1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "formmgrstub_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #include "form_mgr_stub.h"
22 #include "message_parcel.h"
23 #include "securec.h"
24
25 using namespace OHOS::AppExecFwk;
26
27 #define DISABLE_FUZZ
28 namespace OHOS {
29 constexpr size_t FOO_MAX_LEN = 1024;
30 constexpr size_t U32_AT_SIZE = 4;
31 const std::u16string FORMMGR_INTERFACE_TOKEN = u"ohos.appexecfwk.FormMgr";
32
33 class FormMgrStubFuzzTest : public FormMgrStub {
34 public:
35 FormMgrStubFuzzTest() = default;
36 virtual ~FormMgrStubFuzzTest() = default;
AddForm(const int64_t formId,const Want & want,const sptr<IRemoteObject> & callerToken,FormJsInfo & formInfo)37 int AddForm(const int64_t formId, const Want &want,
38 const sptr<IRemoteObject> &callerToken, FormJsInfo &formInfo) override
39 {
40 return 0;
41 }
DeleteForm(const int64_t formId,const sptr<IRemoteObject> & callerToken)42 int DeleteForm(const int64_t formId, const sptr<IRemoteObject> &callerToken) override
43 {
44 return 0;
45 }
ReleaseForm(const int64_t formId,const sptr<IRemoteObject> & callerToken,const bool delCache)46 int ReleaseForm(const int64_t formId, const sptr<IRemoteObject> &callerToken, const bool delCache) override
47 {
48 return 0;
49 }
UpdateForm(const int64_t formId,const FormProviderData & formProviderData)50 int UpdateForm(const int64_t formId, const FormProviderData &formProviderData) override
51 {
52 return 0;
53 }
SetNextRefreshTime(const int64_t formId,const int64_t nextTime)54 int SetNextRefreshTime(const int64_t formId, const int64_t nextTime) override
55 {
56 return 0;
57 }
RequestPublishForm(Want & want,bool withFormBindingData,std::unique_ptr<FormProviderData> & formBindingData,int64_t & formId)58 ErrCode RequestPublishForm(Want &want, bool withFormBindingData,
59 std::unique_ptr<FormProviderData> &formBindingData, int64_t &formId) override
60 {
61 return 0;
62 }
LifecycleUpdate(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,bool updateType)63 int LifecycleUpdate(const std::vector<int64_t> &formIds,
64 const sptr<IRemoteObject> &callerToken, bool updateType) override
65 {
66 return 0;
67 }
RequestForm(const int64_t formId,const sptr<IRemoteObject> & callerToken,const Want & want)68 int RequestForm(const int64_t formId, const sptr<IRemoteObject> &callerToken, const Want &want) override
69 {
70 return 0;
71 }
NotifyWhetherVisibleForms(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,const int32_t formVisibleType)72 int NotifyWhetherVisibleForms(const std::vector<int64_t> &formIds,
73 const sptr<IRemoteObject> &callerToken, const int32_t formVisibleType) override
74 {
75 return 0;
76 }
CastTempForm(const int64_t formId,const sptr<IRemoteObject> & callerToken)77 int CastTempForm(const int64_t formId, const sptr<IRemoteObject> &callerToken) override
78 {
79 return 0;
80 }
DumpStorageFormInfos(std::string & formInfos)81 int DumpStorageFormInfos(std::string &formInfos) override
82 {
83 return 0;
84 }
DumpFormInfoByBundleName(const std::string & bundleName,std::string & formInfos)85 int DumpFormInfoByBundleName(const std::string &bundleName, std::string &formInfos) override
86 {
87 return 0;
88 }
DumpFormInfoByFormId(const std::int64_t formId,std::string & formInfo)89 int DumpFormInfoByFormId(const std::int64_t formId, std::string &formInfo) override
90 {
91 return 0;
92 }
DumpFormTimerByFormId(const std::int64_t formId,std::string & isTimingService)93 int DumpFormTimerByFormId(const std::int64_t formId, std::string &isTimingService) override
94 {
95 return 0;
96 }
MessageEvent(const int64_t formId,const Want & want,const sptr<IRemoteObject> & callerToken)97 int MessageEvent(const int64_t formId, const Want &want, const sptr<IRemoteObject> &callerToken) override
98 {
99 return 0;
100 }
RouterEvent(const int64_t formId,Want & want,const sptr<IRemoteObject> & callerToken)101 int RouterEvent(const int64_t formId, Want &want, const sptr<IRemoteObject> &callerToken) override
102 {
103 return 0;
104 }
BackgroundEvent(const int64_t formId,Want & want,const sptr<IRemoteObject> & callerToken)105 int BackgroundEvent(const int64_t formId, Want &want, const sptr<IRemoteObject> &callerToken) override
106 {
107 return 0;
108 }
DeleteInvalidForms(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,int32_t & numFormsDeleted)109 int DeleteInvalidForms(const std::vector<int64_t> &formIds,
