From 2d22846ac41120d0ff67285f35376eb8b8ae3255 Mon Sep 17 00:00:00 2001 From: wuzhihuitmac Date: Wed, 26 Oct 2022 04:22:29 +0000 Subject: [PATCH 1/2] add judgement about fuzz Signed-off-by: wuzhihuitmac Change-Id: I9f3974695490c53687fc9d19aa302a763bf6a849 --- interfaces/native/test/fuzztest/BUILD.gn | 6 +- .../fuzztest/getallsensors_fuzzer/BUILD.gn | 50 +++++++++++++++++ .../fuzztest/getallsensors_fuzzer/corpus/init | 14 +++++ .../getallsensors_fuzzer.cpp | 56 +++++++++++++++++++ .../getallsensors_fuzzer.h | 22 ++++++++ .../fuzztest/getallsensors_fuzzer/project.xml | 25 +++++++++ .../sensoragent_fuzzer/sensoragent_fuzzer.cpp | 9 ++- .../test/fuzztest/setmode_fuzzer/BUILD.gn | 51 +++++++++++++++++ .../test/fuzztest/setmode_fuzzer/corpus/init | 14 +++++ .../test/fuzztest/setmode_fuzzer/project.xml | 25 +++++++++ .../setmode_fuzzer/setmode_fuzzer.cpp | 54 ++++++++++++++++++ .../fuzztest/setmode_fuzzer/setmode_fuzzer.h | 22 ++++++++ 12 files changed, 345 insertions(+), 3 deletions(-) create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/project.xml create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h diff --git a/interfaces/native/test/fuzztest/BUILD.gn b/interfaces/native/test/fuzztest/BUILD.gn index bd9265b3..0ea4c43e 100644 --- a/interfaces/native/test/fuzztest/BUILD.gn +++ b/interfaces/native/test/fuzztest/BUILD.gn @@ -17,5 +17,9 @@ import("//build/test.gni") group("fuzztest") { testonly = true - deps = [ "sensoragent_fuzzer:fuzztest" ] + deps = [ + "getallsensors_fuzzer:fuzztest", + "sensoragent_fuzzer:fuzztest", + "setmode_fuzzer:fuzztest", + ] } diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn b/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn new file mode 100644 index 00000000..9b756ae1 --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +module_output_path = "sensors/sensor" + +ohos_fuzztest("GetAllSensorsFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = "//base/sensors/sensor/interfaces/native/test/fuzztest/getallsensors_fuzzer" + + include_dirs = [ + "//base/sensors/sensor/interfaces/native/test/fuzztest/getallsensors_fuzzer", + "//base/sensors/sensor/interfaces/native/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "getallsensors_fuzzer.cpp" ] + + deps = [ "//base/sensors/sensor/interfaces/native:sensor_interface_native" ] + + external_deps = [ "c_utils:utils" ] +} + +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":GetAllSensorsFuzzTest", + ] +} diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init b/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init new file mode 100644 index 00000000..c49c21aa --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp new file mode 100644 index 00000000..c84b740f --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getallsensors_fuzzer.h" + +#include "securec.h" + +#include "sensor_agent.h" +#include "sensor_agent_type.h" + +template +size_t GetObject(T &object, const uint8_t *data, size_t size) +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0; +} + +bool GetAllSensorsFuzzTest(const uint8_t* data, size_t size) +{ + if (data == nullptr || size < (sizeof(int32_t) + sizeof(SensorInfo))) { + return false; + } + int32_t count; + size_t startPos = 0; + startPos = GetObject(count, data + startPos, size - startPos); + SensorInfo info; + GetObject(info, data + startPos, size - startPos); + SensorInfo *info2; + info2 = &info; + if (GetAllSensors(&info2, &count) != 0) { + return false; + } + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + GetAllSensorsFuzzTest(data, size); + return 0; +} + diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h new file mode 100644 index 00000000..32bf74ad --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SENSOR_DISABLE_FUZZER_H +#define SENSOR_DISABLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "getallsensors_fuzzer" + +#endif + diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml b/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml new file mode 100644 index 00000000..20dc766d --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp b/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp index d780c28d..a8711e33 100644 --- a/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp +++ b/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp @@ -14,10 +14,12 @@ */ #include "sensoragent_fuzzer.h" + +#include "securec.h" +#include + #include "sensor_agent.h" #include "sensor_agent_type.h" -#include -#include void SensorDataCallbackImpl(SensorEvent *event) { @@ -45,6 +47,9 @@ bool CheckSensorTypeId(int32_t sensorTypeId) bool SensorAgentFuzzTest(const uint8_t* data, size_t size) { + if (data == nullptr || size < sizeof(int32_t)) { + return false; + } intptr_t sensorTypeId = reinterpret_cast(data); bool