1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "wappushbuffer_fuzzer.h"
17
18 #define private public
19
20 #include "addsmstoken_fuzzer.h"
21 #include "sms_wap_push_handler.h"
22
23 using namespace OHOS::Telephony;
24 namespace OHOS {
25 static int32_t SIM_COUNT = 2;
26
WapPushBuffer(const uint8_t * data,size_t size)27 void WapPushBuffer(const uint8_t *data, size_t size)
28 {
29 int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
30 std::string strValue(reinterpret_cast<const char *>(data), size);
31 std::unique_ptr<SmsWapPushHandler> smsWapPushHandler = std::make_unique<SmsWapPushHandler>(slotId);
32 auto indexer = std::make_shared<SmsReceiveIndexer>();
33 smsWapPushHandler->DecodeWapPushPdu(indexer, strValue);
34
35 auto decodeBuffer = std::make_shared<SmsWapPushBuffer>();
36 if (decodeBuffer == nullptr) {
37 return;
38 }
39 uint32_t desLen = static_cast<uint32_t>(size);
40 decodeBuffer->ReadDataBuffer(desLen);
41
42 std::unique_ptr<char[]> inBuff = std::make_unique<char[]>(desLen);
43 decodeBuffer->WriteDataBuffer(std::move(inBuff), desLen);
44 decodeBuffer->GetCurPosition();
45 decodeBuffer->GetSize();
46
47 uint8_t uint8tValue;
48 decodeBuffer->PeekOneByte(uint8tValue);
49 decodeBuffer->IncreasePointer(desLen);
50 decodeBuffer->DecreasePointer(desLen);
51 decodeBuffer->DecodeUintvar(desLen, desLen);
52
53 decodeBuffer->DecodeShortLength(uint8tValue);
54 decodeBuffer->DecodeValueLength(desLen);
55 decodeBuffer->CharIsToken(uint8tValue);
56 decodeBuffer->DecodeTokenText(strValue, desLen);
57 decodeBuffer->DecodeText(strValue, desLen);
58
59 decodeBuffer->DecodeQuotedText(strValue, desLen);
60 decodeBuffer->DecodeShortInteger(uint8tValue);
61
62 uint64_t uint64tValue;
63 decodeBuffer->DecodeLongInteger(uint64tValue);
64 decodeBuffer->DecodeInteger(uint64tValue);
65
66 decodeBuffer->DecodeIsShortInt();
67 decodeBuffer->DecodeIsString();
68 decodeBuffer->DecodeIsValueLength();
69 decodeBuffer->DecodeExtensionMedia();
70 decodeBuffer->DecodeConstrainedEncoding();
71
72 bool isNoValue = slotId == 0 ? true : false;
73 decodeBuffer->DecodeTextValue(strValue, isNoValue);
74 decodeBuffer->DecodeNoValue(isNoValue);
75 decodeBuffer->MarkPosition();
76 decodeBuffer->UnMarkPosition();
77 }
78
DoWapPushBufferWithMyAPI(const uint8_t * data,size_t size)79 void DoWapPushBufferWithMyAPI(const uint8_t *data, size_t size)
80 {
81 if (data == nullptr || size == 0) {
82 return;
83 }
84
85 WapPushBuffer(data, size);
86 }
87 } // namespace OHOS
88
89 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)90 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
91 {
92 /* Run your code on data */
93 OHOS::AddSmsTokenFuzzer token;
94 OHOS::DoWapPushBufferWithMyAPI(data, size);
95 return 0;
96 }
97