1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "formdbcacheannex_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #define protected public
23 #include "data_center/database/form_db_cache.h"
24 #undef private
25 #undef protected
26 #include "securec.h"
27
28 using namespace OHOS::AppExecFwk;
29
30 namespace OHOS {
31 constexpr size_t U32_AT_SIZE = 4;
32 constexpr uint8_t ENABLE = 2;
GetU32Data(const char * ptr)33 uint32_t GetU32Data(const char* ptr)
34 {
35 // convert fuzz input data to an integer
36 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
37 }
DoSomethingInterestingWithMyAPI(const char * data,size_t size)38 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
39 {
40 FormDbCache formDbCache;
41 int64_t formId = static_cast<int64_t>(GetU32Data(data));
42 FormRecord record;
43 formDbCache.GetDBRecord(formId, record);
44 FormDBInfo records;
45 formDbCache.GetDBRecord(formId, records);
46 formDbCache.UpdateDBRecord(formId, record);
47 int uid = static_cast<int>(GetU32Data(data));
48 std::set<int64_t> formNums;
49 formNums.insert(formId);
50 std::string bundleName(data, size);
51 std::string abilityName(data, size);
52 FormIdKey formIdKey(bundleName, abilityName);
53 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
54 noHostFormDBList.emplace(formIdKey, formNums);
55 std::map<int64_t, bool> foundFormsMap;
56 bool flag = *data % ENABLE;
57 foundFormsMap.emplace(formId, flag);
58 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
59 std::string moduleName(data, size);
60 formDbCache.GetMatchCount(bundleName, moduleName);
61 int32_t userId = static_cast<int32_t>(GetU32Data(data));
62 formDbCache.DeleteDBFormsByUserId(userId);
63 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
64 std::set<int64_t> matchedFormIds;
65 matchedFormIds.insert(formId);
66 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
67 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
68 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
69 return true;
70 }
71
DoSomethingInterestingWithMyAPI1(const char * data,size_t size)72 bool DoSomethingInterestingWithMyAPI1(const char* data, size_t size)
73 {
74 FormDbCache formDbCache;
75 int64_t formId = static_cast<int64_t>(GetU32Data(data));
76 FormRecord record;
77 formDbCache.GetDBRecord(formId, record);
78 FormDBInfo records;
79 formDbCache.GetDBRecord(formId, records);
80 formDbCache.UpdateDBRecord(formId, record);
81 int uid = static_cast<int>(GetU32Data(data));
82 std::set<int64_t> formNums;
83 formNums.insert(formId);
84 std::string bundleName(data, size);
85 std::string abilityName(data, size);
86 FormIdKey formIdKey(bundleName, abilityName);
87 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
88 noHostFormDBList.emplace(formIdKey, formNums);
89 std::map<int64_t, bool> foundFormsMap;
90 bool flag = *data % ENABLE;
91 foundFormsMap.emplace(formId, flag);
92 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
93 std::string moduleName(data, size);
94 formDbCache.GetMatchCount(bundleName, moduleName);
95 int32_t userId = static_cast<int32_t>(GetU32Data(data));
96 formDbCache.DeleteDBFormsByUserId(userId);
97 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
98 std::set<int64_t> matchedFormIds;
99 matchedFormIds.insert(formId);
100 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
101 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
102 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
103 return true;
104 }
105
DoSomethingInterestingWithMyAPI2(const char * data,size_t size)106 bool DoSomethingInterestingWithMyAPI2(const char* data, size_t size)
107 {
108 FormDbCache formDbCache;
109 int64_t formId = static_cast<int64_t>(GetU32Data(data));
110 FormRecord record;
111 formDbCache.GetDBRecord(formId, record);
112 FormDBInfo records;
113 formDbCache.GetDBRecord(formId, records);
114 formDbCache.UpdateDBRecord(formId, record);
115 int uid = static_cast<int>(GetU32Data(data));
116 std::set<int64_t> formNums;
117 formNums.insert(formId);
118 std::string bundleName(data, size);
119 std::string abilityName(data, size);
120 FormIdKey formIdKey(bundleName, abilityName);
121 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
122 noHostFormDBList.emplace(formIdKey, formNums);
123 std::map<int64_t, bool> foundFormsMap;
124 bool flag = *data % ENABLE;
125 foundFormsMap.emplace(formId, flag);
