• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "smseventissue_fuzzer.h"
17 
18 #define private public
19 #define protected public
20 
21 #include "addsmstoken_fuzzer.h"
22 #include "delivery_short_message_callback_stub.h"
23 #include "send_short_message_callback_stub.h"
24 #include "sms_interface_manager.h"
25 
26 using namespace OHOS::Telephony;
27 namespace OHOS {
28 const std::int32_t SLOT_NUM = 2;
29 bool g_flag = false;
30 
DoSentIssueTest(const uint8_t * data,size_t size,std::shared_ptr<SmsSendManager> smsSendManager)31 void DoSentIssueTest(const uint8_t *data, size_t size, std::shared_ptr<SmsSendManager> smsSendManager)
32 {
33     std::string desAddr(reinterpret_cast<const char *>(data), size);
34     std::string scAddr(reinterpret_cast<const char *>(data), size);
35     std::string text(reinterpret_cast<const char *>(data), size);
36     const sptr<ISendShortMessageCallback> sendCallback =
37         iface_cast<ISendShortMessageCallback>(new SendShortMessageCallbackStub());
38     if (sendCallback == nullptr) {
39         return;
40     }
41     const sptr<IDeliveryShortMessageCallback> deliveryCallback =
42         iface_cast<IDeliveryShortMessageCallback>(new DeliveryShortMessageCallbackStub());
43     if (deliveryCallback == nullptr) {
44         return;
45     }
46     const std::shared_ptr<SmsSendIndexer> smsSendIndexer =
47         std::make_shared<SmsSendIndexer>(desAddr, scAddr, text, sendCallback, deliveryCallback);
48     smsSendManager->gsmSmsSender_->SendMessageSucceed(smsSendIndexer);
49     smsSendManager->gsmSmsSender_->HandleMessageResponse(smsSendIndexer);
50     smsSendManager->gsmSmsSender_->SyncSwitchISmsResponse();
51 
52     smsSendManager->gsmSmsSender_->SendResultCallBack(
53         smsSendIndexer, ISendShortMessageCallback::SEND_SMS_FAILURE_UNKNOWN);
54 
55     smsSendManager->gsmSmsSender_->SendCacheMapTimeoutCheck();
56     int64_t id = static_cast<int16_t>(size);
57     smsSendManager->gsmSmsSender_->SendCacheMapAddItem(id, smsSendIndexer);
58     smsSendManager->gsmSmsSender_->SendCacheMapEraseItem(id);
59     uint8_t refId = static_cast<uint8_t>(size);
60     smsSendManager->gsmSmsSender_->UpdateUnSentCellCount(refId);
61 
62     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
63     bool value = slotId == 0 ? true : false;
64     smsSendManager->gsmSmsSender_->SetImsSmsConfig(slotId, value);
65     smsSendManager->gsmSmsSender_->GetMsgRef8Bit();
66     smsSendManager->gsmSmsSender_->GetMsgRef64Bit();
67     smsSendManager->gsmSmsSender_->CheckForce7BitEncodeType();
68     smsSendManager->gsmSmsSender_->GetNetworkId();
69 
70     smsSendManager->cdmaSmsSender_->SendMessageSucceed(smsSendIndexer);
71     smsSendManager->gsmSmsSender_->SendMessageFailed(smsSendIndexer);
72     smsSendManager->cdmaSmsSender_->SendMessageFailed(smsSendIndexer);
73     smsSendManager->gsmSmsSender_->HandleResend(smsSendIndexer);
74     smsSendManager->cdmaSmsSender_->HandleResend(smsSendIndexer);
75     smsSendManager->cdmaSmsSender_->SendMessageSucceed(nullptr);
76     smsSendManager->gsmSmsSender_->SendMessageFailed(nullptr);
77     smsSendManager->cdmaSmsSender_->SendMessageFailed(nullptr);
78     smsSendManager->gsmSmsSender_->HandleResend(nullptr);
79     smsSendManager->cdmaSmsSender_->HandleResend(nullptr);
80 }
81 
DoSentIssuePartTest(const uint8_t * data,size_t size,std::shared_ptr<SmsSendManager> smsSendManager)82 void DoSentIssuePartTest(const uint8_t *data, size_t size, std::shared_ptr<SmsSendManager> smsSendManager)
83 {
84     std::int64_t erase = static_cast<int64_t>(size);
85     smsSendManager->gsmSmsSender_->SendCacheMapEraseItem(erase);
86     smsSendManager->cdmaSmsSender_->SendCacheMapEraseItem(erase);
87 
88     std::int32_t eventId = static_cast<int32_t>(size);
89     std::int64_t refId = static_cast<int64_t>(size);
90     AppExecFwk::InnerEvent::Pointer response = AppExecFwk::InnerEvent::Get(eventId, refId);
91     smsSendManager->gsmSmsSender_->FindCacheMapAndTransform(response);
92     smsSendManager->cdmaSmsSender_->FindCacheMapAndTransform(response);
93 
94     std::int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
95     std::int32_t enable = static_cast<int32_t>(size % SLOT_NUM);
96     smsSendManager->gsmSmsSender_->SetImsSmsConfig(slotId, enable);
97     smsSendManager->cdmaSmsSender_->SetImsSmsConfig(slotId, enable);
98 
99     bool isImsNetDomain = slotId == 1 ? true : false;
100     std::int32_t voiceServiceState = static_cast<int32_t>(size);
101     smsSendManager->gsmSmsSender_->SetNetworkState(isImsNetDomain, voiceServiceState);
102     smsSendManager->cdmaSmsSender_->SetNetworkState(isImsNetDomain, voiceServiceState);
103 
104     smsSendManager->gsmSmsSender_->SendCacheMapTimeoutCheck();
105     smsSendManager->cdmaSmsSender_->SendCacheMapTimeoutCheck();
106 }
107 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)108 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
109 {
110     if (data == nullptr || size == 0) {
111         return;
112     }
113 
114     if (g_flag) {
115         return;
116     }
117     g_flag = true;
118 
119     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
120     auto smsInterfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
121     if (smsInterfaceManager == nullptr) {
122         return;
123     }
124 
125     smsInterfaceManager->InitInterfaceManager();
126     auto smsSendManager = std::make_shared<SmsSendManager>(slotId);
127     if (smsSendManager == nullptr) {
128         return;
129     }
130     smsSendManager->Init();
131     if (smsSendManager->gsmSmsSender_ == nullptr || smsSendManager->cdmaSmsSender_ == nullptr) {
132         return;
133     }
134 
135     std::int32_t eventId = static_cast<int32_t>(size);
136     std::int64_t refId = static_cast<int64_t>(size);
137 
138     AppExecFwk::InnerEvent::Pointer response = AppExecFwk::InnerEvent::Get(eventId, refId);
139     smsSendManager->gsmSmsSender_->ProcessEvent(response);
140     smsSendManager->cdmaSmsSender_->ProcessEvent(response);
141 
142     DoSentIssueTest(data, size, smsSendManager);
143     DoSentIssuePartTest(data, size, smsSendManager);
144 }
145 } // namespace OHOS
146 
147 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)148 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
149 {
150     /* Run your code on data */
151     OHOS::AddSmsTokenFuzzer token;
152     OHOS::DoSomethingInterestingWithMyAPI(data, size);
153     return 0;
154 }
155