1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "medialibrary_mtp_fuzzer.h"
16
17 #include <cstdint>
18 #include <string>
19 #include <vector>
20
21 #include "system_ability_definition.h"
22 #include "iservice_registry.h"
23 #include "userfilemgr_uri.h"
24 #include "payload_data.h"
25 #include "close_session_data.h"
26 #include "media_log.h"
27
28 #define private public
29 #include "header_data.h"
30 #include "media_log.h"
31 #include "media_mtp_utils.h"
32 #include "mtp_packet_tools.h"
33 #include "mtp_data_utils.h"
34 #include "mtp_driver.h"
35 #include "mtp_error_utils.h"
36 #include "mtp_event.h"
37 #include "mtp_file_observer.h"
38 #include "mtp_manager.h"
39 #include "mtp_media_library.h"
40 #include "mtp_medialibrary_manager.h"
41 #include "mtp_monitor.h"
42 #include "mtp_operation_utils.h"
43 #include "mtp_operation.h"
44 #include "mtp_packet_tools.h"
45 #include "mtp_packet.h"
46 #include "mtp_service.h"
47 #include "mtp_storage_manager.h"
48 #include "property.h"
49 #include "close_session_data.h"
50 #include "copy_object_data.h"
51 #include "delete_object_data.h"
52 #include "get_device_info_data.h"
53 #include "get_device_prop_desc_data.h"
54 #include "get_device_prop_value_data.h"
55 #include "get_num_objects_data.h"
56 #include "get_object_data.h"
57 #include "get_object_handles_data.h"
58 #include "get_object_info_data.h"
59 #include "get_object_prop_desc_data.h"
60 #include "get_object_prop_list_data.h"
61 #include "get_object_prop_value_data.h"
62 #include "get_object_props_supported_data.h"
63 #include "get_object_references_data.h"
64 #include "get_partial_object_data.h"
65 #include "get_storage_ids_data.h"
66 #include "get_storage_info_data.h"
67 #include "get_thumb_data.h"
68 #include "move_object_data.h"
69 #include "object_event_data.h"
70 #include "open_session_data.h"
71 #include "resp_common_data.h"
72 #include "send_object_data.h"
73 #include "send_object_info_data.h"
74 #include "set_device_prop_value_data.h"
75 #include "set_object_prop_value_data.h"
76 #include "set_object_references_data.h"
77 #undef private
78
79 namespace OHOS {
80 using namespace std;
81 using namespace Media;
82
83 const shared_ptr<MtpMediaLibrary> mtpMediaLib_ = MtpMediaLibrary::GetInstance();
84 const shared_ptr<MtpMedialibraryManager> ptpMediaLib_ = MtpMedialibraryManager::GetInstance();
85
86 // storage file
87 const std::string STORAGE_FILE = "/storage/media/local/files/Docs";
88 // file path
89 const string FILE_PATH = "/storage/media/local/files/Docs/Desktop";
90 const int32_t EVEN = 2;
91
92 shared_ptr<MtpOperationUtils> mtpOperUtils_ = nullptr;
93
FuzzString(const uint8_t * data,size_t size)94 static inline string FuzzString(const uint8_t *data, size_t size)
95 {
96 return {reinterpret_cast<const char*>(data), size};
97 }
98
FuzzInt8(const uint8_t * data,size_t size)99 static inline int8_t FuzzInt8(const uint8_t *data, size_t size)
100 {
101 if (data == nullptr || size < sizeof(int8_t)) {
102 return 0;
103 }
104 return static_cast<int8_t>(*data);
105 }
106
FuzzInt16(const uint8_t * data,size_t size)107 static inline int16_t FuzzInt16(const uint8_t *data, size_t size)
108 {
109 if (data == nullptr || size < sizeof(int16_t)) {
110 return 0;
111 }
112 return static_cast<int16_t>(*data);
113 }
114
FuzzInt32(const uint8_t * data,size_t size)115 static inline int32_t FuzzInt32(const uint8_t *data, size_t size)
116 {
117 if (data == nullptr || size < sizeof(int32_t)) {
118 return 0;
119 }
120 return static_cast<int32_t>(*data);
121 }
122
FuzzInt64(const uint8_t * data,size_t size)123 static inline int64_t FuzzInt64(const uint8_t *data, size_t size)
124 {
125 if (data == nullptr || size < sizeof(int64_t)) {
126 return 0;
127 }
128 return static_cast<int64_t>(*data);
129 }
130
FuzzBool(const uint8_t * data,size_t size)131 static inline bool FuzzBool(const uint8_t* data, size_t size)
132 {
133 if (size == 0) {
134 return false;
135 }
136 return (data[0] % EVEN) == 0;
137 }
138
FuzzUInt8(const uint8_t * data,size_t size)139 static inline uint8_t FuzzUInt8(const uint8_t *data, size_t size)
140 {
141 if (data == nullptr || size < sizeof(uint8_t)) {
142 return 0;
143 }
144 return *data;
145 }
146
FuzzUInt16(const uint8_t * data,size_t size)147 static inline uint16_t FuzzUInt16(const uint8_t *data, size_t size)
148 {
149 if (data == nullptr || size < sizeof(uint16_t)) {
150 return 0;
151 }
152 return static_cast<uint16_t>(*data);
153 }
154
FuzzUInt32(const uint8_t * data,size_t size)155 static inline uint32_t FuzzUInt32(const uint8_t *data, size_t size)
156 {
157 if (data == nullptr || size < sizeof(uint32_t)) {
158 return 0;
159 }
160 return static_cast<uint32_t>(*data);
161 }
162
FuzzUInt64(const uint8_t * data,size_t size)163 static inline uint64_t FuzzUInt64(const uint8_t *data, size_t size)
164 {
165 if (data == nullptr || size < sizeof(uint64_t)) {
166 return 0;
167 }
168 return static_cast<uint64_t>(*data);
169 }
170
FuzzVectorInt32(const uint8_t * data,size_t size)171 static inline vector<int32_t> FuzzVectorInt32(const uint8_t *data, size_t size)
172 {
173 return {FuzzInt32(data, size)};
174 }
175
FuzzVectorUInt8(const uint8_t * data,size_t size)176 static inline vector<uint8_t> FuzzVectorUInt8(const uint8_t *data, size_t size)
177 {
178 if (data == nullptr || size < sizeof(uint8_t)) {
179 return {0};
180 }
181 return {*data};
182 }
183
FuzzVectorUInt16(const uint8_t * data,size_t size)184 static inline vector<uint16_t> FuzzVectorUInt16(const uint8_t *data, size_t size)
185 {
186 return {FuzzUInt16(data, size)};
187 }
188
FuzzVectorUInt32(const uint8_t * data,size_t size)189 static inline vector<uint32_t> FuzzVectorUInt32(const uint8_t *data, size_t size)
190 {
191 return {FuzzUInt32(data, size)};
192 }
193
FuzzVectorString(const uint8_t * data,size_t size)194 static inline vector<string> FuzzVectorString(const uint8_t *data, size_t size)
195 {
196 return {FuzzString(data, size)};
197 }
198
FuzzMtpMode(const uint8_t * data,size_t size)199 static inline MtpManager::MtpMode FuzzMtpMode(const uint8_t* data, size_t size)
200 {
201 int32_t mode = FuzzInt32(data, size);
202 if (mode >= static_cast<int32_t>(MtpManager::MtpMode::NONE_MODE) &&
203 mode <= static_cast<int32_t>(MtpManager::MtpMode::PTP_MODE)) {
204 return static_cast<MtpManager::MtpMode>(mode);
205 }
206 return MtpManager::MtpMode::PTP_MODE;
207 }
208
FuzzMtpOperationContext(const uint8_t * data,size_t size)209 static MtpOperationContext FuzzMtpOperationContext(const uint8_t* data, size_t size)
210 {
211 MtpOperationContext context;
212 const int32_t uInt32Count = 13;
213 const int32_t uInt16Count = 2;
214 if (data == nullptr || size < (sizeof(uint32_t) * uInt32Count +
215 sizeof(uint16_t) * uInt16Count + sizeof(int64_t))) {
216 return context;
217 }
218 int32_t offset = 0;
219 context.operationCode = FuzzUInt16(data + offset, size);
220 offset += sizeof(uint16_t);
221 context.transactionID = FuzzUInt32(data + offset, size);
222 offset += sizeof(uint32_t);
223 context.devicePropertyCode = FuzzUInt32(data + offset, size);
224 offset += sizeof(uint32_t);
225 context.storageID = FuzzUInt32(data + offset, size);
226 offset += sizeof(uint32_t);
227 context.format = FuzzUInt16(data + offset, size);
228 offset += sizeof(uint16_t);
229 context.parent = FuzzUInt32(data + offset, size);
230 offset += sizeof(uint32_t);
231 context.handle = FuzzUInt32(data + offset, size);
232 offset += sizeof(uint32_t);
233 context.property = FuzzUInt32(data + offset, size);
234 offset += sizeof(uint32_t);
235 context.groupCode = FuzzUInt32(data + offset, size);
236 offset += sizeof(uint32_t);
237 context.depth = FuzzUInt32(data + offset, size);
238 offset += sizeof(uint32_t);
239 context.properStrValue = FuzzString(data, size);
240 offset += sizeof(uint32_t);
241 context.properIntValue = FuzzInt64(data + offset, size);
242 offset += sizeof(uint64_t);
243 context.handles = make_shared<UInt32List>(FuzzVectorUInt32(data, size)),
244 context.name = FuzzString(data, size);
245 context.created = FuzzString(data, size);
246 context.modified = FuzzString(data, size);
247
248 context.indata = FuzzBool(data + offset, size);
249 context.storageInfoID = FuzzUInt32(data + offset, size);
250 offset += sizeof(uint32_t);
251
252 context.sessionOpen = FuzzBool(data + offset, size);
253 context.sessionID = FuzzUInt32(data + offset, size);
254 offset += sizeof(uint32_t);
255 context.tempSessionID = FuzzUInt32(data + offset, size);
256 offset += sizeof(uint32_t);
257 context.eventHandle = FuzzUInt32(data + offset, size);
258 offset += sizeof(uint32_t);
259 context.eventProperty = FuzzUInt32(data + offset, size);
260 return context;
261 }
262
FuzzObjectInfo(const uint8_t * data,size_t size)263 static ObjectInfo FuzzObjectInfo(const uint8_t* data, size_t size)
264 {
265 ObjectInfo objectInfo(0);
266 const int32_t uInt32Count = 13;
267 const int32_t uInt16Count = 4;
268 if (data == nullptr || size < (sizeof(uint32_t) * uInt32Count +
269 sizeof(uint16_t) * uInt16Count)) {
270 return objectInfo;
271 }
272 int32_t offset = 0;
273 objectInfo.handle = FuzzUInt32(data + offset, size);
274 offset += sizeof(uint32_t);
275 objectInfo.storageID = FuzzUInt32(data + offset, size);
276 offset += sizeof(uint32_t);
277 objectInfo.format = FuzzUInt16(data + offset, size);
278 offset += sizeof(uint16_t);
279 objectInfo.protectionStatus = FuzzUInt16(data + offset, size);
280 offset += sizeof(uint16_t);
281 objectInfo.compressedSize = FuzzUInt32(data + offset, size);
282 offset += sizeof(uint32_t);
283 objectInfo.size = FuzzUInt32(data + offset, size);
284 offset += sizeof(uint32_t);
285 objectInfo.thumbFormat = FuzzUInt16(data + offset, size);
286 offset += sizeof(uint16_t);
287 objectInfo.thumbCompressedSize = FuzzUInt32(data + offset, size);
288 offset += sizeof(uint32_t);
289 objectInfo.thumbPixelWidth = FuzzUInt32(data + offset, size);
290 offset += sizeof(uint32_t);
291 objectInfo.thumbPixelHeight = FuzzUInt32(data + offset, size);
292 offset += sizeof(uint32_t);
293 objectInfo.imagePixelWidth = FuzzUInt32(data + offset, size);
294 offset += sizeof(uint32_t);
295 objectInfo.imagePixelHeight = FuzzUInt32(data + offset, size);
296 offset += sizeof(uint32_t);
297 objectInfo.imagePixelDepth = FuzzUInt32(data + offset, size);
298 offset += sizeof(uint32_t);
299 objectInfo.parent = FuzzUInt32(data + offset, size);
300 offset += sizeof(uint32_t);
301 objectInfo.associationType = FuzzUInt16(data + offset, size);
302 offset += sizeof(uint16_t);
303 objectInfo.associationDesc = FuzzUInt32(data + offset, size);
304 offset += sizeof(uint32_t);
305 objectInfo.sequenceNumber = FuzzUInt32(data + offset, size);
306
307 objectInfo.name = FuzzString(data, size);
308 objectInfo.keywords = FuzzString(data, size);
309 return objectInfo;
310 }
311
HeaderDataTest(const uint8_t * data,size_t size)312 static void HeaderDataTest(const uint8_t* data, size_t size)
313 {
314 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
315 FuzzMtpOperationContext(data, size));
316 if (context == nullptr) {
317 MEDIA_ERR_LOG("context is nullptr");
318 return;
319 }
320 shared_ptr<HeaderData> headerData = make_shared<HeaderData>(context);
321
322 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
323 int32_t readSize = buffer.size();
324
325 headerData->Parser(buffer, readSize);
326 headerData->Maker(buffer);
327
328 const int32_t uInt32Count = 2;
329 const int32_t uInt16Count = 2;
330 if (data == nullptr || size < (sizeof(uint32_t) * uInt32Count +
331 sizeof(uint16_t) * uInt16Count)) {
332 return;
333 }
334 int32_t offset = 0;
335 headerData->SetCode(FuzzUInt16(data + offset, size));
336 offset += sizeof(uint16_t);
337 headerData->SetContainerLength(FuzzUInt32(data + offset, size));
338 offset += sizeof(uint32_t);
339 headerData->SetContainerType(FuzzUInt16(data + offset, size));
340 offset += sizeof(uint16_t);
341 headerData->SetTransactionId(FuzzUInt32(data + offset, size));
342
343 headerData->GetCode();
344 headerData->GetContainerLength();
345 headerData->GetContainerType();
346 headerData->GetTransactionId();
347
348 headerData->Reset();
349 }
350
SolveHandlesFormatDataTest(const uint8_t * data,size_t size)351 static void SolveHandlesFormatDataTest(const uint8_t* data, size_t size)
352 {
353 uint16_t format = FuzzUInt16(data, size);
354 MediaType outMediaType = MEDIA_TYPE_FILE;
355 string outExtension = FuzzString(data, size);
356 MtpDataUtils::SolveHandlesFormatData(format, outExtension, outMediaType);
357 }
358
SolveSendObjectFormatDataTest(const uint8_t * data,size_t size)359 static void SolveSendObjectFormatDataTest(const uint8_t* data, size_t size)
360 {
361 uint16_t format = FuzzUInt16(data, size);
362 MediaType outMediaType = MEDIA_TYPE_FILE;
363 MtpDataUtils::SolveSendObjectFormatData(format, outMediaType);
364 }
365
SolveSetObjectPropValueDataTest(const uint8_t * data,size_t size)366 static void SolveSetObjectPropValueDataTest(const uint8_t* data, size_t size)
367 {
368 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
369 FuzzMtpOperationContext(data, size));
370 if (context == nullptr) {
371 MEDIA_ERR_LOG("context is nullptr");
372 return;
373 }
374 string outColName = FuzzString(data, size);
375 variant<int64_t, string> outColVal;
376 MtpDataUtils::SolveSetObjectPropValueData(context, outColName, outColVal);
377 }
378
GetMediaTypeByformatTest(const uint8_t * data,size_t size)379 static void GetMediaTypeByformatTest(const uint8_t* data, size_t size)
380 {
381 uint16_t format = FuzzUInt16(data, size);
382 MediaType outMediaType = MEDIA_TYPE_FILE;
383 MtpDataUtils::GetMediaTypeByformat(format, outMediaType);
384 }
385
GetPropListBySetTest(const uint8_t * data,size_t size)386 static void GetPropListBySetTest(const uint8_t* data, size_t size)
387 {
388 const shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
389 FuzzMtpOperationContext(data, size));
390 if (context == nullptr) {
391 MEDIA_ERR_LOG("context is nullptr");
392 return;
393 }
394 const shared_ptr<DataShare::DataShareResultSet> resultSet = make_shared<DataShare::DataShareResultSet>();
