1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "setpreviewwindow_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <string_ex.h>
21 #define private public
22
23 #include "addcellularcalltoken_fuzzer.h"
24 #include "cellular_call_service.h"
25 #include "securec.h"
26 #include "system_ability_definition.h"
27
28 using namespace OHOS::Telephony;
29 namespace OHOS {
30 static bool g_isInited = false;
31 constexpr int32_t INT_NUM = 6;
32 constexpr int32_t BOOL_NUM = 2;
33 constexpr int32_t VEDIO_STATE_NUM = 2;
34 constexpr size_t MAX_NUMBER_LEN = 99;
35
IsServiceInited()36 bool IsServiceInited()
37 {
38 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
39 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
40 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
41 g_isInited = true;
42 }
43 return g_isInited;
44 }
45
OnRemoteRequest(const uint8_t * data,size_t size)46 void OnRemoteRequest(const uint8_t *data, size_t size)
47 {
48 if (!IsServiceInited()) {
49 return;
50 }
51
52 MessageParcel dataMessageParcel;
53 if (!dataMessageParcel.WriteInterfaceToken(CellularCallStub::GetDescriptor())) {
54 return;
55 }
56 size_t dataSize = size - sizeof(uint32_t);
57 dataMessageParcel.WriteBuffer(data + sizeof(uint32_t), dataSize);
58 dataMessageParcel.RewindRead(0);
59 uint32_t code = static_cast<uint32_t>(size);
60 MessageParcel reply;
61 MessageOption option;
62 DelayedSingleton<CellularCallService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
63 }
64
SetPreviewWindow(const uint8_t * data,size_t size)65 void SetPreviewWindow(const uint8_t *data, size_t size)
66 {
67 if (!IsServiceInited()) {
68 return;
69 }
70
71 int32_t maxSize = static_cast<int32_t>(size);
72 int32_t x = static_cast<int32_t>(size);
73 int32_t y = static_cast<int32_t>(size);
74 int32_t z = static_cast<int32_t>(size);
75 int32_t width = static_cast<int32_t>(size);
76 int32_t height = static_cast<int32_t>(size);
77 MessageParcel dataMessageParcel;
78 dataMessageParcel.WriteInt32(maxSize);
79 dataMessageParcel.WriteInt32(x);
80 dataMessageParcel.WriteInt32(y);
81 dataMessageParcel.WriteInt32(z);
82 dataMessageParcel.WriteInt32(width);
83 dataMessageParcel.WriteInt32(height);
84 size_t dataSize = size - sizeof(int32_t) * INT_NUM;
85 dataMessageParcel.WriteBuffer(data + sizeof(int32_t) * INT_NUM, dataSize);
86 dataMessageParcel.RewindRead(0);
87 MessageParcel reply;
88 DelayedSingleton<CellularCallService>::GetInstance()->OnSetPreviewWindowInner(dataMessageParcel, reply);
89 }
90
SetDisplayWindow(const uint8_t * data,size_t size)91 void SetDisplayWindow(const uint8_t *data, size_t size)
92 {
93 if (!IsServiceInited()) {
94 return;
95 }
96
97 int32_t maxSize = static_cast<int32_t>(size);
98 int32_t x = static_cast<int32_t>(size);
99 int32_t y = static_cast<int32_t>(size);
100 int32_t z = static_cast<int32_t>(size);
101 int32_t width = static_cast<int32_t>(size);
102 int32_t height = static_cast<int32_t>(size);
103 MessageParcel dataMessageParcel;
104 dataMessageParcel.WriteInt32(maxSize);
105 dataMessageParcel.WriteInt32(x);
106 dataMessageParcel.WriteInt32(y);
107 dataMessageParcel.WriteInt32(z);
108 dataMessageParcel.WriteInt32(width);
109 dataMessageParcel.WriteInt32(height);
110 size_t dataSize = size - sizeof(int32_t) * INT_NUM;
111 dataMessageParcel.WriteBuffer(data + sizeof(int32_t) * INT_NUM, dataSize);
112 dataMessageParcel.RewindRead(0);
113 MessageParcel reply;
114 DelayedSingleton<CellularCallService>::GetInstance()->OnSetDisplayWindowInner(dataMessageParcel, reply);
115 }
116
SetCameraZoom(const uint8_t * data,size_t size)117 void SetCameraZoom(const uint8_t *data, size_t size)
118 {
119 if (!IsServiceInited()) {
120 return;
121 }
122
123 int32_t maxSize = static_cast<int32_t>(size);
124 float zoomRatio = static_cast<float>(size);
125 MessageParcel dataMessageParcel;
126 dataMessageParcel.WriteInt32(maxSize);
127 dataMessageParcel.WriteFloat(zoomRatio);
128 dataMessageParcel.RewindRead(0);
129 MessageParcel reply;
130 DelayedSingleton<CellularCallService>::GetInstance()->OnSetCameraZoomInner(dataMessageParcel, reply);
131 }
132
SetMute(const uint8_t * data,size_t size)133 void SetMute(const uint8_t *data, size_t size)
134 {
135 if (!IsServiceInited()) {
136 return;
137 }
138
139 int32_t mute = static_cast<int32_t>(size);
140 MessageParcel dataMessageParcel;
