1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "securec.h"
16 #include <cstddef>
17 #include <cstdint>
18 #include <iostream>
19 #include <memory>
20 #include <chrono>
21 #include <condition_variable>
22 #include "ability_manager_adapter.h"
23 #include "avsession_errors.h"
24 #include "avsession_log.h"
25 #include "ability_connect_helper.h"
26 #include "abilitymanageradapter_fuzzer.h"
27
28 using namespace std;
29 using namespace OHOS;
30 using namespace OHOS::AVSession;
31
32
33 static const int32_t MAX_CODE_LEN = 20;
34 static const int32_t MIN_SIZE_NUM = 10;
35 static const uint8_t *RAW_DATA = nullptr;
36 static size_t g_totalSize = 0;
37 static size_t g_sizePos;
38
39 namespace {
40 /*
41 * describe: get data from FUZZ untrusted data(RAW_DATA) which size is according to sizeof(T)
42 * tips: only support basic type
43 */
44 template<class T>
GetData()45 T GetData()
46 {
47 T object {};
48 size_t objectSize = sizeof(object);
49 if (RAW_DATA == nullptr || objectSize > g_totalSize - g_sizePos) {
50 return object;
51 }
52 errno_t ret = memcpy_s(&object, objectSize, RAW_DATA + g_sizePos, objectSize);
53 if (ret != EOK) {
54 return {};
55 }
56 g_sizePos += objectSize;
57 return object;
58 }
59
GetString()60 std::string GetString()
61 {
62 size_t objectSize = (GetData<int8_t>() % MAX_CODE_LEN) + 1;
63 if (RAW_DATA == nullptr || objectSize > g_totalSize - g_sizePos) {
64 return "OVER_SIZE";
65 }
66 char object[objectSize + 1];
67 errno_t ret = memcpy_s(object, sizeof(object), RAW_DATA + g_sizePos, objectSize);
68 if (ret != EOK) {
69 return "";
70 }
71 g_sizePos += objectSize;
72 std::string output(object);
73 return output;
74 }
75
76 template<class T>
GetArrLength(T & arr)77 uint32_t GetArrLength(T& arr)
78 {
79 if (arr == nullptr) {
80 SLOGE("%{public}s: The array length is equal to 0", __func__);
81 return 0;
82 }
83 return sizeof(arr) / sizeof(arr[0]);
84 }
85
86 typedef void (*TestFuncs[1])();
87
88 TestFuncs g_allFuncs = {
89 AbilityManagerAdapterTest
90 };
91
FuzzTest(const uint8_t * rawData,size_t size)92 bool FuzzTest(const uint8_t* rawData, size_t size)
93 {
94 if (rawData == nullptr) {
95 return false;
96 }
97
98 // initialize data
99 RAW_DATA = rawData;
100 g_totalSize = size;
101 g_sizePos = 0;
102
103 uint32_t code = GetData<uint32_t>();
104 uint32_t len = GetArrLength(g_allFuncs);
105 if (len > 0) {
106 g_allFuncs[code % len]();
107 } else {
108 SLOGE("%{public}s: The len length is equal to 0", __func__);
109 }
110
111 return true;
112 }
113 }
114
AbilityManagerAdapterTest()115 void OHOS::AVSession::AbilityManagerAdapterTest()
116 {
117 std::string bundleName = GetString();
118 std::string abilityName = GetString();
119
120 std::string sessionId = GetString();
121
122 AbilityManagerAdapter abilityManagerAdapter(bundleName, abilityName);
123
124 abilityManagerAdapter.StartAbilityByCall(sessionId);
125 abilityManagerAdapter.StartAbilityByCallDone(sessionId);
126 }
127
128 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)129 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
130 {
131 if (size < MIN_SIZE_NUM) {
132 return 0;
133 }
134 /* Run your code on data */
135 FuzzTest(data, size);
136 return 0;
137 }