395 shared_ptr<vector<Property>> outProps = make_shared<vector<Property>>();
396 MtpDataUtils::GetPropListBySet(context, resultSet, outProps);
397 }
398
GetPropValueBySetTest(const uint8_t * data,size_t size)399 static void GetPropValueBySetTest(const uint8_t* data, size_t size)
400 {
401 if (data == nullptr || size < sizeof(uint32_t)) {
402 return;
403 }
404 uint32_t property = FuzzUInt32(data, size);
405 PropertyValue outPropValue;
406 const shared_ptr<DataShare::DataShareResultSet> resultSet = make_shared<DataShare::DataShareResultSet>();
407 MtpDataUtils::GetPropValueBySet(property, resultSet, outPropValue, false);
408 }
409
GetMediaTypeByNameTest(const uint8_t * data,size_t size)410 static void GetMediaTypeByNameTest(const uint8_t* data, size_t size)
411 {
412 string displayName = FuzzString(data, size);
413 MediaType outMediaType = MEDIA_TYPE_FILE;
414 MtpDataUtils::GetMediaTypeByName(displayName, outMediaType);
415 }
416
GetPropListTest(const uint8_t * data,size_t size)417 static void GetPropListTest(const uint8_t* data, size_t size)
418 {
419 const shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
420 FuzzMtpOperationContext(data, size));
421 if (context == nullptr) {
422 MEDIA_ERR_LOG("context is nullptr");
423 return;
424 }
425 shared_ptr<DataShare::DataShareResultSet> resultSet = make_shared<DataShare::DataShareResultSet>();
426 shared_ptr<UInt16List> properties = make_shared<UInt16List>(FuzzVectorUInt16(data, size));
427 shared_ptr<vector<Property>> outProps = make_shared<vector<Property>>();
428 MtpDataUtils::GetPropList(context, resultSet, properties, outProps);
429 }
430
GetFormatTest(const uint8_t * data,size_t size)431 static void GetFormatTest(const uint8_t* data, size_t size)
432 {
433 shared_ptr<DataShare::DataShareResultSet> resultSet = make_shared<DataShare::DataShareResultSet>();
434 if (data == nullptr || size < sizeof(uint16_t) + sizeof(uint32_t)) {
435 return;
436 }
437 int32_t offset = 0;
438 uint16_t outFormat = FuzzUInt16(data + offset, size);
439 offset += sizeof(uint16_t);
440 MtpDataUtils::GetFormat(resultSet, outFormat);
441
442 uint32_t handle = FuzzUInt32(data + offset, size);
443 shared_ptr<UInt16List> properties = make_shared<UInt16List>(FuzzVectorUInt16(data, size));
444 shared_ptr<vector<Property>> outProps = make_shared<vector<Property>>();
445
446 MtpDataUtils::GetOneRowPropList(handle, resultSet, properties, outProps);
447 }
448
SetOneDefaultlPropListTest(const uint8_t * data,size_t size)449 static void SetOneDefaultlPropListTest(const uint8_t* data, size_t size)
450 {
451 shared_ptr<vector<Property>> outProps = make_shared<vector<Property>>();
452 MtpDataUtils::SetOneDefaultlPropList(0, MTP_PROPERTY_PROTECTION_STATUS_CODE, outProps);
453 MtpDataUtils::SetOneDefaultlPropList(0, MTP_PROPERTY_PERSISTENT_UID_CODE, outProps);
454 MtpDataUtils::SetOneDefaultlPropList(0, MTP_PROPERTY_ALBUM_NAME_CODE, outProps);
455 MtpDataUtils::SetOneDefaultlPropList(0, MTP_PROPERTY_STORAGE_ID_CODE, outProps);
456 string column = FuzzString(data, size);
457 shared_ptr<DataShare::DataShareResultSet> resultSet = make_shared<DataShare::DataShareResultSet>();
458 Property prop;
459 ResultSetDataType type = TYPE_NULL;
460 MtpDataUtils::SetProperty(column, resultSet, type, prop);
461 ResultSetDataType typeOne = TYPE_STRING;
462 MtpDataUtils::SetProperty(column, resultSet, typeOne, prop);
463 ResultSetDataType typeTwo = TYPE_INT32;
464 MtpDataUtils::SetProperty(column, resultSet, typeTwo, prop);
465 ResultSetDataType typeThree = TYPE_INT64;
466 MtpDataUtils::SetProperty(column, resultSet, typeThree, prop);
467 ResultSetDataType typeFour = TYPE_DOUBLE;
468 MtpDataUtils::SetProperty(column, resultSet, typeFour, prop);
469 uint16_t outFormat = 0;
470 MtpDataUtils::GetFormatByPath("", outFormat);
471 string path = FuzzString(data, size);
472 MtpDataUtils::GetFormatByPath(path, outFormat);
473 }
474
MtpDataUtilsTest(const uint8_t * data,size_t size)475 static void MtpDataUtilsTest(const uint8_t* data, size_t size)
476 {
477 SolveHandlesFormatDataTest(data, size);
478 SolveSendObjectFormatDataTest(data, size);
479 SolveSetObjectPropValueDataTest(data, size);
480 GetMediaTypeByformatTest(data, size);
481 GetPropListBySetTest(data, size);
482 GetPropValueBySetTest(data, size);
483 GetMediaTypeByNameTest(data, size);
484 GetPropListTest(data, size);
485 GetFormatTest(data, size);
486 SetOneDefaultlPropListTest(data, size);
487 }
488
MtpDriverTest(const uint8_t * data,size_t size)489 static void MtpDriverTest(const uint8_t* data, size_t size)
490 {
491 shared_ptr<MtpDriver> mtpDriver = make_shared<MtpDriver>();
492 mtpDriver->OpenDriver();
493
494 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
495 uint32_t sizeBuf = buffer.size();
496 mtpDriver->Read(buffer, sizeBuf);
497 mtpDriver->Write(buffer, sizeBuf);
498
499 MtpFileRange mfr;
500 mtpDriver->SendObj(mfr);
501 mtpDriver->ReceiveObj(mfr);
502
503 EventMtp me;
504 me.data = FuzzVectorUInt8(data, size);
505 me.length = me.data.size();
506 mtpDriver->WriteEvent(me);
507 mtpDriver->CloseDriver();
508 }
509
MtpErrorUtilsTest(const uint8_t * data,size_t size)510 static void MtpErrorUtilsTest(const uint8_t* data, size_t size)
511 {
512 const int32_t mediaError = FuzzInt32(data, size);
513 MtpErrorUtils::SolveGetHandlesError(mediaError);
514 MtpErrorUtils::SolveGetObjectInfoError(mediaError);
515 MtpErrorUtils::SolveSendObjectInfoError(mediaError);
516 MtpErrorUtils::SolveMoveObjectError(mediaError);
517 MtpErrorUtils::SolveCopyObjectError(mediaError);
518 MtpErrorUtils::SolveDeleteObjectError(mediaError);
519 MtpErrorUtils::SolveObjectPropValueError(mediaError);
520 MtpErrorUtils::SolveCloseFdError(mediaError);
521 }
522
MtpManagerTest(const uint8_t * data,size_t size)523 static void MtpManagerTest(const uint8_t* data, size_t size)
524 {
525 MtpManager::GetInstance().Init();
526 MtpManager::GetInstance().StartMtpService(FuzzMtpMode(data, size));
527 MtpManager::GetInstance().IsMtpMode();
528 MtpManager::GetInstance().StopMtpService();
529 }
530
531 //MtpMediaLibraryTest start
AddPathToMapTest(const uint8_t * data,size_t size)532 static void AddPathToMapTest(const uint8_t* data, size_t size)
533 {
534 mtpMediaLib_->AddPathToMap(FuzzString(data, size));
535 mtpMediaLib_->Clear();
536 }
537
ObserverAddPathToMapTest(const uint8_t * data,size_t size)538 static void ObserverAddPathToMapTest(const uint8_t* data, size_t size)
539 {
540 mtpMediaLib_->Clear();
541 mtpMediaLib_->ObserverAddPathToMap(FuzzString(data, size));
542
543 uint32_t parentId = 0;
544 mtpMediaLib_->GetIdByPath(FuzzString(data, size), parentId);
545 vector<int> outHandles;
546 mtpMediaLib_->GetHandles(parentId, outHandles, MEDIA_TYPE_FILE);
547 }
548
GetHandlesTest(const uint8_t * data,size_t size)549 static void GetHandlesTest(const uint8_t* data, size_t size)
550 {
551 mtpMediaLib_->Clear();
552 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
553 FuzzMtpOperationContext(data, size));
554 if (context == nullptr) {
555 MEDIA_ERR_LOG("context is nullptr");
556 return;
557 }
558 //parent file path
559 mtpMediaLib_->ObserverAddPathToMap(FILE_PATH);
560 //file path
561 mtpMediaLib_->ObserverAddPathToMap(FILE_PATH + "/" + FuzzString(data, size) + ".txt");
562
563 uint32_t parentId = 0;
564 shared_ptr<UInt32List> outHandles = make_shared<UInt32List>(FuzzVectorUInt32(data, size));
565 mtpMediaLib_->GetIdByPath(FILE_PATH, parentId);
566 context->parent = parentId;
567 context->storageID = parentId;
568 mtpMediaLib_->GetHandles(context, outHandles);
569 }
570
GetObjectInfoTest(const uint8_t * data,size_t size)571 static void GetObjectInfoTest(const uint8_t* data, size_t size)
572 {
573 mtpMediaLib_->Clear();
574 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
575 FuzzMtpOperationContext(data, size));
576 if (context == nullptr) {
577 MEDIA_ERR_LOG("context is nullptr");
578 return;
579 }
580 shared_ptr<ObjectInfo> objectInfo = make_shared<ObjectInfo>(FuzzObjectInfo(data, size));
581 context->handle = 0;
582 mtpMediaLib_->GetObjectInfo(context, objectInfo);
583 }
584
GetFdTest(const uint8_t * data,size_t size)585 static void GetFdTest(const uint8_t* data, size_t size)
586 {
587 mtpMediaLib_->Clear();
588 shared_ptr<MtpOperationContext> context = nullptr;
589 bool condition = false;
590 int fd = 0;
591 mtpMediaLib_->CondCloseFd(condition, fd);
592
593 int32_t outFd = FuzzInt32(data, size);
594 mtpMediaLib_->GetFd(context, outFd);
595 }
GetThumbTest(const uint8_t * data,size_t size)596 static void GetThumbTest(const uint8_t* data, size_t size)
597 {
598 mtpMediaLib_->Clear();
599 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
600 FuzzMtpOperationContext(data, size));
601 if (context == nullptr) {
602 MEDIA_ERR_LOG("context is nullptr");
603 return;
604 }
605
606 if (data == nullptr || size < (sizeof(uint32_t) + sizeof(uint8_t))) {
607 return;
608 }
609 int32_t offset = 0;
610 shared_ptr<UInt8List> outThumb = make_shared<UInt8List>(FuzzVectorUInt8(data + offset, size));
611 offset += sizeof(uint8_t);
612 mtpMediaLib_->AddToHandlePathMap(FILE_PATH + "/" + FuzzString(data, size) +
613 ".txt", FuzzUInt32(data + offset, size));
614 mtpMediaLib_->GetThumb(context, outThumb);
615 }
SendObjectInfoTest(const uint8_t * data,size_t size)616 static void SendObjectInfoTest(const uint8_t* data, size_t size)
617 {
618 mtpMediaLib_->Clear();
619 const int32_t uInt32Count = 3;
620 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
621 return;
622 }
623 int32_t offset = 0;
624 uint32_t outStorageID = FuzzUInt32(data + offset, size);
625 offset += sizeof(uint32_t);
626 uint32_t outParent = FuzzUInt32(data + offset, size);
627 offset += sizeof(uint32_t);
628 uint32_t outHandle = FuzzUInt32(data + offset, size);
629
630 mtpMediaLib_->SendObjectInfo(nullptr, outStorageID, outParent, outHandle);
631 }
632
MoveObjectTest(const uint8_t * data,size_t size)633 static void MoveObjectTest(const uint8_t* data, size_t size)
634 {
635 mtpMediaLib_->Clear();
636 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
637 FuzzMtpOperationContext(data, size));
638 if (context == nullptr) {
639 MEDIA_ERR_LOG("context is nullptr");
640 return;
641 }
642
643 mtpMediaLib_->ObserverAddPathToMap(FuzzString(data, size));
644 string from = FuzzString(data, size);
645 mtpMediaLib_->ObserverAddPathToMap(from);
646 string to = FuzzString(data, size);
647 uint32_t fromId = 0;
648 mtpMediaLib_->GetIdByPath(from, fromId);
649 uint32_t parentId = 0;
650 mtpMediaLib_->GetIdByPath(from, parentId);
651 context->handle = fromId;
652 context->parent = parentId;
653 mtpMediaLib_->MoveObject(context, parentId);
654 }
655
CopyObjectTest(const uint8_t * data,size_t size)656 static void CopyObjectTest(const uint8_t* data, size_t size)
657 {
658 mtpMediaLib_->Clear();
659 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
660 FuzzMtpOperationContext(data, size));
661 if (context == nullptr) {
662 MEDIA_ERR_LOG("context is nullptr");
663 return;
664 }
665 const int32_t uInt32Count = 3;
666 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
667 return;
668 }
669 int32_t offset = 0;
670 mtpMediaLib_->AddToHandlePathMap(FILE_PATH + "/" + FuzzString(data, size), FuzzUInt32(data + offset, size));
671 offset += sizeof(uint32_t);
672 uint32_t outObjectHandle = FuzzUInt32(data + offset, size);
673 offset += sizeof(uint32_t);
674 uint32_t oldHandle = FuzzUInt32(data + offset, size);
675 mtpMediaLib_->CopyObject(context, outObjectHandle, oldHandle);
676 mtpMediaLib_->DeleteObject(context);
677 }
678
SetObjectPropValueTest(const uint8_t * data,size_t size)679 static void SetObjectPropValueTest(const uint8_t* data, size_t size)
680 {
681 mtpMediaLib_->Clear();
682 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
683 FuzzMtpOperationContext(data, size));
684 if (context == nullptr) {
685 MEDIA_ERR_LOG("context is nullptr");
686 return;
687 }
688 mtpMediaLib_->AddToHandlePathMap(FILE_PATH + "/" + FuzzString(data, size) + ".txt", FuzzUInt32(data, size));
689
690 mtpMediaLib_->SetObjectPropValue(context);
691 }
692
CloseFdTest(const uint8_t * data,size_t size)693 static void CloseFdTest(const uint8_t* data, size_t size)
694 {
695 mtpMediaLib_->Clear();
696 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
697 FuzzMtpOperationContext(data, size));
698 if (context == nullptr) {
699 MEDIA_ERR_LOG("context is nullptr");
700 return;
701 }
702 //storage file path
703 mtpMediaLib_->ObserverAddPathToMap(FILE_PATH);
704 //parent file path
705 mtpMediaLib_->ObserverAddPathToMap(FuzzString(data, size));
706
707 uint32_t handle = 0;
708 mtpMediaLib_->GetIdByPath(FuzzString(data, size), handle);
709 context->handle = handle;
710 int32_t outFd = FuzzInt32(data, size);
711 mtpMediaLib_->GetFd(context, outFd);
712 mtpMediaLib_->CloseFd(context, outFd);
713 }
714
GetObjectPropListTest(const uint8_t * data,size_t size)715 static void GetObjectPropListTest(const uint8_t* data, size_t size)
716 {
717 mtpMediaLib_->Clear();
718 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
719 FuzzMtpOperationContext(data, size));
720 if (context == nullptr) {
721 MEDIA_ERR_LOG("context is nullptr");
722 return;
723 }
724 shared_ptr<vector<Property>> outProps = make_shared<vector<Property>>();
725
726 mtpMediaLib_->GetObjectPropList(context, outProps);
727 }
728
GetObjectPropValueTest(const uint8_t * data,size_t size)729 static void GetObjectPropValueTest(const uint8_t* data, size_t size)
730 {
731 mtpMediaLib_->Clear();
732 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
733 FuzzMtpOperationContext(data, size));
734 if (context == nullptr) {
735 MEDIA_ERR_LOG("context is nullptr");
736 return;
737 }
738 uint64_t outIntVal = 0;
739 uint128_t outLongVal = { 0 };
740 string outStrVal = "";
741 const int32_t uInt32Count = 2;
742 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
743 return;
744 }
745 int32_t offset = 0;
746 mtpMediaLib_->AddToHandlePathMap(FuzzString(data, size), FuzzUInt32(data + offset, size));
747 offset += sizeof(uint32_t);
748 mtpMediaLib_->GetObjectPropValue(context, outIntVal, outLongVal, outStrVal);
