../playvibratorcustom_fuzzer/project.xml     | 25 +++++++
 11 files changed, 359 insertions(+)
 create mode 100644 interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/BUILD.gn
 create mode 100644 interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/corpus/init
 create mode 100644 interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp
 create mode 100644 interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.h
 create mode 100644 interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/project.xml
 create mode 100644 interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/BUILD.gn
 create mode 100644 interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/corpus/init
 create mode 100644 interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.cpp
 create mode 100644 interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.h
 create mode 100644 interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/project.xml

diff --git a/interfaces/native/vibrator/test/fuzztest/BUILD.gn b/interfaces/native/vibrator/test/fuzztest/BUILD.gn
index e62c755..27311fe 100755
--- a/interfaces/native/vibrator/test/fuzztest/BUILD.gn
+++ b/interfaces/native/vibrator/test/fuzztest/BUILD.gn
@@ -19,6 +19,8 @@ group("fuzztest") {
   testonly = true
   deps = []
   deps += [
+    "issupporteffect_fuzzer:fuzztest",
+    "playvibratorcustom_fuzzer:fuzztest",
     "setloopcount_fuzzer:fuzztest",
     "setusage_fuzzer:fuzztest",
     "startvibrator_fuzzer:fuzztest",
diff --git a/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/BUILD.gn b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/BUILD.gn
new file mode 100644
index 0000000..4c8994e
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/BUILD.gn
@@ -0,0 +1,49 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+module_output_path = "sensors/vibrator"
+
+ohos_fuzztest("IsSupportEffectFuzzTest") {
+  module_out_path = module_output_path
+
+  fuzz_config_file = "//base/sensors/miscdevice/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer"
+
+  include_dirs = [
+    "//base/sensors/miscdevice/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer",
+    "//base/sensors/miscdevice/interfaces/native/vibrator/include",
+  ]
+
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+
+  sources = [ "issupporteffect_fuzzer.cpp" ]
+
+  deps = [ "//base/sensors/miscdevice/interfaces/native/vibrator:vibrator_interface_native" ]
+  external_deps = [ "c_utils:utils" ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = []
+  deps += [
+    # deps file
+    ":IsSupportEffectFuzzTest",
+  ]
+}
diff --git a/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/corpus/init b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/corpus/init
new file mode 100644
index 0000000..c49c21a
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/corpus/init
@@ -0,0 +1,14 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ
\ No newline at end of file
diff --git a/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp
new file mode 100644
index 0000000..f8005ea
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "issupporteffect_fuzzer.h"
+
+#include "securec.h"
+
+#include "vibrator_agent.h"
+
+namespace OHOS {
+namespace Sensors {
+namespace {
+constexpr size_t DATA_MIN_SIZE = 2;
+constexpr char END_CHAR = '\0';
+constexpr size_t LEN = 10;
+} // namespace
+
+template<class T>
+size_t GetObject(const uint8_t *data, size_t size, T &object)
+{
+    size_t objectSize = sizeof(object);
+    if (objectSize > size) {
+        return 0;
+    }
+    errno_t ret = memcpy_s(&object, objectSize, data, objectSize);
+    if (ret != EOK) {
+        return 0;
+    }
+    return objectSize;
+}
+
+bool IsSupportEffectFuzzTest(const uint8_t* data, size_t size)
+{
+    if (data == nullptr || size < DATA_MIN_SIZE) {
+        return false;
+    }
+    size_t startPos = 0;
+    char effectId[LEN + 1];
+    effectId[LEN] = END_CHAR;
+    for (size_t i = 0; i < LEN; i++) {
+        startPos += GetObject<char>(data + startPos, size - startPos, effectId[i]);
+    }
+    bool state { false };
+    GetObject<bool>(data + startPos, size - startPos, state);
+    int32_t ret = OHOS::Sensors::IsSupportEffect(effectId, &state);
+    if (ret != 0) {
+        return false;
+    }
+    return true;
+}
+} // Sensors
+} // OHOS
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    OHOS::Sensors::IsSupportEffectFuzzTest(data, size);
+    return 0;
+}
\ No newline at end of file
diff --git a/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.h b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.h
new file mode 100644
index 0000000..57a2053
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SENSOR_DISABLE_FUZZER_H
+#define SENSOR_DISABLE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "issupporteffect_fuzzer"
+
+#endif
+
diff --git a/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/project.xml b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/project.xml
new file mode 100644
index 0000000..20dc766
