1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "backupsaappendbundlesincrementalbackupsession_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <cstring>
21 #include <climits>
22 #include <fuzzer/FuzzedDataProvider.h>
23 #include <vector>
24
25 #include "message_parcel.h"
26 #include "sandbox_helper.h"
27 #include "service.h"
28 #include "service_proxy.h"
29 #include "service_reverse.h"
30 #include "service_stub.h"
31 #include "securec.h"
32 #include "system_ability.h"
33
34 using namespace std;
35 using namespace OHOS::FileManagement::Backup;
36
37 namespace OHOS {
38 constexpr int32_t SERVICE_ID = 5203;
39
GetBundleNamesData(const uint8_t * data,size_t size,vector<BIncrementalData> & bundleNames)40 void GetBundleNamesData(const uint8_t *data, size_t size, vector<BIncrementalData> &bundleNames)
41 {
42 int minLen = sizeof(int64_t) + sizeof(int) + sizeof(int32_t);
43 if (size < minLen + 1) {
44 return;
45 }
46 FuzzedDataProvider fdp(data, size);
47 uint8_t loop = fdp.ConsumeIntegral<uint8_t>();
48 size--;
49 if (loop == 0 || (minLen * loop) > size) {
50 return;
51 }
52 int blob = (size / loop);
53 int len = (blob - minLen) >> 1;
54 for (size_t i = 0, pos = 1; i < loop; i++, pos += blob) {
55 int64_t nTime = fdp.ConsumeIntegral<int64_t>();
56 int fd = fdp.ConsumeIntegral<int>();
57 int32_t priority = fdp.ConsumeIntegral<int32_t>();
58 string name(reinterpret_cast<const char*>(data + pos + minLen), len);
59 string parameters(reinterpret_cast<const char*>(data + pos + len + minLen), len);
60 BIncrementalData incrementaData(name, nTime, fd, parameters, priority);
61 bundleNames.push_back(incrementaData);
62 }
63 }
64
65 template <typename T>
WriteParcelableVector(const std::vector<T> & parcelableVector,Parcel & data)66 void WriteParcelableVector(const std::vector<T> &parcelableVector, Parcel &data)
67 {
68 if (!data.WriteUint32(parcelableVector.size())) {
69 return;
70 }
71
72 for (const auto &parcelable : parcelableVector) {
73 if (!data.WriteParcelable(&parcelable)) {
74 return;
75 }
76 }
77
78 return;
79 }
80
CmdAppendBundlesIncrementalBackupSessionFuzzTest(const uint8_t * data,size_t size)81 bool CmdAppendBundlesIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size)
82 {
83 MessageParcel datas;
84 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
85 if (size >= sizeof(int32_t)) {
86 vector<BIncrementalData> bundleNames;
87 GetBundleNamesData(data, size, bundleNames);
88 WriteParcelableVector(bundleNames, datas);
89 }
90 datas.RewindRead(0);
91 MessageParcel reply;
92 MessageOption option;
93
94 sptr service(new Service(SERVICE_ID));
95 uint32_t code = static_cast<uint32_t>(
96 IServiceIpcCode::COMMAND_APPEND_BUNDLES_INCREMENTAL_BACKUP_SESSION);
97 service->OnRemoteRequest(code, datas, reply, option);
98 return true;
99 }
100 } // namespace OHOS
101
102 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)103 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
104 {
105 try {
106 OHOS::CmdAppendBundlesIncrementalBackupSessionFuzzTest(data, size);
107 } catch (OHOS::FileManagement::Backup::BError &err) {
108 HILOGE("BackupSaFuzzTest error");
109 } catch (...) {
110 HILOGE("BackupSaFuzzTest exception");
111 }
112 return 0;
113 }