• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3  * Licensed under the Mulan PSL v2.
4  * You can use this software according to the terms and conditions of the Mulan PSL v2.
5  * You may obtain a copy of Mulan PSL v2 at:
6  *     http://license.coscl.org.cn/MulanPSL2
7  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8  * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9  * PURPOSE.
10  * See the Mulan PSL v2 for more details.
11  */
12 
13 #include "libteecvendorrequestcancellation_fuzzer.h"
14 
15 #include <cstddef>
16 #include <cstdint>
17 #include <malloc.h>
18 #include "tee_client_api.h"
19 #include "tee_client_constants.h"
20 #include "tee_client_type.h"
21 
22 namespace OHOS {
LibteecVendorRequestCancellationFuzzTest(const uint8_t * data,size_t size)23     bool LibteecVendorRequestCancellationFuzzTest(const uint8_t *data, size_t size)
24     {
25         bool result = false;
26         if (size > sizeof(TEEC_Session) + sizeof(TEEC_Operation) + sizeof(TEEC_Context) +
27             sizeof(TEEC_Parameter) + sizeof(TEEC_SharedMemory)) {
28             uint8_t *temp = const_cast<uint8_t *>(data);
29             TEEC_Session session = *reinterpret_cast<TEEC_Session *>(temp);
30             temp += sizeof(TEEC_Session);
31             TEEC_Operation operation = *reinterpret_cast<TEEC_Operation *>(temp);
32             temp += sizeof(TEEC_Operation);
33             TEEC_Context context = *reinterpret_cast<TEEC_Context *>(temp);
34             temp += sizeof(TEEC_Context);
35             TEEC_Parameter param = *reinterpret_cast<TEEC_Parameter *>(temp);
36             temp += sizeof(TEEC_Parameter);
37             TEEC_SharedMemory memory = *reinterpret_cast<TEEC_SharedMemory *>(temp);
38 
39             TEEC_Result ret = TEEC_AllocateSharedMemory(&context, &memory);
40             if (ret != TEEC_SUCCESS) {
41                 return result;
42             }
43             if (param.tmpref.size > 0) {
44                 param.tmpref.buffer = malloc(param.tmpref.size);
45                 if (param.tmpref.buffer == nullptr) {
46                     return result;
47                 }
48             }
49 
50             session.context = &context;
51             param.memref.parent = &memory;
52             operation.params[0] = param;
53             operation.params[1] = param;
54             operation.params[2] = param;
55             operation.params[3] = param;
56             operation.session = &session;
57 
58             (void)TEEC_RequestCancellation(&operation);
59 
60             if (param.tmpref.size > 0 && param.tmpref.buffer != nullptr) {
61                 free(param.tmpref.buffer);
62                 param.tmpref.buffer = nullptr;
63             }
64             TEEC_ReleaseSharedMemory(&memory);
65         }
66         return result;
67     }
68 }
69 
70 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)71 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
72 {
73     /* Run your code on data */
74     OHOS::LibteecVendorRequestCancellationFuzzTest(data, size);
75     return 0;
76 }