141 dataMessageParcel.WriteInt32(mute);
142 size_t dataSize = size - sizeof(int32_t);
143 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
144 dataMessageParcel.RewindRead(0);
145 MessageParcel reply;
146 DelayedSingleton<CellularCallService>::GetInstance()->OnSetMuteInner(dataMessageParcel, reply);
147 }
148
GetMute(const uint8_t * data,size_t size)149 void GetMute(const uint8_t *data, size_t size)
150 {
151 if (!IsServiceInited()) {
152 return;
153 }
154
155 MessageParcel dataMessageParcel;
156 dataMessageParcel.WriteBuffer(data, size);
157 dataMessageParcel.RewindRead(0);
158 MessageParcel reply;
159 DelayedSingleton<CellularCallService>::GetInstance()->OnGetMuteInner(dataMessageParcel, reply);
160 }
161
StartDtmf(const uint8_t * data,size_t size)162 void StartDtmf(const uint8_t *data, size_t size)
163 {
164 if (!IsServiceInited()) {
165 return;
166 }
167
168 int32_t maxSize = static_cast<int32_t>(size);
169 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
170 int32_t callId = static_cast<int32_t>(size);
171 int32_t accountId = static_cast<int32_t>(size);
172 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
173 int32_t index = static_cast<int32_t>(size);
174 char cDtmfCode = static_cast<char>(size);
175 std::string telNum = "000000000";
176 std::string tempNum(reinterpret_cast<const char *>(data), size);
177 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
178 telNum = tempNum;
179 }
180 size_t length = strlen(telNum.c_str()) + 1;
181 CellularCallInfo callInfo;
182 callInfo.slotId = slotId;
183 callInfo.callId = callId;
184 callInfo.accountId = accountId;
185 callInfo.videoState = videoState;
186 callInfo.index = index;
187 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
188 return;
189 }
190 MessageParcel dataMessageParcel;
191 dataMessageParcel.WriteInt32(maxSize);
192 dataMessageParcel.WriteInt8(cDtmfCode);
193 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
194 dataMessageParcel.RewindRead(0);
195 MessageParcel reply;
196 DelayedSingleton<CellularCallService>::GetInstance()->OnStartDtmfInner(dataMessageParcel, reply);
197 }
198
CtrlCamera(const uint8_t * data,size_t size)199 void CtrlCamera(const uint8_t *data, size_t size)
200 {
201 if (!IsServiceInited()) {
202 return;
203 }
204
205 int32_t maxSize = static_cast<int32_t>(size);
206 int32_t callingUid = static_cast<int32_t>(size);
207 int32_t callingPid = static_cast<int32_t>(size);
208 std::string cameraId(reinterpret_cast<const char *>(data), size);
209 auto cameraIdU16 = Str8ToStr16(cameraId);
210 MessageParcel dataMessageParcel;
211 dataMessageParcel.WriteInt32(maxSize);
212 dataMessageParcel.WriteInt32(callingUid);
213 dataMessageParcel.WriteInt32(callingPid);
214 dataMessageParcel.WriteString16(cameraIdU16);
215 dataMessageParcel.RewindRead(0);
216 MessageParcel reply;
217 DelayedSingleton<CellularCallService>::GetInstance()->OnCtrlCameraInner(dataMessageParcel, reply);
218 }
219
SetPauseImage(const uint8_t * data,size_t size)220 void SetPauseImage(const uint8_t *data, size_t size)
221 {
222 if (!IsServiceInited()) {
223 return;
224 }
225
226 int32_t maxSize = static_cast<int32_t>(size);
227 std::string path(reinterpret_cast<const char *>(data), size);
228 auto pathU16 = Str8ToStr16(path);
229 MessageParcel dataMessageParcel;
230 dataMessageParcel.WriteInt32(maxSize);
231 dataMessageParcel.WriteString16(pathU16);
232 dataMessageParcel.RewindRead(0);
233 MessageParcel reply;
234 DelayedSingleton<CellularCallService>::GetInstance()->OnSetPauseImageInner(dataMessageParcel, reply);
235 }
236
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)237 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
238 {
239 if (data == nullptr || size == 0) {
240 return;
241 }
242
243 OnRemoteRequest(data, size);
244 SetPreviewWindow(data, size);
245 SetDisplayWindow(data, size);
246 SetCameraZoom(data, size);
247 SetMute(data, size);
248 GetMute(data, size);
249 StartDtmf(data, size);
250 CtrlCamera(data, size);
251 SetPauseImage(data, size);
252 return;
253 }
254 } // namespace OHOS
255
256 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)257 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
258 {
259 OHOS::AddCellularCallTokenFuzzer token;
260 /* Run your code on data */
261 OHOS::DoSomethingInterestingWithMyAPI(data, size);
262 return 0;
263 }
264