749 mtpMediaLib_->DeleteHandlePathMap(FuzzString(data, size), FuzzUInt32(data + offset, size));
750 }
751
GetRealPathTest(const uint8_t * data,size_t size)752 static void GetRealPathTest(const uint8_t* data, size_t size)
753 {
754 mtpMediaLib_->Clear();
755 string outPath = "";
756 mtpMediaLib_->GetRealPath(FuzzString(data, size), outPath);
757 }
758
MtpMediaLibraryStorageTest(const uint8_t * data,size_t size)759 static void MtpMediaLibraryStorageTest(const uint8_t* data, size_t size)
760 {
761 mtpMediaLib_->Clear();
762 string fsUuid = FuzzString(data, size);
763 uint32_t storageId = FuzzUInt32(data, size);
764 mtpMediaLib_->TryAddExternalStorage(fsUuid, storageId);
765 mtpMediaLib_->TryRemoveExternalStorage(fsUuid, storageId);
766 mtpMediaLib_->GetStorageIds();
767 }
768
ObserverDeletePathToMapTest(const uint8_t * data,size_t size)769 static void ObserverDeletePathToMapTest(const uint8_t* data, size_t size)
770 {
771 mtpMediaLib_->Clear();
772 mtpMediaLib_->ObserverAddPathToMap(FuzzString(data, size));
773 mtpMediaLib_->ObserverDeletePathToMap(FuzzString(data, size));
774 }
775
ModifyHandlePathMapTest(const uint8_t * data,size_t size)776 static void ModifyHandlePathMapTest(const uint8_t* data, size_t size)
777 {
778 mtpMediaLib_->Clear();
779 const int32_t uInt32Count = 2;
780 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
781 return;
782 }
783 int32_t offset = 0;
784 mtpMediaLib_->AddToHandlePathMap(FuzzString(data, size), FuzzUInt32(data + offset, size));
785 offset += sizeof(uint32_t);
786
787 mtpMediaLib_->ModifyHandlePathMap(FuzzString(data, size), FuzzString(data, size));
788
789 uint32_t id = FuzzUInt32(data + offset, size);
790 mtpMediaLib_->ModifyPathHandleMap(FuzzString(data, size), id);
791 }
792
StartsWithTest(const uint8_t * data,size_t size)793 static void StartsWithTest(const uint8_t* data, size_t size)
794 {
795 mtpMediaLib_->Clear();
796
797 string str = FuzzString(data, size);
798 string prefix = FuzzString(data, size);
799 mtpMediaLib_->StartsWith(str, prefix);
800 }
801
MoveHandlePathMapTest(const uint8_t * data,size_t size)802 static void MoveHandlePathMapTest(const uint8_t* data, size_t size)
803 {
804 mtpMediaLib_->Clear();
805 mtpMediaLib_->AddToHandlePathMap(FuzzString(data, size), FuzzUInt32(data, size));
806 mtpMediaLib_->MoveHandlePathMap(FILE_PATH, FuzzString(data, size));
807 mtpMediaLib_->AddToHandlePathMap(FILE_PATH, 1);
808 mtpMediaLib_->MoveRepeatDirHandlePathMap(FILE_PATH, FuzzString(data, size));
809 }
810
MoveObjectSubTest(const uint8_t * data,size_t size)811 static void MoveObjectSubTest(const uint8_t* data, size_t size)
812 {
813 mtpMediaLib_->Clear();
814 const int32_t uInt32Count = 2;
815 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
816 return;
817 }
818 int32_t offset = 0;
819 mtpMediaLib_->AddToHandlePathMap(FuzzString(data, size), FuzzUInt32(data + offset, size));
820 offset += sizeof(uint32_t);
821
822 mtpMediaLib_->AddToHandlePathMap(FILE_PATH, 1);
823 bool isDir = FuzzBool(data, size);
824 uint32_t repeatHandle = FuzzUInt32(data + offset, size);
825 mtpMediaLib_->MoveObjectSub(FILE_PATH, FuzzString(data, size), isDir, repeatHandle);
826 }
827
GetIdTest(const uint8_t * data,size_t size)828 static void GetIdTest(const uint8_t* data, size_t size)
829 {
830 mtpMediaLib_->Clear();
831 mtpMediaLib_->GetId();
832 mtpMediaLib_->GetParentId(FuzzString(data, size));
833 }
834
ScanDirNoDepthTest(const uint8_t * data,size_t size)835 static void ScanDirNoDepthTest(const uint8_t* data, size_t size)
836 {
837 mtpMediaLib_->Clear();
838 string root = FuzzString(data, size);
839 shared_ptr<UInt32List> out = make_shared<UInt32List>();
840 mtpMediaLib_->ScanDirNoDepth(root, out);
841 }
842
ScanDirWithTypeTest(const uint8_t * data,size_t size)843 static void ScanDirWithTypeTest(const uint8_t* data, size_t size)
844 {
845 mtpMediaLib_->Clear();
846 shared_ptr<unordered_map<uint32_t, string>> out =
847 make_shared<unordered_map<uint32_t, string>>();
848
849 mtpMediaLib_->ScanDirWithType(STORAGE_FILE, out);
850 mtpMediaLib_->ScanDirTraverseWithType(STORAGE_FILE, out);
851
852 string root = FILE_PATH + "/" + FuzzString(data, size);
853 mtpMediaLib_->ScanDirWithType(root, out);
854 mtpMediaLib_->ScanDirTraverseWithType(root, out);
855 mtpMediaLib_->GetSizeFromOfft(size);
856 }
857
GetHandlesMapTest(const uint8_t * data,size_t size)858 static void GetHandlesMapTest(const uint8_t* data, size_t size)
859 {
860 mtpMediaLib_->Clear();
861 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
862 FuzzMtpOperationContext(data, size));
863 if (context == nullptr) {
864 MEDIA_ERR_LOG("context is nullptr");
865 return;
866 }
867 mtpMediaLib_->AddToHandlePathMap(FuzzString(data, size), FuzzUInt32(data, size));
868
869 mtpMediaLib_->GetHandlesMap(context);
870 }
871
GetExternalStoragesTest(const uint8_t * data,size_t size)872 static void GetExternalStoragesTest(const uint8_t* data, size_t size)
873 {
874 mtpMediaLib_->Clear();
875 mtpMediaLib_->GetExternalStorages();
876 }
877
ErasePathInfoTest(const uint8_t * data,size_t size)878 static void ErasePathInfoTest(const uint8_t* data, size_t size)
879 {
880 mtpMediaLib_->Clear();
881
882 mtpMediaLib_->ObserverAddPathToMap(FuzzString(data, size));
883 uint32_t handle = FuzzUInt32(data, size);
884 mtpMediaLib_->GetIdByPath(FuzzString(data, size), handle);
885 mtpMediaLib_->ErasePathInfo(handle, FILE_PATH);
886 }
887
GetVideoThumbTest(const uint8_t * data,size_t size)888 static void GetVideoThumbTest(const uint8_t* data, size_t size)
889 {
890 mtpMediaLib_->Clear();
891 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
892 FuzzMtpOperationContext(data, size));
893 if (context == nullptr) {
894 MEDIA_ERR_LOG("context is nullptr");
895 return;
896 }
897 shared_ptr<UInt8List> outThumb = make_shared<UInt8List>();
898 mtpMediaLib_->AddToHandlePathMap(FuzzString(data, size), FuzzUInt32(data, size));
899
900 mtpMediaLib_->GetVideoThumb(context, outThumb);
901 }
902
GetPictureThumbTest(const uint8_t * data,size_t size)903 static void GetPictureThumbTest(const uint8_t* data, size_t size)
904 {
905 mtpMediaLib_->Clear();
906 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
907 FuzzMtpOperationContext(data, size));
908 if (context == nullptr) {
909 MEDIA_ERR_LOG("context is nullptr");
910 return;
911 }
912 shared_ptr<UInt8List> outThumb = make_shared<UInt8List>();
913 mtpMediaLib_->AddToHandlePathMap(FuzzString(data, size), FuzzUInt32(data, size));
914
915 mtpMediaLib_->GetPictureThumb(context, outThumb);
916 }
917
CorrectStorageIdTest(const uint8_t * data,size_t size)918 static void CorrectStorageIdTest(const uint8_t* data, size_t size)
919 {
920 mtpMediaLib_->Clear();
921 const shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
922 FuzzMtpOperationContext(data, size));
923 if (context == nullptr) {
924 MEDIA_ERR_LOG("context is nullptr");
925 return;
926 }
927 mtpMediaLib_->CorrectStorageId(context);
928 }
929
MtpMediaLibraryTest(const uint8_t * data,size_t size)930 static void MtpMediaLibraryTest(const uint8_t* data, size_t size)
931 {
932 AddPathToMapTest(data, size);
933 ObserverAddPathToMapTest(data, size);
934 GetHandlesTest(data, size);
935 GetObjectInfoTest(data, size);
936 GetFdTest(data, size);
937 GetThumbTest(data, size);
938 SendObjectInfoTest(data, size);
939 MoveObjectTest(data, size);
940 CopyObjectTest(data, size);
941 SetObjectPropValueTest(data, size);
942 CloseFdTest(data, size);
943 GetObjectPropListTest(data, size);
944 GetObjectPropValueTest(data, size);
945 GetRealPathTest(data, size);
946 MtpMediaLibraryStorageTest(data, size);
947 ObserverDeletePathToMapTest(data, size);
948 ModifyHandlePathMapTest(data, size);
949 StartsWithTest(data, size);
950 MoveHandlePathMapTest(data, size);
951 MoveObjectSubTest(data, size);
952 GetIdTest(data, size);
953 ScanDirNoDepthTest(data, size);
954 ScanDirWithTypeTest(data, size);
955 GetHandlesMapTest(data, size);
956 GetExternalStoragesTest(data, size);
957 ErasePathInfoTest(data, size);
958 GetVideoThumbTest(data, size);
959 GetPictureThumbTest(data, size);
960 CorrectStorageIdTest(data, size);
961 }
962
963 // MtpMedialibraryManagerTest start
PtpGetHandlesTest(const uint8_t * data,size_t size)964 static void PtpGetHandlesTest(const uint8_t* data, size_t size)
965 {
966 ptpMediaLib_->Clear();
967 const int32_t int32Count = 2;
968 if (data == nullptr || size < sizeof(int32_t) * int32Count + sizeof(uint32_t)) {
969 return;
970 }
971 int32_t offset = 0;
972 int32_t parentId = FuzzInt32(data + offset, size);
973 offset += sizeof(int32_t);
974 MediaType mediaType = MediaType::MEDIA_TYPE_IMAGE;
975 vector<int> outHandle = FuzzVectorInt32(data + offset, size);
976 offset += sizeof(int32_t);
977 ptpMediaLib_->GetHandles(parentId, outHandle, mediaType);
978
979 ptpMediaLib_->Clear();
980 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
981 FuzzMtpOperationContext(data, size));
982 if (context == nullptr) {
983 MEDIA_ERR_LOG("context is nullptr");
984 return;
985 }
986
987 uint32_t outId = 0;
988 shared_ptr<UInt32List> outHandles = make_shared<UInt32List>(FuzzVectorUInt32(data + offset, size));
989 ptpMediaLib_->GetIdByPath(FuzzString(data, size), outId);
990 context->parent = outId;
991 context->storageID = outId;
992 ptpMediaLib_->GetHandles(context, outHandles);
993 }
994
PtpGetObjectInfoTest(const uint8_t * data,size_t size)995 static void PtpGetObjectInfoTest(const uint8_t* data, size_t size)
996 {
997 ptpMediaLib_->Clear();
998 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
999 FuzzMtpOperationContext(data, size));
1000 if (context == nullptr) {
1001 MEDIA_ERR_LOG("context is nullptr");
1002 return;
1003 }
1004 shared_ptr<ObjectInfo> objectInfo = make_shared<ObjectInfo>(FuzzObjectInfo(data, size));
1005
1006 ptpMediaLib_->GetObjectInfo(context, objectInfo);
1007 }
1008
PtpGetFdTest(const uint8_t * data,size_t size)1009 static void PtpGetFdTest(const uint8_t* data, size_t size)
1010 {
1011 ptpMediaLib_->Clear();
1012 shared_ptr<MtpOperationContext> context = nullptr;
1013 bool condition = false;
1014 int fd = 0;
1015 ptpMediaLib_->CondCloseFd(condition, fd);
1016
1017 int32_t outFd = FuzzInt32(data, size);
1018 string mode = FuzzString(data, size);
1019 ptpMediaLib_->GetFd(context, outFd, mode);
1020 }
1021
PtpGetThumbTest(const uint8_t * data,size_t size)1022 static void PtpGetThumbTest(const uint8_t* data, size_t size)
1023 {
1024 ptpMediaLib_->Clear();
1025 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1026 FuzzMtpOperationContext(data, size));
1027 if (context == nullptr) {
1028 MEDIA_ERR_LOG("context is nullptr");
1029 return;
1030 }
1031
1032 shared_ptr<UInt8List> outThumb = make_shared<UInt8List>(FuzzVectorUInt8(data, size));
1033 ptpMediaLib_->GetThumb(context, outThumb);
1034 }
1035
PtpSendObjectInfoTest(const uint8_t * data,size_t size)1036 static void PtpSendObjectInfoTest(const uint8_t* data, size_t size)
1037 {
1038 ptpMediaLib_->Clear();
1039 const int32_t uInt32Count = 3;
1040 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
1041 return;
1042 }
1043 int32_t offset = 0;
1044 uint32_t outStorageID = FuzzUInt32(data + offset, size);
1045 offset += sizeof(uint32_t);
1046 uint32_t outParent = FuzzUInt32(data + offset, size);
1047 offset += sizeof(uint32_t);
1048 uint32_t outHandle = FuzzUInt32(data + offset, size);
1049
1050 ptpMediaLib_->SendObjectInfo(nullptr, outStorageID, outParent, outHandle);
1051 }
1052
PtpMoveObjectTest(const uint8_t * data,size_t size)1053 static void PtpMoveObjectTest(const uint8_t* data, size_t size)
1054 {
1055 ptpMediaLib_->Clear();
1056 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1057 FuzzMtpOperationContext(data, size));
1058 if (context == nullptr) {
1059 MEDIA_ERR_LOG("context is nullptr");
1060 return;
1061 }
1062 ptpMediaLib_->MoveObject(context);
1063 }
1064
PtpCopyObjectTest(const uint8_t * data,size_t size)1065 static void PtpCopyObjectTest(const uint8_t* data, size_t size)
1066 {
1067 ptpMediaLib_->Clear();
1068 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1069 FuzzMtpOperationContext(data, size));
1070 if (context == nullptr) {
1071 MEDIA_ERR_LOG("context is nullptr");
1072 return;
1073 }
1074
1075 uint32_t outObjectHandle = FuzzUInt32(data, size);
1076 ptpMediaLib_->CopyObject(context, outObjectHandle);
1077 ptpMediaLib_->DeleteObject(context);
1078 }
1079
PtpSetObjectPropValueTest(const uint8_t * data,size_t size)1080 static void PtpSetObjectPropValueTest(const uint8_t* data, size_t size)
1081 {
1082 ptpMediaLib_->Clear();
1083 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1084 FuzzMtpOperationContext(data, size));
1085 if (context == nullptr) {
1086 MEDIA_ERR_LOG("context is nullptr");
1087 return;
1088 }
1089 ptpMediaLib_->SetObjectPropValue(context);
1090 }
1091
PtpCloseFdTest(const uint8_t * data,size_t size)1092 static void PtpCloseFdTest(const uint8_t* data, size_t size)
1093 {
1094 ptpMediaLib_->Clear();
1095 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1096 FuzzMtpOperationContext(data, size));
1097 if (context == nullptr) {
1098 MEDIA_ERR_LOG("context is nullptr");
1099 return;
1100 }
1101 uint32_t handle = 0;
1102 ptpMediaLib_->GetIdByPath(FuzzString(data, size), handle);
1103 context->handle = handle;
1104 int32_t outFd = FuzzInt32(data, size);
1105 string mode = FuzzString(data, size);
1106 ptpMediaLib_->GetFd(context, outFd, mode);
1107 ptpMediaLib_->CloseFd(context, outFd);
1108 }
1109
PtpGetObjectPropListTest(const uint8_t * data,size_t size)1110 static void PtpGetObjectPropListTest(const uint8_t* data, size_t size)
1111 {
1112 ptpMediaLib_->Clear();
1113 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1114 FuzzMtpOperationContext(data, size));
1115 if (context == nullptr) {
1116 MEDIA_ERR_LOG("context is nullptr");
1117 return;
1118 }
1119 shared_ptr<vector<Property>> outProps = make_shared<vector<Property>>();
1120
1121 ptpMediaLib_->GetObjectPropList(context, outProps);
1122 }
1123
PtpGetObjectPropValueTest(const uint8_t * data,size_t size)1124 static void PtpGetObjectPropValueTest(const uint8_t* data, size_t size)
