1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "formhostclient_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #define protected public
23 #include "form_host_client.h"
24 #undef private
25 #undef protected
26 #include "securec.h"
27
28 using namespace OHOS::AppExecFwk;
29
30 namespace OHOS {
31 constexpr size_t U32_AT_SIZE = 4;
GetU32Data(const char * ptr)32 uint32_t GetU32Data(const char* ptr)
33 {
34 // convert fuzz input data to an integer
35 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
36 }
DoSomethingInterestingWithMyAPI(const char * data,size_t size)37 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
38 {
39 FormHostClient formHostClient;
40 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
41 int64_t formId = 1;
42 FormJsInfo formJsInfo;
43 formHostClient.AddForm(formCallback, formJsInfo);
44 formHostClient.RemoveForm(formCallback, formId);
45 formHostClient.ContainsForm(formId);
46 FormHostClient::UninstallCallback callback = nullptr;
47 formHostClient.RegisterUninstallCallback(callback);
48 sptr<IRemoteObject> token = nullptr;
49 formHostClient.OnAcquired(formJsInfo, token);
50 formHostClient.OnUpdate(formJsInfo);
51 std::vector<int64_t> formIds;
52 formIds.emplace_back(formId);
53 formHostClient.OnUninstall(formIds);
54 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
55 int64_t requestCode = 1;
56 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
57 int32_t result = static_cast<int32_t>(GetU32Data(data));
58 formHostClient.OnShareFormResponse(requestCode, result);
59 formHostClient.RemoveShareFormCallback(requestCode);
60 formHostClient.UpdateForm(formJsInfo);
61 return formHostClient.GetInstance() == nullptr;
62 }
63
DoSomethingInterestingWithMyAPI1(const char * data,size_t size)64 bool DoSomethingInterestingWithMyAPI1(const char* data, size_t size)
65 {
66 FormHostClient formHostClient;
67 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
68 int64_t formId = 1;
69 FormJsInfo formJsInfo;
70 formHostClient.AddForm(formCallback, formJsInfo);
71 formHostClient.RemoveForm(formCallback, formId);
72 formHostClient.ContainsForm(formId);
73 FormHostClient::UninstallCallback callback = nullptr;
74 formHostClient.RegisterUninstallCallback(callback);
75 sptr<IRemoteObject> token = nullptr;
76 formHostClient.OnAcquired(formJsInfo, token);
77 formHostClient.OnUpdate(formJsInfo);
78 std::vector<int64_t> formIds;
79 formIds.emplace_back(formId);
80 formHostClient.OnUninstall(formIds);
81 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
82 int64_t requestCode = 1;
83 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
84 int32_t result = static_cast<int32_t>(GetU32Data(data));
85 formHostClient.OnShareFormResponse(requestCode, result);
86 formHostClient.RemoveShareFormCallback(requestCode);
87 formHostClient.UpdateForm(formJsInfo);
88 return formHostClient.GetInstance() == nullptr;
89 }
90
DoSomethingInterestingWithMyAPI2(const char * data,size_t size)91 bool DoSomethingInterestingWithMyAPI2(const char* data, size_t size)
92 {
93 FormHostClient formHostClient;
94 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
95 int64_t formId = 1;
96 FormJsInfo formJsInfo;
97 formHostClient.AddForm(formCallback, formJsInfo);
98 formHostClient.RemoveForm(formCallback, formId);
99 formHostClient.ContainsForm(formId);
100 FormHostClient::UninstallCallback callback = nullptr;
101 formHostClient.RegisterUninstallCallback(callback);
102 sptr<IRemoteObject> token = nullptr;
103 formHostClient.OnAcquired(formJsInfo, token);
104 formHostClient.OnUpdate(formJsInfo);
105 std::vector<int64_t> formIds;
106 formIds.emplace_back(formId);
107 formHostClient.OnUninstall(formIds);
108 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
109 int64_t requestCode = 1;
110 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
111 int32_t result = static_cast<int32_t>(GetU32Data(data));
112 formHostClient.OnShareFormResponse(requestCode, result);
113 formHostClient.RemoveShareFormCallback(requestCode);
114 formHostClient.UpdateForm(formJsInfo);
115 return formHostClient.GetInstance() == nullptr;
116 }
117
DoSomethingInterestingWithMyAPI3(const char * data,size_t size)118 bool DoSomethingInterestingWithMyAPI3(const char* data, size_t size)
119 {
120 FormHostClient formHostClient;
121 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
122 int64_t formId = 1;
123 FormJsInfo formJsInfo;
124 formHostClient.AddForm(formCallback, formJsInfo);
125 formHostClient.RemoveForm(formCallback, formId);
126 formHostClient.ContainsForm(formId);
127 FormHostClient::UninstallCallback callback = nullptr;
128 formHostClient.RegisterUninstallCallback(callback);
129 sptr<IRemoteObject> token = nullptr;
130 formHostClient.OnAcquired(formJsInfo, token);
131 formHostClient.OnUpdate(formJsInfo);
132 std::vector<int64_t> formIds;
133 formIds.emplace_back(formId);
134 formHostClient.OnUninstall(formIds);
135 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
136 int64_t requestCode = 1;
137 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
138 int32_t result = static_cast<int32_t>(GetU32Data(data));
139 formHostClient.OnShareFormResponse(requestCode, result);
140 formHostClient.RemoveShareFormCallback(requestCode);
141 formHostClient.UpdateForm(formJsInfo);
142 return formHostClient.GetInstance() == nullptr;
143 }
144
DoSomethingInterestingWithMyAPI4(const char * data,size_t size)145 bool DoSomethingInterestingWithMyAPI4(const char* data, size_t size)