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>120</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>2048</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/BUILD.gn b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/BUILD.gn
new file mode 100644
index 0000000..d18f8f9
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/BUILD.gn
@@ -0,0 +1,49 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+module_output_path = "sensors/vibrator"
+
+ohos_fuzztest("PlayVibratorCustomFuzzTest") {
+  module_out_path = module_output_path
+
+  fuzz_config_file = "//base/sensors/miscdevice/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer"
+
+  include_dirs = [
+    "//base/sensors/miscdevice/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer",
+    "//base/sensors/miscdevice/interfaces/native/vibrator/include",
+  ]
+
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+
+  sources = [ "playvibratorcustom_fuzzer.cpp" ]
+
+  deps = [ "//base/sensors/miscdevice/interfaces/native/vibrator:vibrator_interface_native" ]
+  external_deps = [ "c_utils:utils" ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = []
+  deps += [
+    # deps file
+    ":PlayVibratorCustomFuzzTest",
+  ]
+}
diff --git a/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/corpus/init b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/corpus/init
new file mode 100644
index 0000000..c49c21a
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/corpus/init
@@ -0,0 +1,14 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ
\ No newline at end of file
diff --git a/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.cpp b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.cpp
new file mode 100644
index 0000000..45e7612
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.cpp
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "playvibratorcustom_fuzzer.h"
+
+#include "securec.h"
+
+#include "vibrator_agent.h"
+
+namespace OHOS {
+namespace Sensors {
+namespace {
+constexpr size_t DATA_MIN_SIZE = 2;
+} // namespace
+
+template<class T>
+size_t GetObject(const uint8_t *data, size_t size, T &object)
+{
+    size_t objectSize = sizeof(object);
+    if (objectSize > size) {
+        return 0;
+    }
+    errno_t ret = memcpy_s(&object, objectSize, data, objectSize);
+    if (ret != EOK) {
+        return 0;
+    }
+    return objectSize;
+}
+
+bool PlayVibratorCustomFuzzTest(const uint8_t* data, size_t size)
+{
+    if (data == nullptr || size < DATA_MIN_SIZE) {
+        return false;
+    }
+    size_t startPos = 0;
+    int32_t fd { 0 };
+    startPos += GetObject<int32_t>(data + startPos, size - startPos, fd);
+    int64_t offset { 0 };
+    startPos += GetObject<int64_t>(data + startPos, size - startPos, offset);
+    int64_t length { 0 };
+    GetObject<int64_t>(data + startPos, size - startPos, length);
+    int32_t ret = OHOS::Sensors::PlayVibratorCustom(fd, offset, length);
+    if (ret != 0) {
+        return false;
+    }
+    return true;
+}
+} // Sensors
+} // OHOS
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    OHOS::Sensors::PlayVibratorCustomFuzzTest(data, size);
+    return 0;
+}
\ No newline at end of file
diff --git a/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.h b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.h
new file mode 100644
index 0000000..57a2053
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/playvibratorcustom_fuzzer.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SENSOR_DISABLE_FUZZER_H
+#define SENSOR_DISABLE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "issupporteffect_fuzzer"
+
+#endif
+
diff --git a/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/project.xml b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/project.xml
new file mode 100644
index 0000000..20dc766
--- /dev/null
+++ b/interfaces/native/vibrator/test/fuzztest/playvibratorcustom_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>120</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>2048</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
-- 
Gitee


From 19cc3a9a2274b5e3b66c642b26c1a828fc3bd0d5 Mon Sep 17 00:00:00 2001
From: wuzhihuitmac <wuzhihui4@huawei.com>
Date: Thu, 9 Mar 2023 01:15:47 +0000
Subject: [PATCH 2/2] add fuzz case about IsSupportEffect&PlayVibratorCustom

Signed-off-by: wuzhihuitmac <wuzhihui4@huawei.com>
Change-Id: I85b266f71577226f5a76cd34df592d0ebd41e75c
---
 .../fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp
index f8005ea..1742ec3 100644
--- a/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp
+++ b/interfaces/native/vibrator/test/fuzztest/issupporteffect_fuzzer/issupporteffect_fuzzer.cpp
@@ -49,7 +49,7 @@ bool IsSupportEffectFuzzTest(const uint8_t* data, size_t size)
     size_t startPos = 0;
     char effectId[LEN + 1];
     effectId[LEN] = END_CHAR;
-    for (size_t i = 0; i < LEN; i++) {
+    for (size_t i = 0; i < LEN; ++i) {
         startPos += GetObject<char>(data + startPos, size - startPos, effectId[i]);
     }
     bool state { false };
-- 
Gitee