1125 {
1126 ptpMediaLib_->Clear();
1127 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1128 FuzzMtpOperationContext(data, size));
1129 if (context == nullptr) {
1130 MEDIA_ERR_LOG("context is nullptr");
1131 return;
1132 }
1133 uint64_t outIntVal = 0;
1134 uint128_t outLongVal = { 0 };
1135 string outStrVal = "";
1136 ptpMediaLib_->GetObjectPropValue(context, outIntVal, outLongVal, outStrVal);
1137 }
1138
PtpGetPictureThumbTest(const uint8_t * data,size_t size)1139 static void PtpGetPictureThumbTest(const uint8_t* data, size_t size)
1140 {
1141 ptpMediaLib_->Clear();
1142 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1143 FuzzMtpOperationContext(data, size));
1144 if (context == nullptr) {
1145 MEDIA_ERR_LOG("context is nullptr");
1146 return;
1147 }
1148 shared_ptr<UInt8List> outThumb = make_shared<UInt8List>();
1149 ptpMediaLib_->GetPictureThumb(context, outThumb);
1150 }
1151
PtpGetVideoThumbTest(const uint8_t * data,size_t size)1152 static void PtpGetVideoThumbTest(const uint8_t* data, size_t size)
1153 {
1154 ptpMediaLib_->Clear();
1155 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1156 FuzzMtpOperationContext(data, size));
1157 if (context == nullptr) {
1158 MEDIA_ERR_LOG("context is nullptr");
1159 return;
1160 }
1161 shared_ptr<UInt8List> outThumb = make_shared<UInt8List>();
1162 ptpMediaLib_->GetVideoThumb(context, outThumb);
1163 }
1164
PtpGetFdByOpenFileTest(const uint8_t * data,size_t size)1165 static void PtpGetFdByOpenFileTest(const uint8_t* data, size_t size)
1166 {
1167 ptpMediaLib_->Clear();
1168 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1169 FuzzMtpOperationContext(data, size));
1170 if (context == nullptr) {
1171 MEDIA_ERR_LOG("context is nullptr");
1172 return;
1173 }
1174 int32_t outFd = FuzzInt32(data, size);
1175 ptpMediaLib_->GetFdByOpenFile(context, outFd);
1176 }
1177
PtpSetObjectInfoTest(const uint8_t * data,size_t size)1178 static void PtpSetObjectInfoTest(const uint8_t* data, size_t size)
1179 {
1180 ptpMediaLib_->Clear();
1181
1182 const unique_ptr<FileAsset> fileAsset = make_unique<FileAsset>();
1183 shared_ptr<ObjectInfo> outObjectInfo = nullptr;
1184 ptpMediaLib_->SetObjectInfo(fileAsset, outObjectInfo);
1185 }
1186
PtpSetObjectTest(const uint8_t * data,size_t size)1187 static void PtpSetObjectTest(const uint8_t* data, size_t size)
1188 {
1189 ptpMediaLib_->Clear();
1190 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1191 FuzzMtpOperationContext(data, size));
1192 if (context == nullptr) {
1193 MEDIA_ERR_LOG("context is nullptr");
1194 return;
1195 }
1196
1197 shared_ptr<ObjectInfo> outObjectInfo = nullptr;
1198 const shared_ptr<DataShare::DataShareResultSet> resultSet = make_shared<DataShare::DataShareResultSet>();
1199 ptpMediaLib_->SetObject(resultSet, context, outObjectInfo);
1200 }
1201
PtpCompressImageTest(const uint8_t * data,size_t size)1202 static void PtpCompressImageTest(const uint8_t* data, size_t size)
1203 {
1204 ptpMediaLib_->Clear();
1205 unique_ptr<PixelMap> pixelMap = nullptr;
1206 vector<uint8_t> imageDdata = FuzzVectorUInt8(data, size);
1207 ptpMediaLib_->CompressImage(pixelMap, imageDdata);
1208 }
1209
PtpGetAlbumInfoTest(const uint8_t * data,size_t size)1210 static void PtpGetAlbumInfoTest(const uint8_t* data, size_t size)
1211 {
1212 ptpMediaLib_->Clear();
1213 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1214 FuzzMtpOperationContext(data, size));
1215 if (context == nullptr) {
1216 MEDIA_ERR_LOG("context is nullptr");
1217 return;
1218 }
1219
1220 bool isHandle = FuzzBool(data, size);
1221 ptpMediaLib_->GetAlbumInfo(context, isHandle);
1222 }
1223
PtpGetPhotosInfoTest(const uint8_t * data,size_t size)1224 static void PtpGetPhotosInfoTest(const uint8_t* data, size_t size)
1225 {
1226 ptpMediaLib_->Clear();
1227 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1228 FuzzMtpOperationContext(data, size));
1229 if (context == nullptr) {
1230 MEDIA_ERR_LOG("context is nullptr");
1231 return;
1232 }
1233
1234 bool isHandle = FuzzBool(data, size);
1235 ptpMediaLib_->GetPhotosInfo(context, isHandle);
1236 }
1237
PtpGetAlbumCloudTest(const uint8_t * data,size_t size)1238 static void PtpGetAlbumCloudTest(const uint8_t* data, size_t size)
1239 {
1240 ptpMediaLib_->Clear();
1241 ptpMediaLib_->GetAlbumCloud();
1242 vector<string> ownerAlbumIds = FuzzVectorString(data, size);
1243 ptpMediaLib_->GetAlbumCloudDisplay(ownerAlbumIds);
1244 }
1245
PtpHaveMovingPhotesHandleTest(const uint8_t * data,size_t size)1246 static void PtpHaveMovingPhotesHandleTest(const uint8_t* data, size_t size)
1247 {
1248 ptpMediaLib_->Clear();
1249 const shared_ptr<DataShare::DataShareResultSet> resultSet = make_shared<DataShare::DataShareResultSet>();
1250 const int32_t uInt32Count = 2;
1251 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
1252 return;
1253 }
1254 int32_t offset = 0;
1255 shared_ptr<UInt32List> outHandles = make_shared<UInt32List>(FuzzVectorUInt32(data + offset, size));
1256 offset += sizeof(uint32_t);
1257 const uint32_t parent = FuzzUInt32(data + offset, size);
1258 ptpMediaLib_->HaveMovingPhotesHandle(resultSet, outHandles, parent);
1259 ptpMediaLib_->GetSizeFromOfft(size);
1260 ptpMediaLib_->GetBurstKeyFromPhotosInfo();
1261 }
1262
PtpGetThumbUriTest(const uint8_t * data,size_t size)1263 static void PtpGetThumbUriTest(const uint8_t* data, size_t size)
1264 {
1265 ptpMediaLib_->Clear();
1266 const int32_t handle = FuzzInt32(data, size);
1267 const string thumbSizeValue = FuzzString(data, size);
1268 const string dataPath = FILE_PATH + "/" + FuzzString(data, size);
1269 ptpMediaLib_->GetThumbUri(handle, thumbSizeValue, dataPath);
1270 }
1271
MtpMedialibraryManagerTest(const uint8_t * data,size_t size)1272 static void MtpMedialibraryManagerTest(const uint8_t* data, size_t size)
1273 {
1274 PtpGetHandlesTest(data, size);
1275 PtpGetObjectInfoTest(data, size);
1276 PtpGetFdTest(data, size);
1277 PtpGetThumbTest(data, size);
1278 PtpSendObjectInfoTest(data, size);
1279 PtpMoveObjectTest(data, size);
1280 PtpCopyObjectTest(data, size);
1281 PtpSetObjectPropValueTest(data, size);
1282 PtpCloseFdTest(data, size);
1283 PtpGetObjectPropListTest(data, size);
1284 PtpGetObjectPropValueTest(data, size);
1285 PtpGetPictureThumbTest(data, size);
1286 PtpGetVideoThumbTest(data, size);
1287 PtpGetFdByOpenFileTest(data, size);
1288 PtpSetObjectInfoTest(data, size);
1289 PtpSetObjectTest(data, size);
1290 PtpCompressImageTest(data, size);
1291 PtpGetAlbumInfoTest(data, size);
1292 PtpGetPhotosInfoTest(data, size);
1293 PtpGetAlbumCloudTest(data, size);
1294 PtpHaveMovingPhotesHandleTest(data, size);
1295 PtpGetThumbUriTest(data, size);
1296 }
1297
1298 // MtpOperationUtilsTest start
MtpOperationUtilsContainerTest(const uint8_t * data,size_t size)1299 static void MtpOperationUtilsContainerTest(const uint8_t* data, size_t size)
1300 {
1301 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1302 FuzzMtpOperationContext(data, size));
1303 if (context == nullptr) {
1304 MEDIA_ERR_LOG("context is nullptr");
1305 return;
1306 }
1307 if (mtpOperUtils_ == nullptr) {
1308 mtpOperUtils_ = make_shared<MtpOperationUtils>(context);
1309 }
1310
1311 shared_ptr<PayloadData> payData = make_shared<CloseSessionData>(context);
1312 if (data == nullptr || size < sizeof(uint16_t) + sizeof(int32_t)) {
1313 return;
1314 }
1315 int32_t offset = 0;
1316 uint16_t containerType = FuzzUInt16(data + offset, size);
1317 offset += sizeof(uint16_t);
1318 int errorCode = FuzzInt32(data + offset, size);
1319 mtpOperUtils_->GetDeviceInfo(payData, containerType, errorCode);
1320 mtpOperUtils_->GetObjectInfo(payData, containerType, errorCode);
1321 mtpOperUtils_->GetNumObjects(payData);
1322 mtpOperUtils_->DoSetObjectPropValue(errorCode);
1323 mtpOperUtils_->GetObjectHandles(payData, containerType, errorCode);
1324 mtpOperUtils_->GetObjectPropDesc(payData, containerType, errorCode);
1325 mtpOperUtils_->GetObjectPropValue(payData, containerType, errorCode);
1326 mtpOperUtils_->GetObjectPropList(payData, containerType, errorCode);
1327 mtpOperUtils_->SendObjectInfo(payData, errorCode);
1328 mtpOperUtils_->GetPartialObject(payData);
1329 mtpOperUtils_->GetObjectPropsSupported(payData);
1330 mtpOperUtils_->GetOpenSession(payData, errorCode);
1331 mtpOperUtils_->GetCloseSession(payData);
1332 mtpOperUtils_->DeleteObject(payData, errorCode);
1333 mtpOperUtils_->MoveObject(payData, errorCode);
1334 mtpOperUtils_->CopyObject(payData, errorCode);
1335 mtpOperUtils_->GetStorageIDs(payData, containerType, errorCode);
1336 mtpOperUtils_->GetStorageInfo(payData, containerType, errorCode);
1337 }
1338
MtpOperationUtilsGetPathByHandleTest(const uint8_t * data,size_t size)1339 static void MtpOperationUtilsGetPathByHandleTest(const uint8_t* data, size_t size)
1340 {
1341 if (mtpOperUtils_ == nullptr) {
1342 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1343 FuzzMtpOperationContext(data, size));
1344 if (context == nullptr) {
1345 MEDIA_ERR_LOG("context is nullptr");
1346 return;
1347 }
1348 mtpOperUtils_ = make_shared<MtpOperationUtils>(context);
1349 }
1350
1351 string path = FILE_PATH + "/" + FuzzString(data, size);
1352 string realPath = FILE_PATH + "/" + FuzzString(data, size);
1353 uint32_t handle = FuzzUInt32(data, size);
1354 mtpOperUtils_->GetPathByHandle(handle, path, realPath);
1355 mtpOperUtils_->GetHandleByPaths(path, handle);
1356 }
1357
MtpOperationUtilsHandleTest(const uint8_t * data,size_t size)1358 static void MtpOperationUtilsHandleTest(const uint8_t* data, size_t size)
1359 {
1360 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1361 FuzzMtpOperationContext(data, size));
1362 if (context == nullptr) {
1363 MEDIA_ERR_LOG("context is nullptr");
1364 return;
1365 }
1366 if (mtpOperUtils_ == nullptr) {
1367 mtpOperUtils_ = make_shared<MtpOperationUtils>(context);
1368 }
1369
1370 shared_ptr<PayloadData> payData = make_shared<CloseSessionData>(context);
1371 mtpOperUtils_->SetDevicePropValueResp(payData);
1372 mtpOperUtils_->ResetDevicePropResp(payData);
1373
1374 const int32_t int32Count = 3;
1375 const int32_t uInt16Count = 5;
1376 if (data == nullptr || size < sizeof(int32_t) * int32Count +
1377 sizeof(uint16_t) * uInt16Count + sizeof(uint32_t)) {
1378 return;
1379 }
1380 int32_t offset = 0;
1381 int32_t payload = FuzzInt32(data + offset, size);
1382 offset += sizeof(int32_t);
1383 mtpOperUtils_->ObjectEvent(payData, payload);
1384
1385 int errorCode = FuzzInt32(data + offset, size);
1386 offset += sizeof(int32_t);
1387 mtpOperUtils_->CheckErrorCode(errorCode);
1388 uint32_t objectHandle = FuzzUInt32(data + offset, size);
1389 offset += sizeof(uint32_t);
1390 uint16_t eventCode = FuzzUInt16(data + offset, size);
1391 offset += sizeof(uint16_t);
1392 mtpOperUtils_->SendEventPacket(objectHandle, eventCode);
1393
1394 errorCode = FuzzInt32(data + offset, size);
1395 offset += sizeof(int32_t);
1396 mtpOperUtils_->GetRespCommonData(payData, errorCode);
1397
1398 uint16_t containerType = FuzzUInt16(data + offset, size);
1399 offset += sizeof(uint16_t);
1400 mtpOperUtils_->GetObjectReferences(payData, containerType, errorCode);
1401
1402 mtpOperUtils_->SetObjectReferences(payData);
1403 mtpOperUtils_->GetObjectDataDeal();
1404 mtpOperUtils_->GetObject(payData, errorCode);
1405
1406 containerType = FuzzUInt16(data + offset, size);
1407 offset += sizeof(uint16_t);
1408 mtpOperUtils_->GetThumb(payData, containerType, errorCode);
1409 containerType = FuzzUInt16(data + offset, size);
1410 offset += sizeof(uint16_t);
1411 mtpOperUtils_->GetPropDesc(payData, containerType, errorCode);
1412 containerType = FuzzUInt16(data + offset, size);
1413 mtpOperUtils_->GetPropValue(payData, containerType, errorCode);
1414 mtpOperUtils_->HasStorage(errorCode);
1415 }
1416
MtpOperationUtilsStorageIdTest(const uint8_t * data,size_t size)1417 static void MtpOperationUtilsStorageIdTest(const uint8_t* data, size_t size)
1418 {
1419 if (mtpOperUtils_ == nullptr) {
1420 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1421 FuzzMtpOperationContext(data, size));
1422 if (context == nullptr) {
1423 MEDIA_ERR_LOG("context is nullptr");
1424 return;
1425 }
1426 mtpOperUtils_ = make_shared<MtpOperationUtils>(context);
1427 }
1428
1429 string fsUuid = FuzzString(data, size);
1430 uint32_t storageId = FuzzUInt32(data, size);
1431 mtpOperUtils_->TryAddExternalStorage(fsUuid, storageId);
1432 mtpOperUtils_->TryRemoveExternalStorage(fsUuid, storageId);
1433 mtpOperUtils_->GetBatteryLevel();
1434 }
1435
MtpOperationUtilsTest(const uint8_t * data,size_t size)1436 static void MtpOperationUtilsTest(const uint8_t* data, size_t size)
1437 {
1438 MtpOperationUtilsContainerTest(data, size);
1439 MtpOperationUtilsGetPathByHandleTest(data, size);
1440 MtpOperationUtilsHandleTest(data, size);
1441 MtpOperationUtilsStorageIdTest(data, size);
1442 }
1443
1444 // MtpPacketToolTest start
MtpPacketToolPutTest(const uint8_t * data,size_t size)1445 static void MtpPacketToolPutTest(const uint8_t* data, size_t size)
1446 {
1447 const int32_t uInt16Count = 2;
1448 const int32_t uInt32Count = 3;
1449 const int32_t uInt64Count = 2;
1450 const int32_t int32Count = 3;
1451 const int32_t int64Count = 2;
1452 if (data == nullptr || size < (sizeof(uint16_t) * uInt16Count +
1453 sizeof(uint32_t) * uInt32Count + sizeof(uint64_t) * uInt64Count +
1454 sizeof(int8_t) + sizeof(int16_t) + sizeof(int32_t) * int32Count +
1455 sizeof(int64_t) * int64Count)) {
1456 return;
1457 }
1458 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
1459 int32_t offset = 0;
1460 MtpPacketTool::PutUInt8(outBuffer, FuzzUInt16(data + offset, size));
1461 offset += sizeof(uint16_t);
1462 MtpPacketTool::PutUInt16(outBuffer, FuzzUInt16(data + offset, size));
1463 offset += sizeof(uint16_t);
1464 MtpPacketTool::PutUInt32(outBuffer, FuzzUInt32(data + offset, size));
1465 offset += sizeof(uint32_t);
1466 MtpPacketTool::PutUInt64(outBuffer, FuzzUInt64(data + offset, size));
1467 offset += sizeof(uint64_t);
1468 MtpPacketTool::PutUInt128(outBuffer, FuzzUInt64(data + offset, size));
