• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <cstddef>
17 #include <cstdint>
18 #include <unistd.h>
19 
20 #include "UsbSubscriberTest.h"
21 #include "hdf_log.h"
22 #include "usbasynctransfer_fuzzer.h"
23 #include "v1_2/iusb_interface.h"
24 
25 using namespace OHOS::HDI::Usb::V1_2;
26 using OHOS::HDI::Usb::V1_2::UsbDev;
27 using namespace OHOS::USB;
28 
29 namespace OHOS {
30 constexpr int32_t ASHMEM_MAX_SIZE = 1024;
31 constexpr int32_t BITS_PER_BYTE = 8;
32 constexpr int32_t ASYNC_TRANSFER_TIME_OUT = 1000;
33 constexpr int32_t LIBUSB_TRANSFER_TYPE_BULK = 2;
34 constexpr int32_t NUM_THREE = 3;
35 constexpr int32_t NUM_TWO = 2;
36 constexpr int32_t NUM_ONE = 1;
37 
Convert2Uint32(const uint8_t * ptr)38 uint32_t Convert2Uint32(const uint8_t *ptr)
39 {
40     if (ptr == nullptr) {
41         return 0;
42     }
43     /*
44      * Move the 0th digit 24 to the left, the first digit 16 to the left, the second digit 8 to the left,
45      * and the third digit no left
46      */
47     return (ptr[0] << BITS_PER_BYTE * NUM_THREE) | (ptr[NUM_ONE] << BITS_PER_BYTE * NUM_TWO) |
48         (ptr[NUM_TWO] << BITS_PER_BYTE) | (ptr[NUM_THREE]);
49 }
50 
InitAshmemOne(sptr<Ashmem> & asmptr,int32_t asmSize,uint8_t rflg)51 int32_t InitAshmemOne(sptr<Ashmem> &asmptr, int32_t asmSize, uint8_t rflg)
52 {
53     asmptr = Ashmem::CreateAshmem("ttashmem000", asmSize);
54     if (asmptr == nullptr) {
55         HDF_LOGE("InitAshmemOne CreateAshmem failed");
56         return HDF_FAILURE;
57     }
58 
59     asmptr->MapReadAndWriteAshmem();
60 
61     if (rflg == 0) {
62         uint8_t tdata[ASHMEM_MAX_SIZE];
63         int32_t offset = 0;
64         int32_t tlen = 0;
65 
66         int32_t retSafe = memset_s(tdata, sizeof(tdata), 'Y', ASHMEM_MAX_SIZE);
67         if (retSafe != EOK) {
68             HDF_LOGE("InitAshmemOne memset_s failed");
69             return HDF_FAILURE;
70         }
71         while (offset < asmSize) {
72             tlen = (asmSize - offset) < ASHMEM_MAX_SIZE ? (asmSize - offset) : ASHMEM_MAX_SIZE;
73             asmptr->WriteToAshmem(tdata, tlen, offset);
74             offset += tlen;
75         }
76     }
77     return HDF_SUCCESS;
78 }
79 
DoSomethingInterestingWithMyAPI(const uint8_t * rawData,size_t size)80 bool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size)
81 {
82     if (rawData == nullptr) {
83         return false;
84     }
85     uint32_t asmSize = Convert2Uint32(rawData);
86     sptr<OHOS::HDI::Usb::V1_2::IUsbInterface> usbInterface = OHOS::HDI::Usb::V1_2::IUsbInterface::Get(false);
87     if (usbInterface == nullptr) {
88         HDF_LOGE("%{public}s:IUsbInterface::Get() failed.", __func__);
89         return false;
90     }
91     sptr<UsbSubscriberTest> subscriber = new UsbSubscriberTest();
92     int32_t ret = usbInterface->BindUsbdSubscriber(subscriber);
93     if (ret != HDF_SUCCESS) {
94         HDF_LOGE("%{public}s: bind usbd subscriber failed", __func__);
95         return ret;
96     }
97     sleep(1);
98     UsbDev dev;
99     dev.busNum = subscriber->busNum_;
100     dev.devAddr = subscriber->devAddr_;
101     ret = usbInterface->OpenDevice(dev);
102     if (ret != HDF_SUCCESS) {
103         HDF_LOGE("%{public}s: open device failed", __func__);
104         return ret;
105     }
106     USBTransferInfo usbInfo_;
107     usbInfo_.endpoint = 0x1;
108     usbInfo_.flags = 0;
109     usbInfo_.type = LIBUSB_TRANSFER_TYPE_BULK;
110     usbInfo_.timeOut = ASYNC_TRANSFER_TIME_OUT;
111     usbInfo_.userData = 0;
112     usbInfo_.numIsoPackets = 0;
113     usbInfo_.length = 0;
114     sptr<Ashmem> ashmPtr;
115     (void)InitAshmemOne(ashmPtr, asmSize, 0);
116     usbInterface->UsbSubmitTransfer(dev, usbInfo_, nullptr, ashmPtr);
117 
118     return true;
119 }
120 } // namespace OHOS
121 
122 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)123 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
124 {
125     /* Run your code on data */
126     OHOS::DoSomethingInterestingWithMyAPI(data, size);
127     return 0;
128 }
129