126 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
127 std::string moduleName(data, size);
128 formDbCache.GetMatchCount(bundleName, moduleName);
129 int32_t userId = static_cast<int32_t>(GetU32Data(data));
130 formDbCache.DeleteDBFormsByUserId(userId);
131 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
132 std::set<int64_t> matchedFormIds;
133 matchedFormIds.insert(formId);
134 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
135 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
136 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
137 return true;
138 }
139
DoSomethingInterestingWithMyAPI3(const char * data,size_t size)140 bool DoSomethingInterestingWithMyAPI3(const char* data, size_t size)
141 {
142 FormDbCache formDbCache;
143 int64_t formId = static_cast<int64_t>(GetU32Data(data));
144 FormRecord record;
145 formDbCache.GetDBRecord(formId, record);
146 FormDBInfo records;
147 formDbCache.GetDBRecord(formId, records);
148 formDbCache.UpdateDBRecord(formId, record);
149 int uid = static_cast<int>(GetU32Data(data));
150 std::set<int64_t> formNums;
151 formNums.insert(formId);
152 std::string bundleName(data, size);
153 std::string abilityName(data, size);
154 FormIdKey formIdKey(bundleName, abilityName);
155 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
156 noHostFormDBList.emplace(formIdKey, formNums);
157 std::map<int64_t, bool> foundFormsMap;
158 bool flag = *data % ENABLE;
159 foundFormsMap.emplace(formId, flag);
160 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
161 std::string moduleName(data, size);
162 formDbCache.GetMatchCount(bundleName, moduleName);
163 int32_t userId = static_cast<int32_t>(GetU32Data(data));
164 formDbCache.DeleteDBFormsByUserId(userId);
165 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
166 std::set<int64_t> matchedFormIds;
167 matchedFormIds.insert(formId);
168 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
169 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
170 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
171 return true;
172 }
173
DoSomethingInterestingWithMyAPI4(const char * data,size_t size)174 bool DoSomethingInterestingWithMyAPI4(const char* data, size_t size)
175 {
176 FormDbCache formDbCache;
177 int64_t formId = static_cast<int64_t>(GetU32Data(data));
178 FormRecord record;
179 formDbCache.GetDBRecord(formId, record);
180 FormDBInfo records;
181 formDbCache.GetDBRecord(formId, records);
182 formDbCache.UpdateDBRecord(formId, record);
183 int uid = static_cast<int>(GetU32Data(data));
184 std::set<int64_t> formNums;
185 formNums.insert(formId);
186 std::string bundleName(data, size);
187 std::string abilityName(data, size);
188 FormIdKey formIdKey(bundleName, abilityName);
189 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
190 noHostFormDBList.emplace(formIdKey, formNums);
191 std::map<int64_t, bool> foundFormsMap;
192 bool flag = *data % ENABLE;
193 foundFormsMap.emplace(formId, flag);
194 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
195 std::string moduleName(data, size);
196 formDbCache.GetMatchCount(bundleName, moduleName);
197 int32_t userId = static_cast<int32_t>(GetU32Data(data));
198 formDbCache.DeleteDBFormsByUserId(userId);
199 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
200 std::set<int64_t> matchedFormIds;
201 matchedFormIds.insert(formId);
202 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
203 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
204 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
205 return true;
206 }
207
DoSomethingInterestingWithMyAPI5(const char * data,size_t size)208 bool DoSomethingInterestingWithMyAPI5(const char* data, size_t size)
209 {
210 FormDbCache formDbCache;
211 int64_t formId = static_cast<int64_t>(GetU32Data(data));
212 FormRecord record;
213 formDbCache.GetDBRecord(formId, record);
214 FormDBInfo records;
215 formDbCache.GetDBRecord(formId, records);
216 formDbCache.UpdateDBRecord(formId, record);
217 int uid = static_cast<int>(GetU32Data(data));
218 std::set<int64_t> formNums;
219 formNums.insert(formId);
220 std::string bundleName(data, size);
221 std::string abilityName(data, size);
222 FormIdKey formIdKey(bundleName, abilityName);
223 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
224 noHostFormDBList.emplace(formIdKey, formNums);
225 std::map<int64_t, bool> foundFormsMap;