1469 offset += sizeof(uint64_t);
1470 uint32_t valueUInt32First = FuzzUInt32(data + offset, size);
1471 offset += sizeof(uint32_t);
1472 uint32_t valueUInt32Second = FuzzUInt32(data + offset, size);
1473 offset += sizeof(uint32_t);
1474 uint128_t valueUInt128 = {valueUInt32First, valueUInt32Second};
1475 MtpPacketTool::PutUInt128(outBuffer, valueUInt128);
1476
1477 MtpPacketTool::PutInt8(outBuffer, FuzzInt8(data + offset, size));
1478 offset += sizeof(int8_t);
1479 MtpPacketTool::PutInt16(outBuffer, FuzzInt16(data + offset, size));
1480 offset += sizeof(int16_t);
1481 MtpPacketTool::PutInt32(outBuffer, FuzzInt32(data + offset, size));
1482 offset += sizeof(int32_t);
1483 MtpPacketTool::PutInt64(outBuffer, FuzzInt64(data + offset, size));
1484 offset += sizeof(int64_t);
1485 MtpPacketTool::PutInt128(outBuffer, FuzzInt64(data + offset, size));
1486 offset += sizeof(int64_t);
1487 int32_t valueInt32First = FuzzInt32(data + offset, size);
1488 offset += sizeof(int32_t);
1489 int32_t valueInt32Second = FuzzInt32(data + offset, size);
1490 int128_t valueInt128 = {valueInt32First, valueInt32Second};
1491 MtpPacketTool::PutInt128(outBuffer, valueInt128);
1492 MtpPacketTool::PutString(outBuffer, FuzzString(data, size));
1493 }
1494
MtpPacketToolGetTest(const uint8_t * data,size_t size)1495 static void MtpPacketToolGetTest(const uint8_t* data, size_t size)
1496 {
1497 const int32_t uInt8Count = 6;
1498 if (data == nullptr || size < sizeof(uint8_t) * uInt8Count) {
1499 return;
1500 }
1501 int32_t offset = 0;
1502 uint8_t numFirst = FuzzUInt8(data + offset, size);
1503 offset += sizeof(uint8_t);
1504 uint8_t numSecond = FuzzUInt8(data + offset, size);
1505 offset += sizeof(uint8_t);
1506 MtpPacketTool::GetUInt16(numFirst, numSecond);
1507 numFirst = FuzzUInt8(data + offset, size);
1508 offset += sizeof(uint8_t);
1509 numSecond = FuzzUInt8(data + offset, size);
1510 offset += sizeof(uint8_t);
1511 uint8_t numThird = FuzzUInt8(data + offset, size);
1512 offset += sizeof(uint8_t);
1513 uint8_t numFourth = FuzzUInt8(data + offset, size);
1514 MtpPacketTool::GetUInt32(numFirst, numSecond, numThird, numFourth);
1515 }
1516
MtpPacketToolGetUInt8Test(const uint8_t * data,size_t size)1517 static void MtpPacketToolGetUInt8Test(const uint8_t* data, size_t size)
1518 {
1519 const int32_t uInt16Count = 2;
1520 if (data == nullptr || size < sizeof(uint16_t) * uInt16Count + sizeof(uint8_t)) {
1521 return;
1522 }
1523 int32_t offset = 0;
1524 vector<uint8_t> buffer;
1525 size_t offsetTest = 0;
1526 MtpPacketTool::PutUInt8(buffer, FuzzUInt16(data + offset, size));
1527 offset += sizeof(uint16_t);
1528 MtpPacketTool::GetUInt8(buffer, offsetTest);
1529 MtpPacketTool::PutUInt8(buffer, FuzzUInt16(data + offset, size));
1530 offset += sizeof(uint16_t);
1531 uint8_t valueUInt8 = FuzzUInt8(data + offset, size);
1532 MtpPacketTool::GetUInt8(buffer, offsetTest, valueUInt8);
1533 }
1534
MtpPacketToolGetUInt16Test(const uint8_t * data,size_t size)1535 static void MtpPacketToolGetUInt16Test(const uint8_t* data, size_t size)
1536 {
1537 const int32_t uInt16Count = 3;
1538 if (data == nullptr || size < sizeof(uint16_t) * uInt16Count) {
1539 return;
1540 }
1541 int32_t offset = 0;
1542 vector<uint8_t> buffer;
1543 size_t offsetTest = 0;
1544 MtpPacketTool::PutUInt16(buffer, FuzzUInt16(data + offset, size));
1545 offset += sizeof(uint16_t);
1546 MtpPacketTool::GetUInt16(buffer, offsetTest);
1547 MtpPacketTool::PutUInt16(buffer, FuzzUInt16(data + offset, size));
1548 offset += sizeof(uint16_t);
1549 uint16_t valueUInt16 = FuzzUInt16(data + offset, size);
1550 MtpPacketTool::GetUInt16(buffer, offsetTest, valueUInt16);
1551 }
1552
MtpPacketToolGetUInt32Test(const uint8_t * data,size_t size)1553 static void MtpPacketToolGetUInt32Test(const uint8_t* data, size_t size)
1554 {
1555 const int32_t uInt32Count = 3;
1556 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
1557 return;
1558 }
1559 int32_t offset = 0;
1560 vector<uint8_t> buffer;
1561 size_t offsetTest = 0;
1562 MtpPacketTool::PutUInt32(buffer, FuzzUInt32(data + offset, size));
1563 offset += sizeof(uint32_t);
1564 MtpPacketTool::GetUInt32(buffer, offsetTest);
1565 MtpPacketTool::PutUInt32(buffer, FuzzUInt32(data + offset, size));
1566 offset += sizeof(uint32_t);
1567 uint32_t valueUInt32 = FuzzUInt32(data + offset, size);
1568 MtpPacketTool::GetUInt32(buffer, offsetTest, valueUInt32);
1569 }
1570
MtpPacketToolGetUInt64Test(const uint8_t * data,size_t size)1571 static void MtpPacketToolGetUInt64Test(const uint8_t* data, size_t size)
1572 {
1573 const int32_t uInt64Count = 2;
1574 if (data == nullptr || size < sizeof(uint64_t) * uInt64Count) {
1575 return;
1576 }
1577 int32_t offset = 0;
1578 vector<uint8_t> buffer;
1579 size_t offsetTest = 0;
1580 MtpPacketTool::PutUInt64(buffer, FuzzUInt64(data + offset, size));
1581 offset += sizeof(uint64_t);
1582 uint64_t valueUInt64 = FuzzUInt64(data + offset, size);
1583 MtpPacketTool::GetUInt64(buffer, offsetTest, valueUInt64);
1584 }
1585
MtpPacketToolGetUInt128Test(const uint8_t * data,size_t size)1586 static void MtpPacketToolGetUInt128Test(const uint8_t* data, size_t size)
1587 {
1588 const int32_t uInt32Count = 2;
1589 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count) {
1590 return;
1591 }
1592 int32_t offset = 0;
1593 vector<uint8_t> buffer;
1594 size_t offsetTest = 0;
1595 uint32_t valueUInt32First = FuzzUInt32(data + offset, size);
1596 offset += sizeof(uint32_t);
1597 uint32_t valueUInt32Second = FuzzUInt32(data + offset, size);
1598 offset += sizeof(uint32_t);
1599 uint128_t valueUInt128 = {valueUInt32First, valueUInt32Second};
1600 MtpPacketTool::PutUInt128(buffer, valueUInt128);
1601 uint128_t outUInt128 = {0, 1};
1602 MtpPacketTool::GetUInt128(buffer, offsetTest, outUInt128);
1603 }
1604
MtpPacketToolGetInt8Test(const uint8_t * data,size_t size)1605 static void MtpPacketToolGetInt8Test(const uint8_t* data, size_t size)
1606 {
1607 const int32_t int8Count = 2;
1608 if (data == nullptr || size < sizeof(int8_t) * int8Count) {
1609 return;
1610 }
1611 int32_t offset = 0;
1612 vector<uint8_t> buffer;
1613 MtpPacketTool::PutInt8(buffer, FuzzInt8(data + offset, size));
1614 offset += sizeof(int8_t);
1615 size_t offsetTest = 0;
1616 int8_t valueInt8 = FuzzInt8(data + offset, size);
1617 MtpPacketTool::GetInt8(buffer, offsetTest, valueInt8);
1618 }
1619
MtpPacketToolGetInt16Test(const uint8_t * data,size_t size)1620 static void MtpPacketToolGetInt16Test(const uint8_t* data, size_t size)
1621 {
1622 const int32_t int16Count = 2;
1623 if (data == nullptr || size < sizeof(int16_t) * int16Count) {
1624 return;
1625 }
1626 int32_t offset = 0;
1627 vector<uint8_t> buffer;
1628 size_t offsetTest = 0;
1629 MtpPacketTool::PutInt16(buffer, FuzzInt16(data + offset, size));
1630 offset += sizeof(int16_t);
1631 int16_t valueInt16 = FuzzInt16(data + offset, size);
1632 MtpPacketTool::GetInt16(buffer, offsetTest, valueInt16);
1633 }
1634
MtpPacketToolGetInt32Test(const uint8_t * data,size_t size)1635 static void MtpPacketToolGetInt32Test(const uint8_t* data, size_t size)
1636 {
1637 const int32_t int32Count = 2;
1638 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
1639 return;
1640 }
1641 int32_t offset = 0;
1642 vector<uint8_t> buffer;
1643 MtpPacketTool::PutUInt32(buffer, FuzzInt32(data + offset, size));
1644 offset += sizeof(int32_t);
1645 int32_t valueInt32 = FuzzInt32(data + offset, size);
1646 size_t offsetTest = 0;
1647 MtpPacketTool::GetInt32(buffer, offsetTest, valueInt32);
1648 }
1649
MtpPacketToolGetInt64Test(const uint8_t * data,size_t size)1650 static void MtpPacketToolGetInt64Test(const uint8_t* data, size_t size)
1651 {
1652 const int32_t int64Count = 2;
1653 if (data == nullptr || size < sizeof(int64_t) * int64Count) {
1654 return;
1655 }
1656 int32_t offset = 0;
1657 vector<uint8_t> buffer;
1658 MtpPacketTool::PutInt64(buffer, FuzzInt64(data + offset, size));
1659 offset += sizeof(int64_t);
1660 size_t offsetTest = 0;
1661 int64_t valueInt64 = FuzzInt64(data + offset, size);
1662 MtpPacketTool::GetInt64(buffer, offsetTest, valueInt64);
1663 }
1664
MtpPacketToolGetInt128Test(const uint8_t * data,size_t size)1665 static void MtpPacketToolGetInt128Test(const uint8_t* data, size_t size)
1666 {
1667 const int32_t int32Count = 2;
1668 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
1669 return;
1670 }
1671 int32_t offset = 0;
1672 int32_t valueInt32First = FuzzInt32(data + offset, size);
1673 offset += sizeof(int32_t);
1674 int32_t valueInt32Second = FuzzInt32(data + offset, size);
1675 offset += sizeof(int32_t);
1676 int128_t valueInt128 = {valueInt32First, valueInt32Second};
1677 vector<uint8_t> buffer;
1678 MtpPacketTool::PutInt128(buffer, valueInt128);
1679 size_t offsetTest = 0;
1680 int128_t outInt128 = {0, 1};
1681 MtpPacketTool::GetInt128(buffer, offsetTest, outInt128);
1682 }
1683
MtpPacketToolGetStringTest(const uint8_t * data,size_t size)1684 static void MtpPacketToolGetStringTest(const uint8_t* data, size_t size)
1685 {
1686 vector<uint8_t> buffer;
1687 MtpPacketTool::PutString(buffer, FuzzString(data, size));
1688 size_t offsetTest = 0;
1689 string str = "";
1690 MtpPacketTool::GetString(buffer, offsetTest);
1691 MtpPacketTool::PutString(buffer, FuzzString(data, size));
1692 MtpPacketTool::GetString(buffer, offsetTest, str);
1693 string valueString = FuzzString(data, size);
1694 MtpPacketTool::StrToString(valueString);
1695 }
1696
MtpPacketToolToStringTest(const uint8_t * data,size_t size)1697 static void MtpPacketToolToStringTest(const uint8_t* data, size_t size)
1698 {
1699 const int32_t int32Count = 3;
1700 const int32_t uInt32Count = 3;
1701 if (data == nullptr || size < sizeof(int8_t) + sizeof(uint8_t) +
1702 sizeof(int16_t) + sizeof(uint16_t) + sizeof(int32_t) * int32Count +
1703 sizeof(uint32_t) * uInt32Count + sizeof(int64_t) +
1704 sizeof(uint64_t)) {
1705 return;
1706 }
1707 int32_t offset = 0;
1708 string outStr = "";
1709 int8_t valueInt8 = FuzzInt8(data + offset, size);
1710 offset += sizeof(int8_t);
1711 MtpPacketTool::Int8ToString(valueInt8, outStr);
1712 uint8_t valueUInt8 = FuzzUInt8(data + offset, size);
1713 offset += sizeof(uint8_t);
1714 MtpPacketTool::UInt8ToString(valueUInt8, outStr);
1715 int16_t valueInt16 = FuzzInt16(data + offset, size);
1716 offset += sizeof(int16_t);
1717 MtpPacketTool::Int16ToString(valueInt16, outStr);
1718 uint16_t valueUInt16 = FuzzUInt16(data + offset, size);
1719 offset += sizeof(uint16_t);
1720 MtpPacketTool::UInt16ToString(valueUInt16, outStr);
1721 int32_t valueInt32 = FuzzInt32(data + offset, size);
1722 offset += sizeof(int32_t);
1723 MtpPacketTool::Int32ToString(valueInt32, outStr);
1724 uint32_t valueUInt32 = FuzzUInt32(data + offset, size);
1725 offset += sizeof(uint32_t);
1726 MtpPacketTool::UInt32ToString(valueUInt32, outStr);
1727 int64_t valueInt64 = FuzzInt64(data + offset, size);
1728 offset += sizeof(int64_t);
1729 MtpPacketTool::Int64ToString(valueInt64, outStr);
1730 uint64_t valueUInt64 = FuzzUInt64(data + offset, size);
1731 offset += sizeof(uint64_t);
1732 MtpPacketTool::UInt64ToString(valueUInt64, outStr);
1733 int32_t valueInt32First = FuzzInt32(data + offset, size);
1734 offset += sizeof(int32_t);
1735 int32_t valueInt32Second = FuzzInt32(data + offset, size);
1736 offset += sizeof(int32_t);
1737 int128_t valueInt128 = {valueInt32First, valueInt32Second};
1738 MtpPacketTool::Int128ToString(valueInt128, outStr);
1739 uint32_t valueUInt32First = FuzzUInt32(data + offset, size);
1740 offset += sizeof(uint32_t);
1741 uint32_t valueUInt32Second = FuzzUInt32(data + offset, size);
1742 offset += sizeof(uint32_t);
1743 uint128_t valueUInt128 = {valueUInt32First, valueUInt32Second};
1744 MtpPacketTool::UInt128ToString(valueUInt128, outStr);
1745 }
1746
MtpPacketToolGetNameTest(const uint8_t * data,size_t size)1747 static void MtpPacketToolGetNameTest(const uint8_t* data, size_t size)
1748 {
1749 const int32_t int32Count = 2;
1750 const int32_t uInt16Count = 6;
1751 if (data == nullptr || size < sizeof(int32_t) * int32Count +
1752 sizeof(uint16_t) * uInt16Count) {
1753 return;
1754 }
1755 int32_t offset = 0;
1756 uint16_t code = FuzzUInt16(data + offset, size);
1757 offset += sizeof(uint16_t);
1758 MtpPacketTool::GetOperationName(code);
1759 code = FuzzUInt16(data + offset, size);
1760 offset += sizeof(uint16_t);
1761 MtpPacketTool::GetEventName(code);
1762 code = FuzzUInt16(data + offset, size);
1763 offset += sizeof(uint16_t);
1764 MtpPacketTool::GetFormatName(code);
1765 code = FuzzUInt16(data + offset, size);
1766 offset += sizeof(uint16_t);
1767 MtpPacketTool::GetObjectPropName(code);
1768 code = FuzzUInt16(data + offset, size);
1769 offset += sizeof(uint16_t);
1770 MtpPacketTool::GetEventName(code);
1771
1772 time_t sec = 0;
1773 MtpPacketTool::FormatDateTime(sec);
1774 int type = FuzzInt32(data + offset, size);
1775 offset += sizeof(int32_t);
1776 MtpPacketTool::GetDataTypeName(type);
1777 type = FuzzInt32(data + offset, size);
1778 offset += sizeof(int32_t);
1779 MtpPacketTool::GetAssociationName(type);
1780
1781 uint16_t propCode = FuzzUInt16(data + offset, size);
1782 MtpPacketTool::GetObjectPropTypeByPropCode(propCode);
1783 }
1784
MtpPacketToolOtherTest(const uint8_t * data,size_t size)1785 static void MtpPacketToolOtherTest(const uint8_t* data, size_t size)
1786 {
1787 const int32_t int32Count = 2;
1788 if (data == nullptr || size < sizeof(int32_t) * int32Count + sizeof(uint8_t)) {
1789 return;
1790 }
1791 MtpPacketTool::GetIndentBlank();
1792 size_t indent = size;
1793 MtpPacketTool::GetIndentBlank(indent);
1794 vector<uint8_t> dumpData = FuzzVectorUInt8(data, size);
1795 MtpPacketTool::Dump(dumpData);
1796 unique_ptr<char[]> hexBuf;
1797 int32_t offset = 0;
1798 int hexBufSize = FuzzInt32(data + offset, size);
1799 offset += sizeof(int32_t);
1800 unique_ptr<char[]> txtBuf;
1801 int txtBufSize = FuzzInt32(data + offset, size);
1802 offset += sizeof(int32_t);
1803 MtpPacketTool::DumpClear(indent, hexBuf, hexBufSize, txtBuf, txtBufSize);
1804
