diff --git a/interfaces/native/test/fuzztest/BUILD.gn b/interfaces/native/test/fuzztest/BUILD.gn index bd9265b34e40fd46a261ac7540859e2d47e65870..0ea4c43e43e847b36ae49b696d94ea3f16ad91ac 100644 --- a/interfaces/native/test/fuzztest/BUILD.gn +++ b/interfaces/native/test/fuzztest/BUILD.gn @@ -17,5 +17,9 @@ import("//build/test.gni") group("fuzztest") { testonly = true - deps = [ "sensoragent_fuzzer:fuzztest" ] + deps = [ + "getallsensors_fuzzer:fuzztest", + "sensoragent_fuzzer:fuzztest", + "setmode_fuzzer:fuzztest", + ] } diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn b/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..9b756ae1aba3570f92719a57690834df1eeff1cc --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +module_output_path = "sensors/sensor" + +ohos_fuzztest("GetAllSensorsFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = "//base/sensors/sensor/interfaces/native/test/fuzztest/getallsensors_fuzzer" + + include_dirs = [ + "//base/sensors/sensor/interfaces/native/test/fuzztest/getallsensors_fuzzer", + "//base/sensors/sensor/interfaces/native/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "getallsensors_fuzzer.cpp" ] + + deps = [ "//base/sensors/sensor/interfaces/native:sensor_interface_native" ] + + external_deps = [ "c_utils:utils" ] +} + +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":GetAllSensorsFuzzTest", + ] +} diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init b/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..c49c21aa8683c4d54af710059267afe15db14f96 --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp new file mode 100755 index 0000000000000000000000000000000000000000..fff3d9ea4374c6da8fd31e7bd16fd0370cccbb69 --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getallsensors_fuzzer.h" + +#include "securec.h" + +#include "sensor_agent.h" +#include "sensor_agent_type.h" + +template +size_t GetObject(const uint8_t *data, size_t size, T &object) ddd ccc +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0; +} + +bool GetAllSensorsFuzzTest(const uint8_t* data, size_t size) +{ + if (data == nullptr || size < (sizeof(int32_t) + sizeof(SensorInfo))) { + return false; + } + int32_t count; + size_t startPos = 0; + startPos = GetObject(data + startPos, size - startPos, count); + SensorInfo info; + GetObject(data + startPos, size - startPos, info); + SensorInfo *info2; + info2 = &info; + if (GetAllSensors(&info2, &count) != 0) { + return false; + } + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + GetAllSensorsFuzzTest(data, size); + return 0; +} + diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..32bf74add96937ef45632aabd252b62642252735 --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SENSOR_DISABLE_FUZZER_H +#define SENSOR_DISABLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "getallsensors_fuzzer" + +#endif + diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml b/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..20dc766db73742058c8300227a37ba63703fc683 --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp b/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp index d780c28d5d60f53c4dd2a410905958c1d82b32b5..a8711e336f2b6a5c305a537df78be396fe11ce8d 100644 --- a/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp +++ b/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp @@ -14,10 +14,12 @@ */ #include "sensoragent_fuzzer.h" + +#include "securec.h" +#include + #include "sensor_agent.h" #include "sensor_agent_type.h" -#include -#include void SensorDataCallbackImpl(SensorEvent *event) { @@ -45,6 +47,9 @@ bool CheckSensorTypeId(int32_t sensorTypeId) bool SensorAgentFuzzTest(const uint8_t* data, size_t size) { + if (data == nullptr || size < sizeof(int32_t)) { + return false; + } intptr_t sensorTypeId = reinterpret_cast(data); bool validSensorId = CheckSensorTypeId(sensorTypeId); SensorUser user; diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn b/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..541d20b581187663ca86c4210d3044cde18668b2 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn @@ -0,0 +1,51 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +module_output_path = "sensors/sensor" + +ohos_fuzztest("SetModeFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = + "//base/sensors/sensor/interfaces/native/test/fuzztest/setmode_fuzzer" + + include_dirs = [ + "//base/sensors/sensor/interfaces/native/test/fuzztest/setmode_fuzzer", + "//base/sensors/sensor/interfaces/native/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "setmode_fuzzer.cpp" ] + + deps = [ "//base/sensors/sensor/interfaces/native:sensor_interface_native" ] + + external_deps = [ "c_utils:utils" ] +} + +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":SetModeFuzzTest", + ] +} diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init b/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..c49c21aa8683c4d54af710059267afe15db14f96 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml b/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..20dc766db73742058c8300227a37ba63703fc683 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp new file mode 100755 index 0000000000000000000000000000000000000000..53ad70306dcb41069f802a20cb4b604a018ef9f7 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setmode_fuzzer.h" + +#include "securec.h" + +#include "sensor_agent.h" +#include "sensor_agent_type.h" + +template +size_t GetObject(const uint8_t *data, size_t size, T &object) +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0; +} + +bool SetModeFuzzTest(const uint8_t* data, size_t size) +{ + if (data == nullptr || size < (sizeof(int32_t) + sizeof(SensorUser))) { + return false; + } + int32_t option; + size_t startPos = 0; + startPos = GetObject(data + startPos, size - startPos, option); + SensorUser user; + GetObject(data + startPos, size - startPos, user); + if (SetMode(option, &user, option) != 0) { + return false; + } + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + SetModeFuzzTest(data, size); + return 0; +} + diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..681ce9dd80822b000103a2f9f0dd58d873eb9834 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SENSOR_DISABLE_FUZZER_H +#define SENSOR_DISABLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "setmode_fuzzer" + +#endif + diff --git a/interfaces/plugin/src/sensor_napi_utils.cpp b/interfaces/plugin/src/sensor_napi_utils.cpp index 4cfecb6827b2522fc6282b6e9610e95323881325..4185c16db65d798a1234825f31b558f26373d1c4 100644 --- a/interfaces/plugin/src/sensor_napi_utils.cpp +++ b/interfaces/plugin/src/sensor_napi_utils.cpp @@ -486,7 +486,7 @@ void EmitUvEventLoop(sptr asyncCallbackInfo) CHKPV(loop); uv_work_t *work = new(std::nothrow) uv_work_t; CHKPV(work); - asyncCallbackInfo->work = work; + // asyncCallbackInfo->work = work; asyncCallbackInfo->IncStrongRef(nullptr); work->data = asyncCallbackInfo.GetRefPtr(); int32_t ret = uv_queue_work(loop, work, [] (uv_work_t *work) { }, [] (uv_work_t *work, int status) { @@ -500,6 +500,7 @@ void EmitUvEventLoop(sptr asyncCallbackInfo) * count of the smart pointer is guaranteed to be 1. */ asyncCallbackInfo->DecStrongRef(nullptr); + freeWork(work); napi_handle_scope scope = nullptr; napi_open_handle_scope(asyncCallbackInfo->env, &scope); if (scope == nullptr) { @@ -531,12 +532,11 @@ void EmitUvEventLoop(sptr asyncCallbackInfo) } napi_close_handle_scope(asyncCallbackInfo->env, scope); asyncCallbackInfo->work = nullptr; - freeWork(work); }); if (ret != 0) { SEN_HILOGE("uv_queue_work fail"); asyncCallbackInfo->DecStrongRef(nullptr); - asyncCallbackInfo->work = nullptr; + // asyncCallbackInfo->work = nullptr; freeWork(work); } } diff --git a/sa_profile/3601.xml b/sa_profile/3601.xml index 07ab13871ade1506bbc21a1a5c9f1e980ced4980..ba89328edb8fed6b4fd10a3d201f99b412a5a602 100755 --- a/sa_profile/3601.xml +++ b/sa_profile/3601.xml @@ -22,3 +22,6 @@ 1 + + + \ No newline at end of file