• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "valuebucket_fuzzer.h"
17 
18 #include <fuzzer/FuzzedDataProvider.h>
19 
20 #include "grd_api_manager.h"
21 #include "oh_value_object.h"
22 #include "oh_values_bucket.h"
23 #include "rdb_errno.h"
24 #include "relational_store.h"
25 #include "relational_store_error_code.h"
26 #include "relational_store_impl.h"
27 
28 
29 using namespace OHOS::NativeRdb;
30 using namespace OHOS::RdbNdk;
31 
putTextFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)32 void putTextFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
33 {
34     std::string field = provider.ConsumeRandomLengthString();
35     std::string value = provider.ConsumeRandomLengthString();
36     valueBucket->putText(valueBucket, field.c_str(), value.c_str());
37 }
38 
putInt64FuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)39 void putInt64FuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
40 {
41     std::string field = provider.ConsumeRandomLengthString();
42     int64_t value = provider.ConsumeIntegral<int64_t>();
43     valueBucket->putInt64(valueBucket, field.c_str(), value);
44 }
45 
putRealFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)46 void putRealFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
47 {
48     std::string field = provider.ConsumeRandomLengthString();
49     double value = static_cast<double>(provider.ConsumeFloatingPoint<float>());
50     valueBucket->putReal(valueBucket, field.c_str(), value);
51 }
52 
putBlobFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)53 void putBlobFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
54 {
55     std::string field = provider.ConsumeRandomLengthString();
56     const int minBlobSize = 1;
57     const int maxBlobSize = 50;
58     size_t blobSize = provider.ConsumeIntegralInRange<size_t>(minBlobSize, maxBlobSize);
59     std::vector<uint8_t> value = provider.ConsumeBytes<uint8_t>(blobSize);
60     valueBucket->putBlob(valueBucket, field.c_str(), value.data(), value.size());
61 }
62 
putNullFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)63 void putNullFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
64 {
65     std::string field = provider.ConsumeRandomLengthString();
66     valueBucket->putNull(valueBucket, field.c_str());
67 }
68 
putAssetFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)69 void putAssetFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
70 {
71     std::string field = provider.ConsumeRandomLengthString();
72     Data_Asset *asset = OH_Data_Asset_CreateOne();
73     if (asset == nullptr) {
74         return;
75     }
76     int64_t value = provider.ConsumeIntegral<int64_t>();
77     OH_Data_Asset_SetCreateTime(asset, value);
78     OH_VBucket_PutAsset(valueBucket, field.c_str(), asset);
79     OH_Data_Asset_DestroyOne(asset); // Destroy the asset
80 }
81 
putAssetsFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)82 void putAssetsFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
83 {
84     std::string field = provider.ConsumeRandomLengthString();
85     const int minCount = 1;
86     const int maxCount = 50;
87     size_t count = provider.ConsumeIntegralInRange<size_t>(minCount, maxCount);
88     Data_Asset **assets = OH_Data_Asset_CreateMultiple(count);
89     if (assets == nullptr) {
90         return;
91     }
92     for (size_t i = 0; i < count; i++) {
93         int64_t value = provider.ConsumeIntegral<int64_t>();
94         OH_Data_Asset_SetCreateTime(assets[i], value);
95     }
96     OH_VBucket_PutAssets(valueBucket, field.c_str(), assets, count);
97     OH_Data_Asset_DestroyMultiple(assets, count); // Free the array of pointers
98 }
99 
putFloatVectorFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)100 void putFloatVectorFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
101 {
102     std::string field = provider.ConsumeRandomLengthString();
103     const int minLen = 1;
104     const int maxLen = 50;
105     size_t len = provider.ConsumeIntegralInRange<size_t>(minLen, maxLen);
106     std::vector<float> vec(len);
107     for (size_t i = 0; i < len; i++) {
108         vec[i] = provider.ConsumeFloatingPoint<float>();
109     }
110     OH_VBucket_PutFloatVector(valueBucket, field.c_str(), vec.data(), len);
111 }
112 
putUnlimitedIntFuzzTest(FuzzedDataProvider & provider,OH_VBucket * valueBucket)113 void putUnlimitedIntFuzzTest(FuzzedDataProvider &provider, OH_VBucket *valueBucket)
114 {
115     std::string field = provider.ConsumeRandomLengthString();
116     const int minSign = 0;
117     const int maxSign = 1;
118     int sign = provider.ConsumeIntegralInRange<int>(minSign, maxSign);
119     const int minLen = 1;
120     const int maxLen = 50;
121     size_t len = provider.ConsumeIntegralInRange<size_t>(minLen, maxLen);
122     std::vector<uint64_t> trueForm(len);
123     for (size_t i = 0; i < len; i++) {
124         trueForm[i] = provider.ConsumeIntegral<uint64_t>();
125     }
126     OH_VBucket_PutUnlimitedInt(valueBucket, field.c_str(), sign, trueForm.data(), len);
127 }
128 
ValueBucketFuzzTest(FuzzedDataProvider & provider)129 void ValueBucketFuzzTest(FuzzedDataProvider &provider)
130 {
131     OH_VBucket *valueBucket = OH_Rdb_CreateValuesBucket();
132     if (valueBucket == nullptr) {
133         return;
134     }
135 
136     // Test putText
137     putTextFuzzTest(provider, valueBucket);
138 
139     // Test putInt64
140     putInt64FuzzTest(provider, valueBucket);
141 
142     // Test putReal
143     putRealFuzzTest(provider, valueBucket);
144 
145     // Test putBlob
146     putBlobFuzzTest(provider, valueBucket);
147 
148     // Test putNull
149     putNullFuzzTest(provider, valueBucket);
150 
151     // Test putAsset
152     putAssetFuzzTest(provider, valueBucket);
153 
154     // Test putAssets
155     putAssetsFuzzTest(provider, valueBucket);
156 
157     // Test putFloatVector
158     putFloatVectorFuzzTest(provider, valueBucket);
159 
160     // Test putUnlimitedInt
161     putUnlimitedIntFuzzTest(provider, valueBucket);
162 
163     // Test clear
164     valueBucket->clear(valueBucket);
165 
166     // Destroy valueBucket
167     valueBucket->destroy(valueBucket);
168 }
169 
170 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)171 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
172 {
173     // Run your code on data
174     FuzzedDataProvider provider(data, size);
175     ValueBucketFuzzTest(provider);
176     return 0;
177 }