1805 uint8_t u8 = FuzzUInt8(data + offset, size);
1806 MtpPacketTool::DumpChar(u8, hexBuf, hexBufSize, txtBuf, txtBufSize);
1807 MtpPacketTool::DumpShow(hexBuf, hexBufSize, txtBuf, txtBufSize);
1808
1809 string str = FuzzString(data, size);
1810 hexBuf = make_unique<char[]>('a');
1811 txtBuf = make_unique<char[]>('a');
1812 MtpPacketTool::DumpClear(indent, hexBuf, hexBufSize, txtBuf, txtBufSize);
1813
1814 MtpPacketTool::DumpChar(u8, hexBuf, hexBufSize, txtBuf, txtBufSize);
1815
1816 MtpPacketTool::DumpShow(hexBuf, hexBufSize, txtBuf, txtBufSize);
1817 hexBuf[OFFSET_0] = '\0';
1818 MtpPacketTool::DumpShow(hexBuf, hexBufSize, txtBuf, txtBufSize);
1819 }
1820
MtpPacketToolTest(const uint8_t * data,size_t size)1821 static void MtpPacketToolTest(const uint8_t* data, size_t size)
1822 {
1823 MtpPacketToolPutTest(data, size);
1824 MtpPacketToolGetTest(data, size);
1825 MtpPacketToolGetUInt8Test(data, size);
1826 MtpPacketToolGetUInt16Test(data, size);
1827 MtpPacketToolGetUInt32Test(data, size);
1828 MtpPacketToolGetUInt64Test(data, size);
1829 MtpPacketToolGetUInt128Test(data, size);
1830 MtpPacketToolGetInt8Test(data, size);
1831 MtpPacketToolGetInt16Test(data, size);
1832 MtpPacketToolGetInt32Test(data, size);
1833 MtpPacketToolGetInt64Test(data, size);
1834 MtpPacketToolGetInt128Test(data, size);
1835 MtpPacketToolGetStringTest(data, size);
1836 MtpPacketToolToStringTest(data, size);
1837 MtpPacketToolGetNameTest(data, size);
1838 MtpPacketToolOtherTest(data, size);
1839 }
1840
MtpPacketTest(const uint8_t * data,size_t size)1841 static void MtpPacketTest(const uint8_t* data, size_t size)
1842 {
1843 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
1844 FuzzMtpOperationContext(data, size));
1845 if (context == nullptr) {
1846 MEDIA_ERR_LOG("context is nullptr");
1847 return;
1848 }
1849 shared_ptr<MtpPacket> mtpPacket = make_shared<MtpPacket>(context);
1850 mtpPacket->Parser();
1851 mtpPacket->ParserHead();
1852 mtpPacket->ParserPayload();
1853 mtpPacket->MakeHead();
1854 mtpPacket->MakerPayload();
1855 mtpPacket->GetOperationCode();
1856 mtpPacket->GetTransactionId();
1857 mtpPacket->GetSessionID();
1858
1859 uint16_t operationCode = FuzzUInt16(data, size);
1860 mtpPacket->IsNeedDataPhase(operationCode);
1861 mtpPacket->IsI2R(operationCode);
1862 mtpPacket->Reset();
1863 }
1864
1865 // PropertyTest start
PropertySetFormEnumTest(const uint8_t * data,size_t size)1866 static void PropertySetFormEnumTest(const uint8_t* data, size_t size)
1867 {
1868 const int32_t uInt16Count = 2;
1869 if (data == nullptr || size < sizeof(uint16_t) * uInt16Count + sizeof(int32_t)) {
1870 return;
1871 }
1872 int32_t offset = 0;
1873 uint16_t propCode = FuzzUInt16(data + offset, size);
1874 offset += sizeof(uint16_t);
1875 uint16_t propType = FuzzUInt16(data + offset, size);
1876 offset += sizeof(uint16_t);
1877 bool propWriteable = FuzzBool(data, size);
1878 int value = FuzzInt32(data + offset, size);
1879 Property property(propCode, propType, propWriteable, value);
1880
1881 property.SetFormRange(0, 0, 0);
1882 vector<int> values = FuzzVectorInt32(data, size);
1883 property.SetFormEnum(values);
1884 property.Dump();
1885
1886 property.GetPropertyCode();
1887 property.GetDataType();
1888 Property propertyTest;
1889 propertyTest.GetDataType();
1890
1891 property.SetFormDateTime();
1892 property.IsDeviceProperty();
1893 property.IsArrayType();
1894 }
1895
PropertyWriteTest(const uint8_t * data,size_t size)1896 static void PropertyWriteTest(const uint8_t* data, size_t size)
1897 {
1898 if (data == nullptr || size < sizeof(uint16_t) + sizeof(uint8_t)) {
1899 return;
1900 }
1901 int32_t offset = 0;
1902 uint16_t propCode = FuzzUInt16(data + offset, size);
1903 offset += sizeof(uint16_t);
1904 Property property(propCode, MTP_TYPE_UINT8_CODE);
1905 vector<uint8_t> buffer = FuzzVectorUInt8(data + offset, size);
1906 property.Write(buffer);
1907 size_t offsetTest = 0;
1908 property.Read(buffer, offsetTest);
1909 shared_ptr<string> str = make_shared<string>(FuzzString(data, size));
1910 property.SetDefaultValue(str);
1911 property.SetCurrentValue(str);
1912 property.GetCurrentValue();
1913 property.IsArrayType();
1914 }
1915
PropertyStringTest(const uint8_t * data,size_t size)1916 static void PropertyStringTest(const uint8_t* data, size_t size)
1917 {
1918 const int32_t uInt8Count = 4;
1919 const int32_t uInt32Count = 2;
1920 if (data == nullptr || size < sizeof(uint16_t) + sizeof(uint32_t) * uInt32Count +
1921 sizeof(uint8_t) * uInt8Count) {
1922 return;
1923 }
1924 int32_t offset = 0;
1925 uint16_t propCode = FuzzUInt16(data + offset, size);
1926 offset += sizeof(uint16_t);
1927 Property property(propCode, MTP_TYPE_AINT8_CODE);
1928 uint8_t indent = FuzzUInt8(data + offset, size);
1929 offset += sizeof(uint8_t);
1930 shared_ptr<vector<Property::Value>> values;
1931 string name = FuzzString(data, size);
1932 property.DumpValues(indent, values, name);
1933 values = make_shared<vector<Property::Value>>();
1934 indent = FuzzUInt8(data + offset, size);
1935 offset += sizeof(uint8_t);
1936 property.DumpValues(indent, values, name);
1937 indent = FuzzUInt8(data + offset, size);
1938 offset += sizeof(uint8_t);
1939 property.DumpForm(indent);
1940 property.SetFormRange(0, 0, 0);
1941 indent = FuzzUInt8(data + offset, size);
1942 offset += sizeof(uint8_t);
1943 property.DumpForm(indent);
1944
1945 shared_ptr<Property::Value> value = make_shared<Property::Value>();
1946 uint32_t valueType = FuzzUInt32(data + offset, size);
1947 offset += sizeof(uint32_t);
1948 value->Dump(valueType);
1949 valueType = FuzzUInt32(data + offset, size);
1950 string outStr = value->ToString(valueType);
1951 value->BinToString(valueType, outStr);
1952 }
1953
PropertyReadValueTest(const uint8_t * data,size_t size)1954 static void PropertyReadValueTest(const uint8_t* data, size_t size)
1955 {
1956 const int32_t uInt16Count = 2;
1957 if (data == nullptr || size < sizeof(uint16_t) * uInt16Count + sizeof(int32_t) +
1958 sizeof(uint8_t)) {
1959 return;
1960 }
1961 int32_t offset = 0;
1962 uint16_t propCode = FuzzUInt16(data + offset, size);
1963 offset += sizeof(uint16_t);
1964 uint16_t propType = FuzzUInt16(data + offset, size);
1965 offset += sizeof(uint16_t);
1966 bool propWriteable = FuzzBool(data, size);
1967 int values = FuzzInt32(data + offset, size);
1968 offset += sizeof(int32_t);
1969 Property property(propCode, propType, propWriteable, values);
1970
1971 vector<uint8_t> buffer = FuzzVectorUInt8(data + offset, size);
1972 size_t offsetTest = 0;
1973 Property::Value value;
1974 property.ReadValue(buffer, offsetTest, value);
1975 property.WriteValue(buffer, value);
1976 property.ReadValue(buffer, offsetTest, value);
1977
1978 property.ReadValueEx(buffer, offsetTest, value);
1979 property.WriteValue(buffer, value);
1980 property.WriteValueEx(buffer, value);
1981 property.ReadValueEx(buffer, offsetTest, value);
1982 }
1983
PropertyReadArrayValuesTest(const uint8_t * data,size_t size)1984 static void PropertyReadArrayValuesTest(const uint8_t* data, size_t size)
1985 {
1986 const int32_t uInt16Count = 2;
1987 const int32_t int32Count = 2;
1988 if (data == nullptr || size < sizeof(uint16_t) * uInt16Count +
1989 sizeof(int32_t) * int32Count + sizeof(uint8_t)) {
1990 return;
1991 }
1992 int32_t offset = 0;
1993 uint16_t propCode = FuzzUInt16(data + offset, size);
1994 offset += sizeof(uint16_t);
1995 uint16_t propType = FuzzUInt16(data + offset, size);
1996 offset += sizeof(uint16_t);
1997 bool propWriteable = FuzzBool(data, size);
1998 int value = FuzzInt32(data + offset, size);
1999 offset += sizeof(int32_t);
2000 Property property(propCode, propType, propWriteable, value);
2001 shared_ptr<vector<Property::Value>> values;
2002
2003 vector<uint8_t> buffer = FuzzVectorUInt8(data + offset, size);
2004 offset += sizeof(uint8_t);
2005 value = FuzzInt32(data + offset, size);
2006 MtpPacketTool::PutInt32(buffer, value);
2007 property.WriteValueData(buffer);
2008 size_t offsetTest = 0;
2009 property.ReadArrayValues(buffer, offsetTest, values);
2010
2011 Property propertyOne(propCode, propType);
2012 propertyOne.WriteValueData(buffer);
2013 propertyOne.Write(buffer);
2014 property.ReadArrayValues(buffer, offsetTest, values);
2015 }
2016
PropertyDumpValueTest(const uint8_t * data,size_t size)2017 static void PropertyDumpValueTest(const uint8_t* data, size_t size)
2018 {
2019 const int32_t uInt16Count = 2;
2020 const int32_t uInt8Count = 2;
2021 if (data == nullptr || size < sizeof(uint16_t) * uInt16Count + sizeof(int32_t) +
2022 sizeof(uint8_t) * uInt8Count + sizeof(uint32_t)) {
2023 return;
2024 }
2025 int32_t offset = 0;
2026 uint16_t propCode = FuzzUInt16(data + offset, size);
2027 offset += sizeof(uint16_t);
2028 uint16_t propType = FuzzUInt16(data + offset, size);
2029 offset += sizeof(uint16_t);
2030 bool propWriteable = FuzzBool(data, size);
2031 int value = FuzzInt32(data + offset, size);
2032 offset += sizeof(int32_t);
2033 Property property(propCode, propType, propWriteable, value);
2034
2035 uint8_t indent = FuzzUInt8(data + offset, size);
2036 offset += sizeof(uint8_t);
2037 string name = FuzzString(data, size);
2038 shared_ptr<Property::Value> valueTest;
2039 property.DumpValue(indent, valueTest, name);
2040 valueTest = make_shared<Property::Value>();
2041 uint32_t valueType = FuzzUInt32(data + offset, size);
2042 string outStr = FuzzString(data, size);
2043 valueTest->StrToString(valueType, outStr);
2044
2045 valueTest->str_ = make_shared<string>(FuzzString(data, size));
2046 valueTest->StrToString(valueType, outStr);
2047 indent = FuzzUInt8(data + offset, size);
2048 property.DumpValue(indent, valueTest, name);
2049 }
2050
PropertyWriteFormDataTest(const uint8_t * data,size_t size)2051 static void PropertyWriteFormDataTest(const uint8_t* data, size_t size)
2052 {
2053 const int32_t uInt16Count = 2;
2054 if (data == nullptr || size < sizeof(uint16_t) * uInt16Count + sizeof(int32_t) +
2055 sizeof(uint8_t) + sizeof(int32_t)) {
2056 return;
2057 }
2058 int32_t offset = 0;
2059 uint16_t propCode = FuzzUInt16(data + offset, size);
2060 offset += sizeof(uint16_t);
2061 uint16_t propType = FuzzUInt16(data + offset, size);
2062 offset += sizeof(uint16_t);
2063 bool propWriteable = FuzzBool(data, size);
2064 int value = FuzzInt32(data + offset, size);
2065 offset += sizeof(int32_t);
2066 Property property(propCode, propType, propWriteable, value);
2067
2068 property.SetFormRange(0, 0, 0);
2069 vector<uint8_t> buffer = FuzzVectorUInt8(data + offset, size);
2070 offset += sizeof(uint8_t);
2071 size_t offsetTest = 0;
2072 property.ReadFormData(buffer, offsetTest);
2073
2074 property.WriteFormData(buffer);
2075
2076 MtpPacketTool::PutInt8(buffer, offsetTest);
2077 property.ReadFormData(buffer, offsetTest);
2078
2079 vector<int> values = FuzzVectorInt32(data + offset, size);
2080 property.SetFormEnum(values);
2081 property.ReadFormData(buffer, offsetTest);
2082 property.WriteFormData(buffer);
2083 }
2084
PropertyTest(const uint8_t * data,size_t size)2085 static void PropertyTest(const uint8_t* data, size_t size)
2086 {
2087 PropertySetFormEnumTest(data, size);
2088 PropertyWriteTest(data, size);
2089 PropertyStringTest(data, size);
2090 PropertyReadValueTest(data, size);
2091 PropertyReadArrayValuesTest(data, size);
2092 PropertyDumpValueTest(data, size);
2093 PropertyWriteFormDataTest(data, size);
2094 }
2095
2096 // PayloadDataTest start
CloseSessionDataTest(const uint8_t * data,size_t size)2097 static void CloseSessionDataTest(const uint8_t* data, size_t size)
2098 {
2099 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2100 FuzzMtpOperationContext(data, size));
2101 if (context == nullptr) {
2102 MEDIA_ERR_LOG("context is nullptr");
2103 return;
2104 }
2105
2106 CloseSessionData closeSessionData(context);
2107 closeSessionData.CalculateSize();
2108
2109 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2110 int32_t readSize = buffer.size();
2111 closeSessionData.Parser(buffer, readSize);
2112
2113 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2114 closeSessionData.Maker(outBuffer);
2115 }
2116
CopyObjectDataTest(const uint8_t * data,size_t size)2117 static void CopyObjectDataTest(const uint8_t* data, size_t size)
2118 {
2119 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2120 FuzzMtpOperationContext(data, size));
2121 if (context == nullptr) {
2122 MEDIA_ERR_LOG("context is nullptr");
2123 return;
2124 }
2125
2126 CopyObjectData copyObjectData(context);
2127 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2128 int32_t readSize = buffer.size();
2129 copyObjectData.Parser(buffer, readSize);
2130 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2131 copyObjectData.Maker(outBuffer);
2132 copyObjectData.CalculateSize();
2133
2134 uint32_t objectHandle = FuzzUInt32(data, size);
2135 copyObjectData.SetObjectHandle(objectHandle);
2136
2137 copyObjectData.Parser(buffer, readSize);
2138 copyObjectData.Maker(outBuffer);
2139 copyObjectData.CalculateSize();
2140 copyObjectData.SetObjectHandle(objectHandle);
2141 }
2142
DeleteObjectDataTest(const uint8_t * data,size_t size)2143 static void DeleteObjectDataTest(const uint8_t* data, size_t size)
2144 {
2145 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2146 FuzzMtpOperationContext(data, size));
2147 if (context == nullptr) {
2148 MEDIA_ERR_LOG("context is nullptr");
2149 return;
2150 }
2151
2152 DeleteObjectData deleteObjectData(context);
2153 deleteObjectData.CalculateSize();
2154
2155 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2156 int32_t readSize = buffer.size();
2157 deleteObjectData.Parser(buffer, readSize);
2158
2159 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2160 deleteObjectData.Maker(outBuffer);
2161 }
2162
GetDeviceInfoDataTest(const uint8_t * data,size_t size)2163 static void GetDeviceInfoDataTest(const uint8_t* data, size_t size)
2164 {
2165 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2166 FuzzMtpOperationContext(data, size));
2167 if (context == nullptr) {
2168 MEDIA_ERR_LOG("context is nullptr");
2169 return;
2170 }
2171
