• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "updateincalldatamachine_fuzzer.h"
17 
18 #define private public
19 #define protected public
20 
21 #include "adddatatoken_fuzzer.h"
22 #include "incalldatastatemachine_fuzzer.h"
23 #include <fuzzer/FuzzedDataProvider.h>
24 
25 namespace OHOS {
26 using namespace OHOS::Telephony;
27 using namespace AppExecFwk;
28 using namespace OHOS::EventFwk;
29 constexpr int32_t SLOT_NUM_MAX = 3;
30 constexpr int32_t EVENT_ID_MAX = 255;
31 bool g_flag = false;
32 
IdleStateMachineFuzz(const uint8_t * data,size_t size)33 void IdleStateMachineFuzz(const uint8_t *data, size_t size)
34 {
35     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
36     if (fuzzer == nullptr) {
37         return;
38     }
39     FuzzedDataProvider fdp(data, size);
40     int32_t slotId = fdp.ConsumeIntegralInRange<uint32_t>(0, SLOT_NUM_MAX);
41     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
42     if (machine == nullptr) {
43         return;
44     }
45     std::int32_t intValue = fdp.ConsumeIntegralInRange<uint32_t>(0, EVENT_ID_MAX);
46     machine->Init(intValue);
47     if (machine->idleState_ == nullptr) {
48         return;
49     }
50     auto idleState = static_cast<IdleState *>(machine->idleState_.GetRefPtr());
51     machine->GetCurrentState();
52     machine->CanActiveDataByRadioTech();
53     machine->IsSecondaryCanActiveData();
54     machine->IsIncallDataSwitchOn();
55     machine->GetSlotId();
56     machine->HasAnyConnectedState();
57     machine->GetCallState();
58     machine->UpdateCallState(intValue);
59     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
60     if (object == nullptr) {
61         return;
62     }
63     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
64     idleState->StateProcess(event);
65     idleState->ProcessCallStarted(event);
66     idleState->ProcessCallEnded(event);
67     idleState->ProcessSettingsOn(event);
68     idleState->ProcessDsdsChanged(event);
69 }
70 
ActivatingSecondaryStateMachineFuzz(const uint8_t * data,size_t size)71 void ActivatingSecondaryStateMachineFuzz(const uint8_t *data, size_t size)
72 {
73     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
74     if (fuzzer == nullptr) {
75         return;
76     }
77     FuzzedDataProvider fdp(data, size);
78     int32_t slotId = fdp.ConsumeIntegralInRange<uint32_t>(0, SLOT_NUM_MAX);
79     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
80     if (machine == nullptr) {
81         return;
82     }
83     std::int32_t intValue = fdp.ConsumeIntegralInRange<uint32_t>(0, EVENT_ID_MAX);
84     machine->Init(intValue);
85     if (machine->activatingSecondaryState_ == nullptr || machine->secondaryActiveState_ == nullptr) {
86         return;
87     }
88     auto activatingSecondaryState =
89         static_cast<ActivatingSecondaryState *>(machine->activatingSecondaryState_.GetRefPtr());
90     auto secondaryActiveState = static_cast<SecondaryActiveState *>(machine->secondaryActiveState_.GetRefPtr());
91     machine->TransitionTo(machine->activatingSecondaryState_);
92     machine->GetCurrentState();
93     machine->CanActiveDataByRadioTech();
94     machine->IsSecondaryCanActiveData();
95     machine->IsIncallDataSwitchOn();
96     machine->GetSlotId();
97     machine->HasAnyConnectedState();
98     machine->GetCallState();
99     machine->UpdateCallState(intValue);
100     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
101     if (object == nullptr) {
102         return;
103     }
104     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
105     activatingSecondaryState->StateProcess(event);
106     secondaryActiveState->StateProcess(event);
107     secondaryActiveState->ProcessSettingsOn(event);
108     secondaryActiveState->ProcessCallEnded(event);
109     secondaryActiveState->ProcessSettingsOff(event);
110     secondaryActiveState->ProcessDsdsChanged(event);
111 }
112 
ActivatedSecondaryStateMachineFuzz(const uint8_t * data,size_t size)113 void ActivatedSecondaryStateMachineFuzz(const uint8_t *data, size_t size)
114 {
115     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
116     if (fuzzer == nullptr) {
117         return;
118     }
119     FuzzedDataProvider fdp(data, size);
120     int32_t slotId = fdp.ConsumeIntegralInRange<uint32_t>(0, SLOT_NUM_MAX);
121     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
