1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "localsocketpair_fuzzer.h"
17
18 #include <securec.h>
19 #include "local_socketpair.h"
20 #include <message_parcel.h>
21 #include <message_option.h>
22
23
24 namespace OHOS {
25 namespace {
26 const uint8_t* g_data = nullptr;
27 size_t g_size = 0;
28 size_t g_pos;
29 constexpr int32_t SOCKET_PAIR_SIZE = 2;
30 }
31
32 /*
33 * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
34 * tips: only support basic type
35 */
36 template<class T>
GetData()37 T GetData()
38 {
39 T object {};
40 size_t objectSize = sizeof(object);
41 if (g_data == nullptr || objectSize > g_size - g_pos) {
42 return object;
43 }
44 errno_t ret = memcpy_s(&object, objectSize, g_data + g_pos, objectSize);
45 if (ret != EOK) {
46 return {};
47 }
48 g_pos += objectSize;
49 return object;
50 }
51
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)52 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
53 {
54 if (data == nullptr) {
55 return false;
56 }
57
58 // initialize
59 g_data = data;
60 g_size = size;
61 g_pos = 0;
62
63 // get data
64 size_t sendSize = GetData<size_t>();
65 size_t receiveSize = GetData<size_t>();
66 int64_t vsyncData[3];
67 vsyncData[0] = GetData<int64_t>();
68 vsyncData[1] = GetData<int64_t>();
69 vsyncData[2] = GetData<int64_t>(); // index 2
70 int32_t fd = GetData<int32_t>();
71
72 // test
73 sptr<LocalSocketPair> socketPair = new LocalSocketPair();
74 socketPair->CreateChannel(sendSize, receiveSize);
75 socketPair->GetSendDataFd();
76 socketPair->GetReceiveDataFd();
77 MessageParcel messageParcel;
78 socketPair->SendToBinder(messageParcel);
79 socketPair->ReceiveToBinder(messageParcel);
80 socketPair->SendData(vsyncData, sizeof(vsyncData));
81 socketPair->ReceiveData(vsyncData, sizeof(vsyncData));
82 socketPair->SendFdToBinder(messageParcel, fd);
83 int32_t socketPairFds[SOCKET_PAIR_SIZE] = {
84 socketPair->sendFd_,
85 socketPair->receiveFd_,
86 };
87 socketPair->SetSockopt(sendSize, receiveSize, socketPairFds, SOCKET_PAIR_SIZE);
88 socketPair->CloseFd(socketPair->sendFd_);
89 socketPair->CloseFd(socketPair->receiveFd_);
90
91 return true;
92 }
93 }
94
95 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)96 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
97 {
98 /* Run your code on data */
99 OHOS::DoSomethingInterestingWithMyAPI(data, size);
100 return 0;
101 }
102
103