146 {
147 FormHostClient formHostClient;
148 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
149 int64_t formId = 1;
150 FormJsInfo formJsInfo;
151 formHostClient.AddForm(formCallback, formJsInfo);
152 formHostClient.RemoveForm(formCallback, formId);
153 formHostClient.ContainsForm(formId);
154 FormHostClient::UninstallCallback callback = nullptr;
155 formHostClient.RegisterUninstallCallback(callback);
156 sptr<IRemoteObject> token = nullptr;
157 formHostClient.OnAcquired(formJsInfo, token);
158 formHostClient.OnUpdate(formJsInfo);
159 std::vector<int64_t> formIds;
160 formIds.emplace_back(formId);
161 formHostClient.OnUninstall(formIds);
162 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
163 int64_t requestCode = 1;
164 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
165 int32_t result = static_cast<int32_t>(GetU32Data(data));
166 formHostClient.OnShareFormResponse(requestCode, result);
167 formHostClient.RemoveShareFormCallback(requestCode);
168 formHostClient.UpdateForm(formJsInfo);
169 return formHostClient.GetInstance() == nullptr;
170 }
171
DoSomethingInterestingWithMyAPI5(const char * data,size_t size)172 bool DoSomethingInterestingWithMyAPI5(const char* data, size_t size)
173 {
174 FormHostClient formHostClient;
175 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
176 int64_t formId = 1;
177 FormJsInfo formJsInfo;
178 formHostClient.AddForm(formCallback, formJsInfo);
179 formHostClient.RemoveForm(formCallback, formId);
180 formHostClient.ContainsForm(formId);
181 FormHostClient::UninstallCallback callback = nullptr;
182 formHostClient.RegisterUninstallCallback(callback);
183 sptr<IRemoteObject> token = nullptr;
184 formHostClient.OnAcquired(formJsInfo, token);
185 formHostClient.OnUpdate(formJsInfo);
186 std::vector<int64_t> formIds;
187 formIds.emplace_back(formId);
188 formHostClient.OnUninstall(formIds);
189 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
190 int64_t requestCode = 1;
191 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
192 int32_t result = static_cast<int32_t>(GetU32Data(data));
193 formHostClient.OnShareFormResponse(requestCode, result);
194 formHostClient.RemoveShareFormCallback(requestCode);
195 formHostClient.UpdateForm(formJsInfo);
196 return formHostClient.GetInstance() == nullptr;
197 }
198
DoSomethingInterestingWithMyAPI6(const char * data,size_t size)199 bool DoSomethingInterestingWithMyAPI6(const char* data, size_t size)
200 {
201 FormHostClient formHostClient;
202 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
203 int64_t formId = 1;
204 FormJsInfo formJsInfo;
205 formHostClient.AddForm(formCallback, formJsInfo);
206 formHostClient.RemoveForm(formCallback, formId);
207 formHostClient.ContainsForm(formId);
208 FormHostClient::UninstallCallback callback = nullptr;
209 formHostClient.RegisterUninstallCallback(callback);
210 sptr<IRemoteObject> token = nullptr;
211 formHostClient.OnAcquired(formJsInfo, token);
212 formHostClient.OnUpdate(formJsInfo);
213 std::vector<int64_t> formIds;
214 formIds.emplace_back(formId);
215 formHostClient.OnUninstall(formIds);
216 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
217 int64_t requestCode = 1;
218 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
219 int32_t result = static_cast<int32_t>(GetU32Data(data));
220 formHostClient.OnShareFormResponse(requestCode, result);
221 formHostClient.RemoveShareFormCallback(requestCode);
222 formHostClient.UpdateForm(formJsInfo);
223 return formHostClient.GetInstance() == nullptr;
224 }
225
DoSomethingInterestingWithMyAPI7(const char * data,size_t size)226 bool DoSomethingInterestingWithMyAPI7(const char* data, size_t size)
227 {
228 FormHostClient formHostClient;
229 std::shared_ptr<FormCallbackInterface> formCallback = nullptr;
230 int64_t formId = 1;
231 FormJsInfo formJsInfo;
232 formHostClient.AddForm(formCallback, formJsInfo);
233 formHostClient.RemoveForm(formCallback, formId);
234 formHostClient.ContainsForm(formId);
235 FormHostClient::UninstallCallback callback = nullptr;
236 formHostClient.RegisterUninstallCallback(callback);
237 sptr<IRemoteObject> token = nullptr;
238 formHostClient.OnAcquired(formJsInfo, token);
239 formHostClient.OnUpdate(formJsInfo);
240 std::vector<int64_t> formIds;
241 formIds.emplace_back(formId);
242 formHostClient.OnUninstall(formIds);
243 std::shared_ptr<ShareFormCallBack> shareFormCallback = nullptr;
244 int64_t requestCode = 1;
245 formHostClient.AddShareFormCallback(shareFormCallback, requestCode);
246 int32_t result = static_cast<int32_t>(GetU32Data(data));
247 formHostClient.OnShareFormResponse(requestCode, result);
248 formHostClient.RemoveShareFormCallback(requestCode);
249 formHostClient.UpdateForm(formJsInfo);
250 return formHostClient.GetInstance() == nullptr;
251 }
252 }
253
254 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)255 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
256 {
257 /* Run your code on data */
258 if (data == nullptr) {
259 return 0;
260 }
261
262 if (size < OHOS::U32_AT_SIZE) {
263 return 0;
264 }
265
266 char* ch = static_cast<char*>(malloc(size + 1));
267 if (ch == nullptr) {
268 return 0;
269 }
270
271 (void)memset_s(ch, size + 1, 0x00, size + 1);
272 if (memcpy_s(ch, size + 1, data, size) != EOK) {
273 free(ch);
274 ch = nullptr;
275 return 0;
276 }
277
278 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
279 free(ch);
280 ch = nullptr;
281 return 0;
282 }
283
284