From d1309ca4cc45fccd46729d2f4f08e9051e225c16 Mon Sep 17 00:00:00 2001 From: h00514358 Date: Fri, 28 Oct 2022 17:00:59 +0800 Subject: [PATCH 1/2] Add fuzz test Signed-off-by: h00514358 Change-Id: I5b93fbe95963e832b15e5b560dfa43edf81bf8c4 --- interfaces/native/test/fuzztest/BUILD.gn | 6 +- .../fuzztest/getallsensors_fuzzer/BUILD.gn | 50 +++++++++++++++++ .../fuzztest/getallsensors_fuzzer/corpus/init | 14 +++++ .../getallsensors_fuzzer.cpp | 56 +++++++++++++++++++ .../getallsensors_fuzzer.h | 22 ++++++++ .../fuzztest/getallsensors_fuzzer/project.xml | 25 +++++++++ .../sensoragent_fuzzer/sensoragent_fuzzer.cpp | 9 ++- .../test/fuzztest/setmode_fuzzer/BUILD.gn | 51 +++++++++++++++++ .../test/fuzztest/setmode_fuzzer/corpus/init | 14 +++++ .../test/fuzztest/setmode_fuzzer/project.xml | 25 +++++++++ .../setmode_fuzzer/setmode_fuzzer.cpp | 54 ++++++++++++++++++ .../fuzztest/setmode_fuzzer/setmode_fuzzer.h | 22 ++++++++ interfaces/plugin/src/sensor_napi_utils.cpp | 6 +- sa_profile/3601.xml | 3 + 14 files changed, 351 insertions(+), 6 deletions(-) create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init create mode 100755 interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h create mode 100644 interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/project.xml create mode 100755 interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp create mode 100644 interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h diff --git a/interfaces/native/test/fuzztest/BUILD.gn b/interfaces/native/test/fuzztest/BUILD.gn index bd9265b3..0ea4c43e 100644 --- a/interfaces/native/test/fuzztest/BUILD.gn +++ b/interfaces/native/test/fuzztest/BUILD.gn @@ -17,5 +17,9 @@ import("//build/test.gni") group("fuzztest") { testonly = true - deps = [ "sensoragent_fuzzer:fuzztest" ] + deps = [ + "getallsensors_fuzzer:fuzztest", + "sensoragent_fuzzer:fuzztest", + "setmode_fuzzer:fuzztest", + ] } diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn b/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn new file mode 100644 index 00000000..9b756ae1 --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +module_output_path = "sensors/sensor" + +ohos_fuzztest("GetAllSensorsFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = "//base/sensors/sensor/interfaces/native/test/fuzztest/getallsensors_fuzzer" + + include_dirs = [ + "//base/sensors/sensor/interfaces/native/test/fuzztest/getallsensors_fuzzer", + "//base/sensors/sensor/interfaces/native/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "getallsensors_fuzzer.cpp" ] + + deps = [ "//base/sensors/sensor/interfaces/native:sensor_interface_native" ] + + external_deps = [ "c_utils:utils" ] +} + +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":GetAllSensorsFuzzTest", + ] +} diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init b/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init new file mode 100644 index 00000000..c49c21aa --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp new file mode 100755 index 00000000..dd94ad75 --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getallsensors_fuzzer.h" + +#include "securec.h" + +#include "sensor_agent.h" +#include "sensor_agent_type.h" + +template +size_t GetObject(const uint8_t *data, size_t size, T &object) ddd +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0; +} + +bool GetAllSensorsFuzzTest(const uint8_t* data, size_t size) +{ + if (data == nullptr || size < (sizeof(int32_t) + sizeof(SensorInfo))) { + return false; + } + int32_t count; + size_t startPos = 0; + startPos = GetObject(data + startPos, size - startPos, count); + SensorInfo info; + GetObject(data + startPos, size - startPos, info); + SensorInfo *info2; + info2 = &info; + if (GetAllSensors(&info2, &count) != 0) { + return false; + } + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + GetAllSensorsFuzzTest(data, size); + return 0; +} + diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h new file mode 100644 index 00000000..32bf74ad --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SENSOR_DISABLE_FUZZER_H +#define SENSOR_DISABLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "getallsensors_fuzzer" + +#endif + diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml b/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml new file mode 100644 index 00000000..20dc766d --- /dev/null +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp b/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp index d780c28d..a8711e33 100644 --- a/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp +++ b/interfaces/native/test/fuzztest/sensoragent_fuzzer/sensoragent_fuzzer.cpp @@ -14,10 +14,12 @@ */ #include "sensoragent_fuzzer.h" + +#include "securec.h" +#include + #include "sensor_agent.h" #include "sensor_agent_type.h" -#include -#include void SensorDataCallbackImpl(SensorEvent *event) { @@ -45,6 +47,9 @@ bool CheckSensorTypeId(int32_t sensorTypeId) bool SensorAgentFuzzTest(const