1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "smseventissue_fuzzer.h"
17
18 #ifdef GTEST_API_
19 #define private public
20 #define protected public
21 #endif
22
23 #include "addsmstoken_fuzzer.h"
24 #include "delivery_short_message_callback_stub.h"
25 #include "send_short_message_callback_stub.h"
26 #include "sms_interface_manager.h"
27 #include "cdma_sms_message.h"
28
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 const std::int32_t SLOT_NUM = 2;
32 bool g_flag = false;
33
DoSentIssueTest(const uint8_t * data,size_t size,std::shared_ptr<SmsSendManager> smsSendManager)34 void DoSentIssueTest(const uint8_t *data, size_t size, std::shared_ptr<SmsSendManager> smsSendManager)
35 {
36 std::string desAddr(reinterpret_cast<const char *>(data), size);
37 std::string scAddr(reinterpret_cast<const char *>(data), size);
38 std::string text(reinterpret_cast<const char *>(data), size);
39 const sptr<ISendShortMessageCallback> sendCallback =
40 iface_cast<ISendShortMessageCallback>(new SendShortMessageCallbackStub());
41 if (sendCallback == nullptr) {
42 return;
43 }
44 const sptr<IDeliveryShortMessageCallback> deliveryCallback =
45 iface_cast<IDeliveryShortMessageCallback>(new DeliveryShortMessageCallbackStub());
46 if (deliveryCallback == nullptr) {
47 return;
48 }
49 const std::shared_ptr<SmsSendIndexer> smsSendIndexer =
50 std::make_shared<SmsSendIndexer>(desAddr, scAddr, text, sendCallback, deliveryCallback);
51 smsSendManager->gsmSmsSender_->SendMessageSucceed(smsSendIndexer);
52 smsSendManager->gsmSmsSender_->HandleMessageResponse(smsSendIndexer);
53 smsSendManager->gsmSmsSender_->SyncSwitchISmsResponse();
54
55 smsSendManager->gsmSmsSender_->SendResultCallBack(
56 smsSendIndexer, ISendShortMessageCallback::SEND_SMS_FAILURE_UNKNOWN);
57
58 smsSendManager->gsmSmsSender_->SendCacheMapTimeoutCheck();
59 int64_t id = static_cast<int16_t>(size);
60 smsSendManager->gsmSmsSender_->SendCacheMapAddItem(id, smsSendIndexer);
61 smsSendManager->gsmSmsSender_->SendCacheMapEraseItem(id);
62 uint8_t refId = static_cast<uint8_t>(size);
63 smsSendManager->gsmSmsSender_->UpdateUnSentCellCount(refId);
64
65 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
66 bool value = slotId == 0 ? true : false;
67 smsSendManager->gsmSmsSender_->SetImsSmsConfig(slotId, value);
68 smsSendManager->gsmSmsSender_->GetMsgRef8Bit();
69 smsSendManager->gsmSmsSender_->GetMsgRef64Bit();
70 smsSendManager->gsmSmsSender_->CheckForce7BitEncodeType();
71 smsSendManager->gsmSmsSender_->GetNetworkId();
72
73 smsSendManager->cdmaSmsSender_->SendMessageSucceed(smsSendIndexer);
74 smsSendManager->gsmSmsSender_->SendMessageFailed(smsSendIndexer);
75 smsSendManager->cdmaSmsSender_->SendMessageFailed(smsSendIndexer);
76 smsSendManager->gsmSmsSender_->HandleResend(smsSendIndexer);
77 smsSendManager->cdmaSmsSender_->HandleResend(smsSendIndexer);
78 smsSendManager->cdmaSmsSender_->SendMessageSucceed(nullptr);
79 smsSendManager->gsmSmsSender_->SendMessageFailed(nullptr);
80 smsSendManager->cdmaSmsSender_->SendMessageFailed(nullptr);
81 smsSendManager->gsmSmsSender_->HandleResend(nullptr);
82 smsSendManager->cdmaSmsSender_->HandleResend(nullptr);
83 }
84
DoSentIssuePartTest(const uint8_t * data,size_t size,std::shared_ptr<SmsSendManager> smsSendManager)85 void DoSentIssuePartTest(const uint8_t *data, size_t size, std::shared_ptr<SmsSendManager> smsSendManager)
86 {
87 std::int64_t erase = static_cast<int64_t>(size);
88 smsSendManager->gsmSmsSender_->SendCacheMapEraseItem(erase);
89 smsSendManager->cdmaSmsSender_->SendCacheMapEraseItem(erase);
90 CdmaSmsMessage msg;
91 std::string pdu(reinterpret_cast<const char *>(data), size);
92 msg.CreateMessage(pdu);
93 std::int32_t eventId = static_cast<int32_t>(size);
94 std::int64_t refId = static_cast<int64_t>(size);
95 AppExecFwk::InnerEvent::Pointer response = AppExecFwk::InnerEvent::Get(eventId, refId);
96 smsSendManager->gsmSmsSender_->FindCacheMapAndTransform(response);
97 smsSendManager->cdmaSmsSender_->FindCacheMapAndTransform(response);
98
99 std::int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
100 std::int32_t enable = static_cast<int32_t>(size % SLOT_NUM);
101 smsSendManager->gsmSmsSender_->SetImsSmsConfig(slotId, enable);
102 smsSendManager->cdmaSmsSender_->SetImsSmsConfig(slotId, enable);
103
104 bool isImsNetDomain = slotId == 1 ? true : false;
105 std::int32_t voiceServiceState = static_cast<int32_t>(size);
106 smsSendManager->gsmSmsSender_->SetNetworkState(isImsNetDomain, voiceServiceState);
107 smsSendManager->cdmaSmsSender_->SetNetworkState(isImsNetDomain, voiceServiceState);
108
109 smsSendManager->gsmSmsSender_->SendCacheMapTimeoutCheck();
110 smsSendManager->cdmaSmsSender_->SendCacheMapTimeoutCheck();
111 }
112
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)113 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
114 {
115 if (data == nullptr || size == 0) {
116 return;
117 }
118
119 if (g_flag) {
120 return;
121 }
122 g_flag = true;
123
124 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
125 auto smsInterfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
126 if (smsInterfaceManager == nullptr) {
127 return;
128 }
129
130 smsInterfaceManager->InitInterfaceManager();
131 auto smsSendManager = std::make_shared<SmsSendManager>(slotId);
132 if (smsSendManager == nullptr) {
133 return;
134 }
135 smsSendManager->Init();
136 smsSendManager->InitNetworkHandle();
137 if (smsSendManager->gsmSmsSender_ == nullptr || smsSendManager->cdmaSmsSender_ == nullptr) {
138 return;
139 }
140
141 std::int32_t eventId = static_cast<int32_t>(size);
142 std::int64_t refId = static_cast<int64_t>(size);
143
144 AppExecFwk::InnerEvent::Pointer response = AppExecFwk::InnerEvent::Get(eventId, refId);
145 smsSendManager->gsmSmsSender_->ProcessEvent(response);
146 smsSendManager->cdmaSmsSender_->ProcessEvent(response);
147
148 DoSentIssueTest(data, size, smsSendManager);
149 DoSentIssuePartTest(data, size, smsSendManager);
150 }
151 } // namespace OHOS
152
153 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)154 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
155 {
156 /* Run your code on data */
157 OHOS::AddSmsTokenFuzzer token;
158 OHOS::DoSomethingInterestingWithMyAPI(data, size);
159 return 0;
160 }
161