122     if (machine == nullptr) {
123         return;
124     }
125     std::int32_t intValue = fdp.ConsumeIntegralInRange<uint32_t>(0, EVENT_ID_MAX);
126     machine->Init(intValue);
127     if (machine->activatedSecondaryState_ == nullptr || machine->secondaryActiveState_ == nullptr) {
128         return;
129     }
130     auto activatedSecondaryState =
131         static_cast<ActivatedSecondaryState *>(machine->activatedSecondaryState_.GetRefPtr());
132     auto secondaryActiveState = static_cast<SecondaryActiveState *>(machine->secondaryActiveState_.GetRefPtr());
133     machine->TransitionTo(machine->activatingSecondaryState_);
134     machine->TransitionTo(machine->activatedSecondaryState_);
135     machine->GetCurrentState();
136     machine->CanActiveDataByRadioTech();
137     machine->IsSecondaryCanActiveData();
138     machine->IsIncallDataSwitchOn();
139     machine->GetSlotId();
140     machine->HasAnyConnectedState();
141     machine->GetCallState();
142     machine->UpdateCallState(intValue);
143     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
144     if (object == nullptr) {
145         return;
146     }
147     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
148     activatedSecondaryState->StateProcess(event);
149     secondaryActiveState->StateProcess(event);
150     secondaryActiveState->ProcessSettingsOn(event);
151     secondaryActiveState->ProcessCallEnded(event);
152     secondaryActiveState->ProcessSettingsOff(event);
153     secondaryActiveState->ProcessDsdsChanged(event);
154 }
155 
DeactivatingSecondaryStateMachineFuzz(const uint8_t * data,size_t size)156 void DeactivatingSecondaryStateMachineFuzz(const uint8_t *data, size_t size)
157 {
158     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
159     if (fuzzer == nullptr) {
160         return;
161     }
162     FuzzedDataProvider fdp(data, size);
163     int32_t slotId = fdp.ConsumeIntegralInRange<uint32_t>(0, SLOT_NUM_MAX);
164     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
165     if (machine == nullptr) {
166         return;
167     }
168     std::int32_t intValue = fdp.ConsumeIntegralInRange<uint32_t>(0, EVENT_ID_MAX);
169     machine->Init(intValue);
170     if (machine->deactivatingSecondaryState_ == nullptr || machine->idleState_ == nullptr) {
171         return;
172     }
173     auto deactivatingSecondaryState =
174         static_cast<DeactivatingSecondaryState *>(machine->deactivatingSecondaryState_.GetRefPtr());
175     auto idleState = static_cast<IdleState *>(machine->idleState_.GetRefPtr());
176     machine->TransitionTo(machine->activatingSecondaryState_);
177     machine->TransitionTo(machine->activatedSecondaryState_);
178     machine->TransitionTo(machine->deactivatingSecondaryState_);
179     machine->GetCurrentState();
180     machine->CanActiveDataByRadioTech();
181     machine->IsSecondaryCanActiveData();
182     machine->IsIncallDataSwitchOn();
183     machine->GetSlotId();
184     machine->HasAnyConnectedState();
185     machine->GetCallState();
186     machine->UpdateCallState(intValue);
187     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
188     if (object == nullptr) {
189         return;
190     }
191     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
192     deactivatingSecondaryState->StateProcess(event);
193     idleState->StateProcess(event);
194     idleState->ProcessCallStarted(event);
195     idleState->ProcessCallEnded(event);
196     idleState->ProcessSettingsOn(event);
197     idleState->ProcessDsdsChanged(event);
198 }
199 
UpdateIncallDataMachineWithMyAPI(const uint8_t * data,size_t size)200 void UpdateIncallDataMachineWithMyAPI(const uint8_t *data, size_t size)
201 {
202     if (data == nullptr || size == 0) {
203         return;
204     }
205 
206     if (!g_flag) {
207         IdleStateMachineFuzz(data, size);
208         ActivatingSecondaryStateMachineFuzz(data, size);
209         ActivatedSecondaryStateMachineFuzz(data, size);
210         DeactivatingSecondaryStateMachineFuzz(data, size);
211         g_flag = true;
212     }
213 }
214 } // namespace OHOS
215 
216 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)217 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
218 {
219     OHOS::AddDataTokenFuzzer token;
220     /* Run your code on data */
221     OHOS::UpdateIncallDataMachineWithMyAPI(data, size);
222     return 0;
223 }