2172 GetDeviceInfoData getDeviceInfoData(context);
2173 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2174 int32_t readSize = buffer.size();
2175 getDeviceInfoData.Parser(buffer, readSize);
2176
2177 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2178 getDeviceInfoData.Maker(outBuffer);
2179 getDeviceInfoData.CalculateSize();
2180
2181 string manufacturer = FuzzString(data, size);
2182 getDeviceInfoData.SetManufacturer(manufacturer);
2183 getDeviceInfoData.SetModel(manufacturer);
2184 getDeviceInfoData.SetVersion(manufacturer);
2185 getDeviceInfoData.SetSerialNum(manufacturer);
2186 }
2187
GetDevicePropDescDataTest(const uint8_t * data,size_t size)2188 static void GetDevicePropDescDataTest(const uint8_t* data, size_t size)
2189 {
2190 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2191 FuzzMtpOperationContext(data, size));
2192 if (context == nullptr) {
2193 MEDIA_ERR_LOG("context is nullptr");
2194 return;
2195 }
2196
2197 GetDevicePropDescData getDevicePropDescData(context);
2198 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2199 getDevicePropDescData.Maker(outBuffer);
2200 getDevicePropDescData.CalculateSize();
2201
2202 shared_ptr<Property> property = make_shared<Property>();
2203 getDevicePropDescData.SetProperty(property);
2204
2205 getDevicePropDescData.Maker(outBuffer);
2206 getDevicePropDescData.CalculateSize();
2207 }
2208
GetDevicePropValueDataTest(const uint8_t * data,size_t size)2209 static void GetDevicePropValueDataTest(const uint8_t* data, size_t size)
2210 {
2211 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2212 FuzzMtpOperationContext(data, size));
2213 if (context == nullptr) {
2214 MEDIA_ERR_LOG("context is nullptr");
2215 return;
2216 }
2217
2218 GetDevicePropValueData getDevicePropValueData(context);
2219 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2220
2221 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2222 getDevicePropValueData.Maker(outBuffer);
2223 getDevicePropValueData.CalculateSize();
2224
2225 uint16_t type = FuzzUInt16(data, size);
2226 shared_ptr<Property::Value> value = make_shared<Property::Value>();
2227 getDevicePropValueData.SetValue(type, value);
2228
2229 Property::Value writeValue;
2230 getDevicePropValueData.WriteValue(buffer, type, writeValue);
2231
2232 getDevicePropValueData.Maker(outBuffer);
2233 getDevicePropValueData.CalculateSize();
2234 }
2235
GetNumObjectsDataTest(const uint8_t * data,size_t size)2236 static void GetNumObjectsDataTest(const uint8_t* data, size_t size)
2237 {
2238 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2239 FuzzMtpOperationContext(data, size));
2240 if (context == nullptr) {
2241 MEDIA_ERR_LOG("context is nullptr");
2242 return;
2243 }
2244
2245 GetNumObjectsData getNumObjectsData(context);
2246 getNumObjectsData.GetNum();
2247 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2248 int32_t readSize = buffer.size();
2249 getNumObjectsData.Parser(buffer, readSize);
2250
2251 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2252 getNumObjectsData.Maker(outBuffer);
2253 getNumObjectsData.CalculateSize();
2254
2255 int num = FuzzInt32(data, size);
2256 getNumObjectsData.SetNum(num);
2257
2258 getNumObjectsData.GetNum();
2259 getNumObjectsData.Maker(outBuffer);
2260 getNumObjectsData.CalculateSize();
2261 }
2262
GetObjectDataTest(const uint8_t * data,size_t size)2263 static void GetObjectDataTest(const uint8_t* data, size_t size)
2264 {
2265 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2266 FuzzMtpOperationContext(data, size));
2267 if (context == nullptr) {
2268 MEDIA_ERR_LOG("context is nullptr");
2269 return;
2270 }
2271
2272 GetObjectData getObjectData(context);
2273 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2274 int32_t readSize = buffer.size();
2275 getObjectData.Parser(buffer, readSize);
2276
2277 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2278 getObjectData.Maker(outBuffer);
2279 getObjectData.CalculateSize();
2280
2281 uint32_t result = FuzzUInt32(data, size);
2282 getObjectData.SetResult(result);
2283 getObjectData.Parser(buffer, readSize);
2284 getObjectData.Maker(outBuffer);
2285 getObjectData.CalculateSize();
2286 }
2287
GetObjectHandlesDataTest(const uint8_t * data,size_t size)2288 static void GetObjectHandlesDataTest(const uint8_t* data, size_t size)
2289 {
2290 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2291 FuzzMtpOperationContext(data, size));
2292 if (context == nullptr) {
2293 MEDIA_ERR_LOG("context is nullptr");
2294 return;
2295 }
2296
2297 GetObjectHandlesData getObjectHandlesData(context);
2298 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2299 int32_t readSize = buffer.size();
2300 getObjectHandlesData.Parser(buffer, readSize);
2301
2302 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2303 getObjectHandlesData.Maker(outBuffer);
2304 getObjectHandlesData.CalculateSize();
2305 getObjectHandlesData.GetObjectHandles();
2306
2307 shared_ptr<UInt32List> objectHandles = make_shared<UInt32List>(FuzzVectorUInt32(data, size));
2308 getObjectHandlesData.SetObjectHandles(objectHandles);
2309 getObjectHandlesData.Parser(buffer, readSize);
2310 getObjectHandlesData.Maker(outBuffer);
2311 getObjectHandlesData.CalculateSize();
2312 getObjectHandlesData.GetObjectHandles();
2313 }
2314
GetObjectInfoDataTest(const uint8_t * data,size_t size)2315 static void GetObjectInfoDataTest(const uint8_t* data, size_t size)
2316 {
2317 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2318 FuzzMtpOperationContext(data, size));
2319 if (context == nullptr) {
2320 MEDIA_ERR_LOG("context is nullptr");
2321 return;
2322 }
2323
2324 GetObjectInfoData getObjectInfoData(context);
2325 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2326 int32_t readSize = buffer.size();
2327 getObjectInfoData.Parser(buffer, readSize);
2328
2329 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2330 getObjectInfoData.Maker(outBuffer);
2331 getObjectInfoData.CalculateSize();
2332 getObjectInfoData.GetObjectInfo();
2333
2334 shared_ptr<ObjectInfo> objectInfo = make_shared<ObjectInfo>(
2335 FuzzObjectInfo(data, size));
2336 getObjectInfoData.SetObjectInfo(objectInfo);
2337 getObjectInfoData.Parser(buffer, readSize);
2338 getObjectInfoData.Maker(outBuffer);
2339 getObjectInfoData.CalculateSize();
2340 getObjectInfoData.GetObjectInfo();
2341 }
2342
GetObjectPropDescDataTest(const uint8_t * data,size_t size)2343 static void GetObjectPropDescDataTest(const uint8_t* data, size_t size)
2344 {
2345 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2346 FuzzMtpOperationContext(data, size));
2347 if (context == nullptr) {
2348 MEDIA_ERR_LOG("context is nullptr");
2349 return;
2350 }
2351
2352 GetObjectPropDescData getObjectPropDescData(context);
2353 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2354 int32_t readSize = buffer.size();
2355 getObjectPropDescData.Parser(buffer, readSize);
2356
2357 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2358 getObjectPropDescData.Maker(outBuffer);
2359 getObjectPropDescData.CalculateSize();
2360 getObjectPropDescData.GetProp();
2361 getObjectPropDescData.GetPropInt();
2362 getObjectPropDescData.GetPropStr();
2363 getObjectPropDescData.GetPropForm();
2364 }
2365
GetObjectPropListDataTest(const uint8_t * data,size_t size)2366 static void GetObjectPropListDataTest(const uint8_t* data, size_t size)
2367 {
2368 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2369 FuzzMtpOperationContext(data, size));
2370 if (context == nullptr) {
2371 MEDIA_ERR_LOG("context is nullptr");
2372 return;
2373 }
2374
2375 GetObjectPropListData getObjectPropListData(context);
2376 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2377 int32_t readSize = buffer.size();
2378 getObjectPropListData.Parser(buffer, readSize);
2379
2380 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2381 getObjectPropListData.Maker(outBuffer);
2382 getObjectPropListData.CalculateSize();
2383
2384 shared_ptr<vector<Property>> props = make_shared<vector<Property>>();
2385 getObjectPropListData.SetProps(props);
2386
2387 getObjectPropListData.Parser(buffer, readSize);
2388 getObjectPropListData.Maker(outBuffer);
2389 getObjectPropListData.CalculateSize();
2390
2391 Property prop;
2392 prop.type_ = FuzzUInt16(data, size);
2393 getObjectPropListData.WriteProperty(outBuffer, prop);
2394 getObjectPropListData.WritePropertyStrValue(outBuffer, prop);
2395 getObjectPropListData.WritePropertyIntValue(outBuffer, prop);
2396 }
2397
GetObjectPropValueDataTest(const uint8_t * data,size_t size)2398 static void GetObjectPropValueDataTest(const uint8_t* data, size_t size)
2399 {
2400 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2401 FuzzMtpOperationContext(data, size));
2402 if (context == nullptr) {
2403 MEDIA_ERR_LOG("context is nullptr");
2404 return;
2405 }
2406
2407 GetObjectPropValueData getObjectPropValueData(context);
2408 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2409 int32_t readSize = buffer.size();
2410 getObjectPropValueData.Parser(buffer, readSize);
2411
2412 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2413 getObjectPropValueData.Maker(outBuffer);
2414 getObjectPropValueData.CalculateSize();
2415
2416 const int32_t uInt32Count = 4;
2417 if (data == nullptr || size < sizeof(int32_t) + sizeof(uint32_t) * uInt32Count +
2418 sizeof(uint64_t)) {
2419 return;
2420 }
2421 int32_t offset = 0;
2422 int type = FuzzInt32(data + offset, size);
2423 offset += sizeof(int32_t);
2424 uint64_t int64Value = FuzzUInt64(data + offset, size);
2425 offset += sizeof(int64_t);
2426 uint32_t valueUInt32First = FuzzUInt32(data + offset, size);
2427 offset += sizeof(uint32_t);
2428 uint32_t valueUInt32Second = FuzzUInt32(data + offset, size);
2429 offset += sizeof(uint32_t);
2430 uint32_t valueUInt32Third = FuzzUInt32(data + offset, size);
2431 offset += sizeof(uint32_t);
2432 uint32_t valueUInt32Fourth = FuzzUInt32(data + offset, size);
2433 offset += sizeof(uint32_t);
2434 uint128_t int128Value = {valueUInt32First, valueUInt32Second,
2435 valueUInt32Third, valueUInt32Fourth};
2436 string strValue = FuzzString(data, size);
2437 getObjectPropValueData.SetPropValue(type, int64Value, int128Value, strValue);
2438
2439 getObjectPropValueData.Parser(buffer, readSize);
2440 getObjectPropValueData.Maker(outBuffer);
2441 getObjectPropValueData.CalculateSize();
2442 }
2443
GetObjectPropsSupportedDataTest(const uint8_t * data,size_t size)2444 static void GetObjectPropsSupportedDataTest(const uint8_t* data, size_t size)
2445 {
2446 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2447 FuzzMtpOperationContext(data, size));
2448 if (context == nullptr) {
2449 MEDIA_ERR_LOG("context is nullptr");
2450 return;
2451 }
2452
2453 GetObjectPropsSupportedData getObjectPropsSupportedData(context);
2454 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2455 int32_t readSize = buffer.size();
2456 getObjectPropsSupportedData.Parser(buffer, readSize);
2457
2458 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2459 getObjectPropsSupportedData.Maker(outBuffer);
2460 getObjectPropsSupportedData.CalculateSize();
2461
2462 UInt16List properties = FuzzVectorUInt16(data, size);
2463 getObjectPropsSupportedData.GetObjectProps(properties);
2464
2465 getObjectPropsSupportedData.Parser(buffer, readSize);
2466 getObjectPropsSupportedData.Maker(outBuffer);
2467 getObjectPropsSupportedData.CalculateSize();
2468 }
2469
GetObjectReferencesDataTest(const uint8_t * data,size_t size)2470 static void GetObjectReferencesDataTest(const uint8_t* data, size_t size)
2471 {
2472 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2473 FuzzMtpOperationContext(data, size));
2474 if (context == nullptr) {
2475 MEDIA_ERR_LOG("context is nullptr");
2476 return;
2477 }
2478
2479 GetObjectReferencesData getObjectReferencesData(context);
2480 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2481 int32_t readSize = buffer.size();
2482 getObjectReferencesData.Parser(buffer, readSize);
2483
2484 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2485 getObjectReferencesData.Maker(outBuffer);
2486 getObjectReferencesData.CalculateSize();
2487
2488 getObjectReferencesData.GetObjectHandles();
2489
2490 shared_ptr<UInt32List> objectHandles = make_shared<UInt32List>(FuzzVectorUInt32(data, size));
2491 getObjectReferencesData.SetObjectHandles(objectHandles);
2492
2493 getObjectReferencesData.GetObjectHandles();
2494 getObjectReferencesData.Parser(buffer, readSize);
2495 getObjectReferencesData.Maker(outBuffer);
2496 getObjectReferencesData.CalculateSize();
2497 }
2498
GetPartialObjectDataTest(const uint8_t * data,size_t size)2499 static void GetPartialObjectDataTest(const uint8_t* data, size_t size)
2500 {
2501 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2502 FuzzMtpOperationContext(data, size));
2503 if (context == nullptr) {
2504 MEDIA_ERR_LOG("context is nullptr");
2505 return;
2506 }
2507
2508 GetPartialObjectData getPartialObjectData(context);
2509 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2510 int32_t readSize = buffer.size();
2511 getPartialObjectData.Parser(buffer, readSize);
2512
2513 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2514 getPartialObjectData.Maker(outBuffer);
2515 getPartialObjectData.CalculateSize();
2516
2517 uint32_t length = FuzzUInt32(data, size);
2518 getPartialObjectData.SetLength(length);
2519
2520 getPartialObjectData.Parser(buffer, readSize);
2521 getPartialObjectData.Maker(outBuffer);
2522 getPartialObjectData.CalculateSize();
2523 }
2524
GetStorageIdsDataTest(const uint8_t * data,size_t size)2525 static void GetStorageIdsDataTest(const uint8_t* data, size_t size)
2526 {
2527 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2528 FuzzMtpOperationContext(data, size));
2529 if (context == nullptr) {
2530 MEDIA_ERR_LOG("context is nullptr");
2531 return;
2532 }
2533
2534 GetStorageIdsData getStorageIdsData(context);
2535 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2536 int32_t readSize = buffer.size();
2537 getStorageIdsData.Parser(buffer, readSize);
2538