validSensorId = CheckSensorTypeId(sensorTypeId); SensorUser user; diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn b/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn new file mode 100644 index 00000000..541d20b5 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn @@ -0,0 +1,51 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +module_output_path = "sensors/sensor" + +ohos_fuzztest("SetModeFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = + "//base/sensors/sensor/interfaces/native/test/fuzztest/setmode_fuzzer" + + include_dirs = [ + "//base/sensors/sensor/interfaces/native/test/fuzztest/setmode_fuzzer", + "//base/sensors/sensor/interfaces/native/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "setmode_fuzzer.cpp" ] + + deps = [ "//base/sensors/sensor/interfaces/native:sensor_interface_native" ] + + external_deps = [ "c_utils:utils" ] +} + +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":SetModeFuzzTest", + ] +} diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init b/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init new file mode 100644 index 00000000..c49c21aa --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml b/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml new file mode 100644 index 00000000..20dc766d --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp new file mode 100644 index 00000000..a820148f --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setmode_fuzzer.h" + +#include "securec.h" + +#include "sensor_agent.h" +#include "sensor_agent_type.h" + +template +size_t GetObject(T &object, const uint8_t *data, size_t size) +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0; +} + +bool SetModeFuzzTest(const uint8_t* data, size_t size) +{ + if (data == nullptr || size < (sizeof(int32_t) + sizeof(SensorUser))) { + return false; + } + int32_t option; + size_t startPos = 0; + startPos = GetObject(option, data + startPos, size - startPos); + SensorUser user; + GetObject(user, data + startPos, size - startPos); + if (SetMode(option, &user, option) != 0) { + return false; + } + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + SetModeFuzzTest(data, size); + return 0; +} + diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h new file mode 100644 index 00000000..681ce9dd --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SENSOR_DISABLE_FUZZER_H +#define SENSOR_DISABLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "setmode_fuzzer" + +#endif + -- Gitee From 5ef9709b189a20b6bb23220709859e57c100af02 Mon Sep 17 00:00:00 2001 From: wuzhihuitmac Date: Thu, 27 Oct 2022 04:10:43 +0000 Subject: [PATCH 2/2] modify the order of parameter Signed-off-by: wuzhihuitmac Change-Id: I13f3f3d0c7c71bfb350103dd7d0be7406fe5b4ea --- .../fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp | 6 +++--- .../native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) mode change 100644 => 100755 interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp mode change 100644 => 100755 interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp old mode 100644 new mode 100755 index c84b740f..233cdd22 --- a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp @@ -21,7 +21,7 @@ #include "sensor_agent_type.h" template -size_t GetObject(T &object, const uint8_t *data, size_t size) +size_t GetObject(const uint8_t *data, size_t size, T &object) { size_t objectSize = sizeof(object); if (objectSize > size) { @@ -37,9 +37,9 @@ bool GetAllSensorsFuzzTest(const uint8_t* data, size_t size) } int32_t count; size_t startPos = 0; - startPos = GetObject(count, data + startPos, size - startPos); + startPos = GetObject(data + startPos, size - startPos, count); SensorInfo info; - GetObject(info, data + startPos, size - startPos); + GetObject(data + startPos, size - startPos, info); SensorInfo *info2; info2 = &info; if (GetAllSensors(&info2, &count) != 0) { diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp old mode 100644 new mode 100755 index a820148f..53ad7030 --- a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp @@ -21,7 +21,7 @@ #include "sensor_agent_type.h" template -size_t GetObject(T &object, const uint8_t *data, size_t size) +size_t GetObject(const uint8_t *data, size_t size, T &object) { size_t objectSize = sizeof(object); if (objectSize > size) { @@ -37,9 +37,9 @@ bool SetModeFuzzTest(const uint8_t* data, size_t size) } int32_t option; size_t startPos = 0; - startPos = GetObject(option, data + startPos, size - startPos); + startPos = GetObject(data + startPos, size - startPos, option); SensorUser user; - GetObject(user, data + startPos, size - startPos); + GetObject(data + startPos, size - startPos, user); if (SetMode(option, &user, option) != 0) { return false; } -- Gitee