• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2021-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "faultloggerd_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <iostream>
21 #include "dfx_dump_catcher.h"
22 #include "faultloggerd_client.h"
23 #include "fault_logger_daemon.h"
24 #include "securec.h"
25 
26 namespace OHOS {
27 namespace HiviewDFX {
28 static const int PID_SIZE = 4;
29 static const int RAND_BUF_LIMIT = 9;
30 
DumpStackTraceTest(const uint8_t * data,size_t size)31 bool DumpStackTraceTest(const uint8_t* data, size_t size)
32 {
33     if (size < RAND_BUF_LIMIT) {
34         return true;
35     }
36     std::shared_ptr<DfxDumpCatcher> catcher = std::make_shared<DfxDumpCatcher>();
37     std::string msg;
38     int pid[1];
39     int tid[1];
40     errno_t err = memcpy_s(pid, sizeof(pid), data, PID_SIZE);
41     if (err != 0) {
42         std::cout << "memcpy_s return value is abnormal" << std::endl;
43         return false;
44     }
45     data += PID_SIZE;
46     err = memcpy_s(tid, sizeof(tid), data, PID_SIZE);
47     if (err != 0) {
48         std::cout << "memcpy_s return value is abnormal" << std::endl;
49         return false;
50     }
51     data += PID_SIZE;
52     char invalidOption = *data;
53     catcher->DumpCatch(pid[0], tid[0], msg, DEFAULT_MAX_FRAME_NUM, false);
54 
55     std::string processdumpCmd = "dumpcatcher -p " + std::to_string(pid[0]) + " -t " + std::to_string(tid[0]);
56     system(processdumpCmd.c_str());
57 
58     std::string processdumpInvalidCmd = "dumpcatcher -" + std::to_string(invalidOption) + " -p " +
59         std::to_string(pid[0]) + " -t " + std::to_string(tid[0]);
60     system(processdumpInvalidCmd.c_str());
61     return true;
62 }
63 
FaultloggerdClientTest(const uint8_t * data,size_t size)64 bool FaultloggerdClientTest(const uint8_t* data, size_t size)
65 {
66     std::cout << "enter FaultloggerdClientTest, size:" << size << std::endl;
67     if (size < sizeof(int32_t) * 3) { // 3 : construct three int32_t parameters
68         return true;
69     }
70     int32_t type[1];
71     int32_t pid[1];
72     int32_t tid[1];
73     errno_t err = memcpy_s(type, sizeof(type), data, sizeof(int32_t));
74     if (err != 0) {
75         std::cout << "memcpy_s return value is abnormal" << std::endl;
76         return false;
77     }
78     data += sizeof(int32_t);
79     err = memcpy_s(tid, sizeof(tid), data, sizeof(int32_t));
80     if (err != 0) {
81         std::cout << "memcpy_s return value is abnormal" << std::endl;
82         return false;
83     }
84     data += sizeof(int32_t);
85     err = memcpy_s(pid, sizeof(pid), data, sizeof(int32_t));
86     if (err != 0) {
87         std::cout << "memcpy_s return value is abnormal" << std::endl;
88         return false;
89     }
90 
91     RequestFileDescriptor(type[0]);
92     RequestPipeFd(pid[0], type[0]);
93     RequestDelPipeFd(pid[0]);
94     RequestCheckPermission(pid[0]);
95     RequestSdkDump(pid[0], tid[0]);
96     return true;
97 }
98 
FaultloggerdServerTest(const uint8_t * data,size_t size)99 bool FaultloggerdServerTest(const uint8_t* data, size_t size)
100 {
101     std::cout << "enter FaultloggerdServerTest, size:" << size << std::endl;
102     if (size < sizeof(int32_t) * 2) { // 2 : construct two int32_t parameters
103         return true;
104     }
105     int32_t epollFd[1];
106     int32_t connectionFd[1];
107     errno_t err = memcpy_s(epollFd, sizeof(epollFd), data, sizeof(int32_t));
108     if (err != 0) {
109         std::cout << "memcpy_s return value is abnormal" << std::endl;
110         return false;
111     }
112     data += sizeof(int32_t);
113     err = memcpy_s(connectionFd, sizeof(connectionFd), data, sizeof(int32_t));
114     if (err != 0) {
115         std::cout << "memcpy_s return value is abnormal" << std::endl;
116         return false;
117     }
118 
119 #ifdef FAULTLOGGERD_FUZZER
120     std::shared_ptr<FaultLoggerDaemon> daemon = std::make_shared<FaultLoggerDaemon>();
121     daemon->HandleRequestForFuzzer(epollFd[0], connectionFd[0]);
122 #endif
123     return true;
124 }
125 } // namespace HiviewDFX
126 } // namespace OHOS
127 
128 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)129 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
130 {
131     if (data == nullptr || size == 0) {
132         std::cout << "invalid data" << std::endl;
133         return 0;
134     }
135 
136     /* Run your code on data */
137     OHOS::HiviewDFX::DumpStackTraceTest(data, size);
138     OHOS::HiviewDFX::FaultloggerdClientTest(data, size);
139     OHOS::HiviewDFX::FaultloggerdServerTest(data, size);
140     return 0;
141 }
142