2539 vector<shared_ptr<Storage>> storages;
2540 getStorageIdsData.SetStorages(storages);
2541 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2542 getStorageIdsData.Maker(outBuffer);
2543 getStorageIdsData.CalculateSize();
2544 }
2545
GetStorageInfoDataTest(const uint8_t * data,size_t size)2546 static void GetStorageInfoDataTest(const uint8_t* data, size_t size)
2547 {
2548 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2549 FuzzMtpOperationContext(data, size));
2550 if (context == nullptr) {
2551 MEDIA_ERR_LOG("context is nullptr");
2552 return;
2553 }
2554
2555 GetStorageInfoData getStorageInfoData(context);
2556 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2557 int32_t readSize = buffer.size();
2558 getStorageInfoData.Parser(buffer, readSize);
2559
2560 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2561 getStorageInfoData.Maker(outBuffer);
2562 getStorageInfoData.CalculateSize();
2563
2564 shared_ptr<Storage> storage = make_shared<Storage>();
2565 getStorageInfoData.SetStorage(storage);
2566
2567 getStorageInfoData.Parser(buffer, readSize);
2568 getStorageInfoData.Maker(outBuffer);
2569 getStorageInfoData.CalculateSize();
2570 }
2571
GetThumbDataTest(const uint8_t * data,size_t size)2572 static void GetThumbDataTest(const uint8_t* data, size_t size)
2573 {
2574 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2575 FuzzMtpOperationContext(data, size));
2576 if (context == nullptr) {
2577 MEDIA_ERR_LOG("context is nullptr");
2578 return;
2579 }
2580
2581 GetThumbData getThumbData(context);
2582 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2583 int32_t readSize = buffer.size();
2584 getThumbData.Parser(buffer, readSize);
2585
2586 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2587 getThumbData.Maker(outBuffer);
2588 getThumbData.CalculateSize();
2589
2590 shared_ptr<UInt8List> thumb = make_shared<UInt8List>(FuzzVectorUInt8(data, size));
2591 getThumbData.SetThumb(thumb);
2592
2593 getThumbData.Parser(buffer, readSize);
2594 getThumbData.Maker(outBuffer);
2595 getThumbData.CalculateSize();
2596 }
2597
MoveObjectDataTest(const uint8_t * data,size_t size)2598 static void MoveObjectDataTest(const uint8_t* data, size_t size)
2599 {
2600 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2601 FuzzMtpOperationContext(data, size));
2602 if (context == nullptr) {
2603 MEDIA_ERR_LOG("context is nullptr");
2604 return;
2605 }
2606
2607 MoveObjectData moveObjectData(context);
2608 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2609 int32_t readSize = buffer.size();
2610 moveObjectData.Parser(buffer, readSize);
2611
2612 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2613 moveObjectData.Maker(outBuffer);
2614 moveObjectData.CalculateSize();
2615 }
2616
ObjectEventDataTest(const uint8_t * data,size_t size)2617 static void ObjectEventDataTest(const uint8_t* data, size_t size)
2618 {
2619 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2620 FuzzMtpOperationContext(data, size));
2621 if (context == nullptr) {
2622 MEDIA_ERR_LOG("context is nullptr");
2623 return;
2624 }
2625
2626 ObjectEventData objectEventData(context);
2627 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2628 int32_t readSize = buffer.size();
2629 objectEventData.Parser(buffer, readSize);
2630
2631 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2632 objectEventData.Maker(outBuffer);
2633 objectEventData.CalculateSize();
2634
2635 const int32_t payload = FuzzInt32(data, size);
2636 objectEventData.SetPayload(payload);
2637
2638 objectEventData.Parser(buffer, readSize);
2639 objectEventData.Maker(outBuffer);
2640 objectEventData.CalculateSize();
2641 }
2642
OpenSessionDataTest(const uint8_t * data,size_t size)2643 static void OpenSessionDataTest(const uint8_t* data, size_t size)
2644 {
2645 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2646 FuzzMtpOperationContext(data, size));
2647 if (context == nullptr) {
2648 MEDIA_ERR_LOG("context is nullptr");
2649 return;
2650 }
2651
2652 OpenSessionData OpenSessionData(context);
2653 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2654 int32_t readSize = buffer.size();
2655 OpenSessionData.Parser(buffer, readSize);
2656
2657 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2658 OpenSessionData.Maker(outBuffer);
2659 OpenSessionData.CalculateSize();
2660
2661 uint32_t sessionID = FuzzUInt32(data, size);
2662 OpenSessionData.SetSessionId(sessionID);
2663
2664 OpenSessionData.Parser(buffer, readSize);
2665 OpenSessionData.Maker(outBuffer);
2666 OpenSessionData.CalculateSize();
2667 }
2668
RespCommonDataTest(const uint8_t * data,size_t size)2669 static void RespCommonDataTest(const uint8_t* data, size_t size)
2670 {
2671 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2672 FuzzMtpOperationContext(data, size));
2673 if (context == nullptr) {
2674 MEDIA_ERR_LOG("context is nullptr");
2675 return;
2676 }
2677
2678 RespCommonData respCommonData(context);
2679 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2680 int32_t readSize = buffer.size();
2681 respCommonData.Parser(buffer, readSize);
2682
2683 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2684 respCommonData.Maker(outBuffer);
2685 respCommonData.CalculateSize();
2686
2687 if (data == nullptr || size < sizeof(int32_t) + sizeof(uint32_t)) {
2688 return;
2689 }
2690 int32_t offset = 0;
2691 int paramIndex = FuzzInt32(data + offset, size);
2692 offset += sizeof(int32_t);
2693 uint32_t value = FuzzUInt32(data + offset, size);
2694 respCommonData.SetParam(paramIndex, value);
2695
2696 respCommonData.Parser(buffer, readSize);
2697 respCommonData.Maker(outBuffer);
2698 respCommonData.CalculateSize();
2699 }
2700
SendObjectDataTest(const uint8_t * data,size_t size)2701 static void SendObjectDataTest(const uint8_t* data, size_t size)
2702 {
2703 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2704 FuzzMtpOperationContext(data, size));
2705 if (context == nullptr) {
2706 MEDIA_ERR_LOG("context is nullptr");
2707 return;
2708 }
2709
2710 SendObjectData sendObjectData(context);
2711 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2712 int32_t readSize = buffer.size();
2713 sendObjectData.Parser(buffer, readSize);
2714
2715 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2716 sendObjectData.Maker(outBuffer);
2717 sendObjectData.CalculateSize();
2718 }
2719
SendObjectInfoDataTest(const uint8_t * data,size_t size)2720 static void SendObjectInfoDataTest(const uint8_t* data, size_t size)
2721 {
2722 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2723 FuzzMtpOperationContext(data, size));
2724 if (context == nullptr) {
2725 MEDIA_ERR_LOG("context is nullptr");
2726 return;
2727 }
2728
2729 SendObjectInfoData sendObjectInfoData(context);
2730 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2731 int32_t readSize = buffer.size();
2732 sendObjectInfoData.Parser(buffer, readSize);
2733
2734 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2735 sendObjectInfoData.Maker(outBuffer);
2736 sendObjectInfoData.CalculateSize();
2737
2738 const int32_t uInt32Count = 3;
2739 if (data == nullptr || size < sizeof(uint32_t) * uInt32Count + sizeof(uint8_t)) {
2740 return;
2741 }
2742 int32_t offset = 0;
2743 uint32_t storageID = FuzzUInt32(data + offset, size);
2744 offset += sizeof(uint32_t);
2745 uint32_t parent = FuzzUInt32(data + offset, size);
2746 offset += sizeof(uint32_t);
2747 uint32_t handle = FuzzUInt32(data + offset, size);
2748 sendObjectInfoData.SetSetParam(storageID, parent, handle);
2749
2750 sendObjectInfoData.Parser(buffer, readSize);
2751 sendObjectInfoData.Maker(outBuffer);
2752 sendObjectInfoData.CalculateSize();
2753
2754 size_t offsetTest = 1;
2755 offset += sizeof(uint32_t);
2756 buffer.push_back(FuzzUInt8(data + offset, size));
2757 sendObjectInfoData.ParserData(buffer, offsetTest);
2758 sendObjectInfoData.ParserDataForImageInfo(buffer, offsetTest);
2759 sendObjectInfoData.ParserDataForFileInfo(buffer, offsetTest);
2760 }
2761
SetDevicePropValueDataTest(const uint8_t * data,size_t size)2762 static void SetDevicePropValueDataTest(const uint8_t* data, size_t size)
2763 {
2764 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2765 FuzzMtpOperationContext(data, size));
2766 if (context == nullptr) {
2767 MEDIA_ERR_LOG("context is nullptr");
2768 return;
2769 }
2770
2771 SetDevicePropValueData setDevicePropValueData(context);
2772 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2773 int32_t readSize = buffer.size();
2774 setDevicePropValueData.Parser(buffer, readSize);
2775
2776 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2777 setDevicePropValueData.Maker(outBuffer);
2778 setDevicePropValueData.CalculateSize();
2779 }
2780
SetObjectPropValueDataTest(const uint8_t * data,size_t size)2781 static void SetObjectPropValueDataTest(const uint8_t* data, size_t size)
2782 {
2783 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2784 FuzzMtpOperationContext(data, size));
2785 SetObjectPropValueData setObjectPropValueData(context);
2786 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2787 int32_t readSize = buffer.size();
2788 setObjectPropValueData.Parser(buffer, readSize);
2789
2790 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2791 setObjectPropValueData.Maker(outBuffer);
2792 setObjectPropValueData.CalculateSize();
2793
2794 const int32_t int32Count = 5;
2795 const int32_t int64Count = 5;
2796 if (data == nullptr || size < sizeof(int32_t) * int32Count +
2797 sizeof(int64_t) * int64Count + sizeof(uint16_t)) {
2798 return;
2799 }
2800 int32_t offset = 0;
2801 uint16_t result = FuzzUInt16(data + offset, size);
2802 offset += sizeof(uint16_t);
2803 setObjectPropValueData.SetResult(result);
2804
2805 setObjectPropValueData.Parser(buffer, readSize);
2806 setObjectPropValueData.Maker(outBuffer);
2807 setObjectPropValueData.CalculateSize();
2808
2809 size_t offsetTest = 0;
2810 int type = FuzzInt32(data + offset, size);
2811 offset += sizeof(int32_t);
2812 int64_t int64Value = FuzzInt64(data + offset, size);
2813 offset += sizeof(int64_t);
2814 setObjectPropValueData.ReadIntValue(buffer, offsetTest, type, int64Value);
2815 type = FuzzInt32(data + offset, size);
2816 offset += sizeof(int32_t);
2817 int64Value = FuzzInt64(data + offset, size);
2818 offset += sizeof(int64_t);
2819 setObjectPropValueData.ReadInt8Value(buffer, offsetTest, type, int64Value);
2820 type = FuzzInt32(data + offset, size);
2821 offset += sizeof(int32_t);
2822 int64Value = FuzzInt64(data + offset, size);
2823 offset += sizeof(int64_t);
2824 setObjectPropValueData.ReadInt16Value(buffer, offsetTest, type, int64Value);
2825 type = FuzzInt32(data + offset, size);
2826 offset += sizeof(int32_t);
2827 int64Value = FuzzInt64(data + offset, size);
2828 offset += sizeof(int64_t);
2829 setObjectPropValueData.ReadInt32Value(buffer, offsetTest, type, int64Value);
2830 type = FuzzInt32(data + offset, size);
2831 offset += sizeof(int32_t);
2832 int64Value = FuzzInt64(data + offset, size);
2833 setObjectPropValueData.ReadInt64Value(buffer, offsetTest, type, int64Value);
2834 }
2835
SetObjectReferencesDataTest(const uint8_t * data,size_t size)2836 static void SetObjectReferencesDataTest(const uint8_t* data, size_t size)
2837 {
2838 shared_ptr<MtpOperationContext> context = make_shared<MtpOperationContext>(
2839 FuzzMtpOperationContext(data, size));
2840 if (context == nullptr) {
2841 MEDIA_ERR_LOG("context is nullptr");
2842 return;
2843 }
2844
2845 SetObjectReferencesData setObjectReferencesData(context);
2846 vector<uint8_t> buffer = FuzzVectorUInt8(data, size);
2847 int32_t readSize = buffer.size();
2848 setObjectReferencesData.Parser(buffer, readSize);
2849
2850 vector<uint8_t> outBuffer = FuzzVectorUInt8(data, size);
2851 setObjectReferencesData.Maker(outBuffer);
2852 setObjectReferencesData.CalculateSize();
2853
2854 uint16_t result = FuzzUInt16(data, size);
2855 setObjectReferencesData.SetResult(result);
2856
2857 setObjectReferencesData.Parser(buffer, readSize);
2858 setObjectReferencesData.Maker(outBuffer);
2859 setObjectReferencesData.CalculateSize();
2860 }
2861
PayloadDataTest(const uint8_t * data,size_t size)2862 static void PayloadDataTest(const uint8_t* data, size_t size)
2863 {
2864 CloseSessionDataTest(data, size);
2865 CopyObjectDataTest(data, size);
2866 DeleteObjectDataTest(data, size);
2867 GetDeviceInfoDataTest(data, size);
2868 GetDevicePropDescDataTest(data, size);
2869 GetDevicePropValueDataTest(data, size);
2870 GetNumObjectsDataTest(data, size);
2871 GetObjectDataTest(data, size);
2872 GetObjectHandlesDataTest(data, size);
2873 GetObjectInfoDataTest(data, size);
2874 GetObjectPropDescDataTest(data, size);
2875 GetObjectPropListDataTest(data, size);
2876 GetObjectPropValueDataTest(data, size);
2877 GetObjectPropsSupportedDataTest(data, size);
2878 GetObjectReferencesDataTest(data, size);
2879 GetPartialObjectDataTest(data, size);
2880 GetStorageIdsDataTest(data, size);
2881 GetStorageInfoDataTest(data, size);
2882 GetThumbDataTest(data, size);
2883 MoveObjectDataTest(data, size);
2884 ObjectEventDataTest(data, size);
2885 OpenSessionDataTest(data, size);
2886 RespCommonDataTest(data, size);
2887 SendObjectDataTest(data, size);
2888 SendObjectInfoDataTest(data, size);
2889 SetDevicePropValueDataTest(data, size);
2890 SetObjectPropValueDataTest(data, size);
2891 SetObjectReferencesDataTest(data, size);
2892 }
2893 } // namespace OHOS
2894
2895 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)2896 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
2897 {
2898 /* Run your code on data */
2899 OHOS::HeaderDataTest(data, size);
2900 OHOS::MtpDataUtilsTest(data, size);
2901 OHOS::MtpDriverTest(data, size);
2902 OHOS::MtpErrorUtilsTest(data, size);
2903 OHOS::MtpManagerTest(data, size);
2904 OHOS::MtpMediaLibraryTest(data, size);
2905 OHOS::MtpMedialibraryManagerTest(data, size);
2906 OHOS::MtpOperationUtilsTest(data, size);
2907 OHOS::MtpPacketToolTest(data, size);
2908 OHOS::MtpPacketTest(data, size);
2909 OHOS::PropertyTest(data, size);
2910 OHOS::PayloadDataTest(data, size);
2911 return 0;
2912 }
2913