uint8_t* data, size_t size) { + if (data == nullptr || size < sizeof(int32_t)) { + return false; + } intptr_t sensorTypeId = reinterpret_cast(data); bool validSensorId = CheckSensorTypeId(sensorTypeId); SensorUser user; diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn b/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn new file mode 100644 index 00000000..541d20b5 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/BUILD.gn @@ -0,0 +1,51 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +module_output_path = "sensors/sensor" + +ohos_fuzztest("SetModeFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = + "//base/sensors/sensor/interfaces/native/test/fuzztest/setmode_fuzzer" + + include_dirs = [ + "//base/sensors/sensor/interfaces/native/test/fuzztest/setmode_fuzzer", + "//base/sensors/sensor/interfaces/native/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "setmode_fuzzer.cpp" ] + + deps = [ "//base/sensors/sensor/interfaces/native:sensor_interface_native" ] + + external_deps = [ "c_utils:utils" ] +} + +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":SetModeFuzzTest", + ] +} diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init b/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init new file mode 100644 index 00000000..c49c21aa --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml b/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml new file mode 100644 index 00000000..20dc766d --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp new file mode 100755 index 00000000..53ad7030 --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setmode_fuzzer.h" + +#include "securec.h" + +#include "sensor_agent.h" +#include "sensor_agent_type.h" + +template +size_t GetObject(const uint8_t *data, size_t size, T &object) +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0; +} + +bool SetModeFuzzTest(const uint8_t* data, size_t size) +{ + if (data == nullptr || size < (sizeof(int32_t) + sizeof(SensorUser))) { + return false; + } + int32_t option; + size_t startPos = 0; + startPos = GetObject(data + startPos, size - startPos, option); + SensorUser user; + GetObject(data + startPos, size - startPos, user); + if (SetMode(option, &user, option) != 0) { + return false; + } + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + SetModeFuzzTest(data, size); + return 0; +} + diff --git a/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h new file mode 100644 index 00000000..681ce9dd --- /dev/null +++ b/interfaces/native/test/fuzztest/setmode_fuzzer/setmode_fuzzer.h @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SENSOR_DISABLE_FUZZER_H +#define SENSOR_DISABLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "setmode_fuzzer" + +#endif + diff --git a/interfaces/plugin/src/sensor_napi_utils.cpp b/interfaces/plugin/src/sensor_napi_utils.cpp index 4cfecb68..4185c16d 100644 --- a/interfaces/plugin/src/sensor_napi_utils.cpp +++ b/interfaces/plugin/src/sensor_napi_utils.cpp @@ -486,7 +486,7 @@ void EmitUvEventLoop(sptr asyncCallbackInfo) CHKPV(loop); uv_work_t *work = new(std::nothrow) uv_work_t; CHKPV(work); - asyncCallbackInfo->work = work; + // asyncCallbackInfo->work = work; asyncCallbackInfo->IncStrongRef(nullptr); work->data = asyncCallbackInfo.GetRefPtr(); int32_t ret = uv_queue_work(loop, work, [] (uv_work_t *work) { }, [] (uv_work_t *work, int status) { @@ -500,6 +500,7 @@ void EmitUvEventLoop(sptr asyncCallbackInfo) * count of the smart pointer is guaranteed to be 1. */ asyncCallbackInfo->DecStrongRef(nullptr); + freeWork(work); napi_handle_scope scope = nullptr; napi_open_handle_scope(asyncCallbackInfo->env, &scope); if (scope == nullptr) { @@ -531,12 +532,11 @@ void EmitUvEventLoop(sptr asyncCallbackInfo) } napi_close_handle_scope(asyncCallbackInfo->env, scope); asyncCallbackInfo->work = nullptr; - freeWork(work); }); if (ret != 0) { SEN_HILOGE("uv_queue_work fail"); asyncCallbackInfo->DecStrongRef(nullptr); - asyncCallbackInfo->work = nullptr; + // asyncCallbackInfo->work = nullptr; freeWork(work); } } diff --git a/sa_profile/3601.xml b/sa_profile/3601.xml index 07ab1387..ba89328e 100755 --- a/sa_profile/3601.xml +++ b/sa_profile/3601.xml @@ -22,3 +22,6 @@ 1 + + + \ No newline at end of file -- Gitee From 21221f40ce9e860532770eb67135657e0aa1428e Mon Sep 17 00:00:00 2001 From: h00514358 Date: Tue, 1 Nov 2022 21:54:53 +0800 Subject: [PATCH 2/2] test Signed-off-by: h00514358 Change-Id: I0b2ecaa2815517192e281b0e1cf51770911dcaea --- .../test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp index dd94ad75..fff3d9ea 100755 --- a/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp +++ b/interfaces/native/test/fuzztest/getallsensors_fuzzer/getallsensors_fuzzer.cpp @@ -21,7 +21,7 @@ #include "sensor_agent_type.h" template -size_t GetObject(const uint8_t *data, size_t size, T &object) ddd +size_t GetObject(const uint8_t *data, size_t size, T &object) ddd ccc { size_t objectSize = sizeof(object); if (objectSize > size) { -- Gitee