1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "sharedblock_fuzzer.h"
16
17 #include <fuzzer/FuzzedDataProvider.h>
18
19 #include "ashmem.h"
20 #include "rd_statement.h"
21 #include "rdb_errno.h"
22 #include "rdb_store_config.h"
23 #include "rdb_store_impl.h"
24 #include "refbase.h"
25 #include "shared_block.h"
26
27 using namespace OHOS;
28 using namespace OHOS::NativeRdb;
29 static const size_t DEFAULT_BLOCK_SIZE = 1 * 1024 * 1024;
30 static const int MIN_BLOB_SIZE = 1;
31 static const int MAX_BLOB_SIZE = 200;
32 namespace OHOS {
33
SharedBlockPutFuzz(std::shared_ptr<AppDataFwk::SharedBlock> sharedBlock,FuzzedDataProvider & provider)34 void SharedBlockPutFuzz(std::shared_ptr<AppDataFwk::SharedBlock> sharedBlock, FuzzedDataProvider &provider)
35 {
36 {
37 uint32_t row = provider.ConsumeIntegral<int32_t>();
38 uint32_t column = provider.ConsumeIntegral<int32_t>();
39 int64_t value = provider.ConsumeIntegral<int64_t>();
40 sharedBlock->PutLong(row, column, value);
41 }
42
43 {
44 uint32_t row = provider.ConsumeIntegral<int32_t>();
45 uint32_t column = provider.ConsumeIntegral<int32_t>();
46 double value = provider.ConsumeFloatingPoint<double>();
47 sharedBlock->PutDouble(row, column, value);
48 }
49
50 {
51 uint32_t row = provider.ConsumeIntegral<int32_t>();
52 uint32_t column = provider.ConsumeIntegral<int32_t>();
53 size_t size = provider.ConsumeIntegralInRange<size_t>(MIN_BLOB_SIZE, MAX_BLOB_SIZE);
54 std::vector<uint8_t> value = provider.ConsumeBytes<uint8_t>(size);
55 sharedBlock->PutAsset(row, column, value.data(), value.size());
56 }
57
58 {
59 uint32_t row = provider.ConsumeIntegral<int32_t>();
60 uint32_t column = provider.ConsumeIntegral<int32_t>();
61 size_t size = provider.ConsumeIntegralInRange<size_t>(MIN_BLOB_SIZE, MAX_BLOB_SIZE);
62 std::vector<uint8_t> value = provider.ConsumeBytes<uint8_t>(size);
63 sharedBlock->PutAssets(row, column, value.data(), value.size());
64 }
65
66 {
67 uint32_t row = provider.ConsumeIntegral<int32_t>();
68 uint32_t column = provider.ConsumeIntegral<int32_t>();
69 float item = provider.ConsumeFloatingPoint<float>();
70 std::vector<float> value;
71 value.push_back(item);
72 sharedBlock->PutFloats(row, column, value.data(), value.size());
73 }
74
75 {
76 uint32_t row = provider.ConsumeIntegral<int32_t>();
77 uint32_t column = provider.ConsumeIntegral<int32_t>();
78 int value = provider.ConsumeIntegral<int>();
79 ValueObject bigIntItem(value);
80 std::vector<ValueObject> bigIntList;
81 bigIntList.push_back(bigIntItem);
82 sharedBlock->PutBigInt(row, column, bigIntList.data(), bigIntList.size());
83 }
84 }
85
SharedBlockFuzz(FuzzedDataProvider & provider)86 void SharedBlockFuzz(FuzzedDataProvider &provider)
87 {
88 AppDataFwk::SharedBlock *block = nullptr;
89 std::string sharedBlockName = "SharedBlockFuzzTestBlock";
90 auto errcode = AppDataFwk::SharedBlock::Create(sharedBlockName, DEFAULT_BLOCK_SIZE, block);
91 if (errcode != AppDataFwk::SharedBlock::SHARED_BLOCK_OK) {
92 return;
93 }
94 std::shared_ptr<AppDataFwk::SharedBlock> sharedBlock = std::shared_ptr<AppDataFwk::SharedBlock>(block);
95
96 // Prepare a dummy CellUnit
97 AppDataFwk::SharedBlock::CellUnit cellUnit;
98 cellUnit.type = provider.ConsumeIntegral<int32_t>(); // Arbitrary type
99 cellUnit.cell.stringOrBlobValue.offset = provider.ConsumeIntegral<uint32_t>();
100 cellUnit.cell.stringOrBlobValue.size = provider.ConsumeIntegral<uint32_t>();
101
102 uint32_t numColumns = provider.ConsumeIntegral<int32_t>();
103 sharedBlock->SetColumnNum(numColumns);
104 sharedBlock->AllocRow();
105 sharedBlock->FreeLastRow();
106
107 {
108 uint32_t row = provider.ConsumeIntegral<int32_t>();
109 uint32_t column = provider.ConsumeIntegral<int32_t>();
110 size_t blobSize = provider.ConsumeIntegralInRange<size_t>(MIN_BLOB_SIZE, MAX_BLOB_SIZE);
111 std::vector<uint8_t> blobData = provider.ConsumeBytes<uint8_t>(blobSize);
112 sharedBlock->PutBlob(row, column, blobData.data(), blobData.size());
113 }
114
115 {
116 size_t outSizeIncludingNull = 0;
117 sharedBlock->GetCellUnitValueString(&cellUnit, &outSizeIncludingNull);
118 uint32_t row = provider.ConsumeIntegral<int32_t>();
119 uint32_t column = provider.ConsumeIntegral<int32_t>();
120 std::string value = provider.ConsumeRandomLengthString();
121 size_t sizeIncludingNull = provider.ConsumeIntegral<size_t>();
122 sharedBlock->PutString(row, column, value.c_str(), sizeIncludingNull);
123 }
124 SharedBlockPutFuzz(sharedBlock, provider);
125 {
126 uint32_t row = provider.ConsumeIntegral<int32_t>();
127 uint32_t column = provider.ConsumeIntegral<int32_t>();
128 sharedBlock->PutNull(row, column);
129 }
130
131 {
132 uint32_t row = provider.ConsumeIntegral<int32_t>();
133 uint32_t column = provider.ConsumeIntegral<int32_t>();
134 sharedBlock->GetCellUnit(row, column);
135 }
136 // Fuzz GetUsedBytes
137 sharedBlock->GetUsedBytes();
138
139 // Fuzz GetCellUnitValueBlob
140 size_t blobSize = 0;
141 sharedBlock->GetCellUnitValueBlob(&cellUnit, &blobSize);
142
143 // Fuzz Size
144 sharedBlock->Size();
145
146 // Fuzz SetRawData
147 std::vector<uint8_t> remaining_data = provider.ConsumeRemainingBytes<uint8_t>();
148 sharedBlock->SetRawData(remaining_data.data(), remaining_data.size());
149 }
150 } // namespace OHOS
151
152 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)153 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
154 {
155 /* Run your code on data */
156 FuzzedDataProvider provider(data, size);
157 OHOS::SharedBlockFuzz(provider);
158 return 0;
159 }
160