110 const sptr<IRemoteObject> &callerToken, int32_t &numFormsDeleted) override
111 {
112 return 0;
113 }
AcquireFormState(const Want & want,const sptr<IRemoteObject> & callerToken,FormStateInfo & stateInfo)114 int AcquireFormState(const Want &want,
115 const sptr<IRemoteObject> &callerToken, FormStateInfo &stateInfo) override
116 {
117 return 0;
118 }
NotifyFormsVisible(const std::vector<int64_t> & formIds,bool isVisible,const sptr<IRemoteObject> & callerToken)119 int NotifyFormsVisible(const std::vector<int64_t> &formIds, bool isVisible,
120 const sptr<IRemoteObject> &callerToken) override
121 {
122 return 0;
123 }
NotifyFormsPrivacyProtected(const std::vector<int64_t> & formIds,bool isProtected,const sptr<IRemoteObject> & callerToken)124 int NotifyFormsPrivacyProtected(const std::vector<int64_t> &formIds,
125 bool isProtected, const sptr<IRemoteObject> &callerToken) override
126 {
127 return 0;
128 }
NotifyFormsEnableUpdate(const std::vector<int64_t> & formIds,bool isEnableUpdate,const sptr<IRemoteObject> & callerToken)129 int NotifyFormsEnableUpdate(const std::vector<int64_t> &formIds, bool isEnableUpdate,
130 const sptr<IRemoteObject> &callerToken) override
131 {
132 return 0;
133 }
GetAllFormsInfo(std::vector<FormInfo> & formInfos)134 int GetAllFormsInfo(std::vector<FormInfo> &formInfos) override
135 {
136 return 0;
137 }
GetFormsInfoByApp(std::string & bundleName,std::vector<FormInfo> & formInfos)138 int GetFormsInfoByApp(std::string &bundleName, std::vector<FormInfo> &formInfos) override
139 {
140 return 0;
141 }
GetFormsInfoByModule(std::string & bundleName,std::string & moduleName,std::vector<FormInfo> & formInfos)142 int GetFormsInfoByModule(std::string &bundleName,
143 std::string &moduleName, std::vector<FormInfo> &formInfos) override
144 {
145 return 0;
146 }
GetFormsInfo(const FormInfoFilter & filter,std::vector<FormInfo> & formInfos)147 int32_t GetFormsInfo(const FormInfoFilter &filter, std::vector<FormInfo> &formInfos) override
148 {
149 return 0;
150 }
IsRequestPublishFormSupported()151 bool IsRequestPublishFormSupported() override
152 {
153 return 0;
154 }
StartAbility(const Want & want,const sptr<IRemoteObject> & callerToken)155 int32_t StartAbility(const Want &want, const sptr<IRemoteObject> &callerToken) override
156 {
157 return 0;
158 }
ShareForm(int64_t formId,const std::string & deviceId,const sptr<IRemoteObject> & callerToken,int64_t requestCode)159 int32_t ShareForm(int64_t formId, const std::string &deviceId,
160 const sptr<IRemoteObject> &callerToken, int64_t requestCode) override
161 {
162 return 0;
163 }
RecvFormShareInfoFromRemote(const FormShareInfo & info)164 int32_t RecvFormShareInfoFromRemote(const FormShareInfo &info) override
165 {
166 return 0;
167 }
CheckFMSReady()168 bool CheckFMSReady() override
169 {
170 return false;
171 }
172 };
173
GetU32Data(const char * ptr)174 uint32_t GetU32Data(const char* ptr)
175 {
176 // 将第0个数字左移24位,将第1个数字左移16位,将第2个数字左移8位,第3个数字不左移
177 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | (ptr[3]);
178 }
179
DoSomethingInterestingWithMyAPI(const char * data,size_t size)180 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
181 {
182 uint32_t code = GetU32Data(data);
183 MessageParcel datas;
184 datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN);
185 datas.WriteBuffer(data, size);
186 datas.RewindRead(0);
187 MessageParcel reply;
188 MessageOption option;
189 std::shared_ptr<FormMgrStub> formmgrstub = std::make_shared<FormMgrStubFuzzTest>();
190 formmgrstub->OnRemoteRequest(code, datas, reply, option);
191 return true;
192 }
193 }
194
195 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)196 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
197 {
198 /* Run your code on data */
199 if (data == nullptr) {
200 return 0;
201 }
202
203 if (size < OHOS::U32_AT_SIZE) {
204 return 0;
205 }
206
207 /* Validate the length of size */
208 if (size == 0 || size > OHOS::FOO_MAX_LEN) {
209 return 0;
210 }
211
212 char* ch = (char *)malloc(size + 1);
213 if (ch == nullptr) {
214 return 0;
215 }
216
217 (void)memset_s(ch, size + 1, 0x00, size + 1);
218 if (memcpy_s(ch, size, data, size) != EOK) {
219 free(ch);
220 ch = nullptr;
221 return 0;
222 }
223
224 #ifndef DISABLE_FUZZ
225 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
226 #endif
227 free(ch);
228 ch = nullptr;
229 return 0;
230 }
231
232