226 bool flag = *data % ENABLE;
227 foundFormsMap.emplace(formId, flag);
228 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
229 std::string moduleName(data, size);
230 formDbCache.GetMatchCount(bundleName, moduleName);
231 int32_t userId = static_cast<int32_t>(GetU32Data(data));
232 formDbCache.DeleteDBFormsByUserId(userId);
233 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
234 std::set<int64_t> matchedFormIds;
235 matchedFormIds.insert(formId);
236 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
237 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
238 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
239 return true;
240 }
241
DoSomethingInterestingWithMyAPI6(const char * data,size_t size)242 bool DoSomethingInterestingWithMyAPI6(const char* data, size_t size)
243 {
244 FormDbCache formDbCache;
245 int64_t formId = static_cast<int64_t>(GetU32Data(data));
246 FormRecord record;
247 formDbCache.GetDBRecord(formId, record);
248 FormDBInfo records;
249 formDbCache.GetDBRecord(formId, records);
250 formDbCache.UpdateDBRecord(formId, record);
251 int uid = static_cast<int>(GetU32Data(data));
252 std::set<int64_t> formNums;
253 formNums.insert(formId);
254 std::string bundleName(data, size);
255 std::string abilityName(data, size);
256 FormIdKey formIdKey(bundleName, abilityName);
257 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
258 noHostFormDBList.emplace(formIdKey, formNums);
259 std::map<int64_t, bool> foundFormsMap;
260 bool flag = *data % ENABLE;
261 foundFormsMap.emplace(formId, flag);
262 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
263 std::string moduleName(data, size);
264 formDbCache.GetMatchCount(bundleName, moduleName);
265 int32_t userId = static_cast<int32_t>(GetU32Data(data));
266 formDbCache.DeleteDBFormsByUserId(userId);
267 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
268 std::set<int64_t> matchedFormIds;
269 matchedFormIds.insert(formId);
270 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
271 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
272 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
273 return true;
274 }
275
DoSomethingInterestingWithMyAPI7(const char * data,size_t size)276 bool DoSomethingInterestingWithMyAPI7(const char* data, size_t size)
277 {
278 FormDbCache formDbCache;
279 int64_t formId = static_cast<int64_t>(GetU32Data(data));
280 FormRecord record;
281 formDbCache.GetDBRecord(formId, record);
282 FormDBInfo records;
283 formDbCache.GetDBRecord(formId, records);
284 formDbCache.UpdateDBRecord(formId, record);
285 int uid = static_cast<int>(GetU32Data(data));
286 std::set<int64_t> formNums;
287 formNums.insert(formId);
288 std::string bundleName(data, size);
289 std::string abilityName(data, size);
290 FormIdKey formIdKey(bundleName, abilityName);
291 std::map<FormIdKey, std::set<int64_t>> noHostFormDBList;
292 noHostFormDBList.emplace(formIdKey, formNums);
293 std::map<int64_t, bool> foundFormsMap;
294 bool flag = *data % ENABLE;
295 foundFormsMap.emplace(formId, flag);
296 formDbCache.GetNoHostDBForms(uid, noHostFormDBList, foundFormsMap);
297 std::string moduleName(data, size);
298 formDbCache.GetMatchCount(bundleName, moduleName);
299 int32_t userId = static_cast<int32_t>(GetU32Data(data));
300 formDbCache.DeleteDBFormsByUserId(userId);
301 int32_t callingUid = static_cast<int32_t>(GetU32Data(data));
302 std::set<int64_t> matchedFormIds;
303 matchedFormIds.insert(formId);
304 formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostFormDBList, foundFormsMap);
305 formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostFormDBList, foundFormsMap);
306 formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
307 return true;
308 }
309 }
310
311 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)312 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
313 {
314 /* Run your code on data */
315 if (data == nullptr) {
316 return 0;
317 }
318
319 if (size < OHOS::U32_AT_SIZE) {
320 return 0;
321 }
322
323 char* ch = static_cast<char*>(malloc(size + 1));
324 if (ch == nullptr) {
325 return 0;
326 }
327
328 (void)memset_s(ch, size + 1, 0x00, size + 1);
329 if (memcpy_s(ch, size + 1, data, size) != EOK) {
330 free(ch);
331 ch = nullptr;
332 return 0;
333 }
334
335 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
336 free(ch);
337 ch = nullptr;
338 return 0;
339 }
340
341