1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "fuzzer/FuzzedDataProvider.h"
17 #include "scanservicestub_fuzzer.h"
18 #include "scan_service_ability.h"
19
20 namespace OHOS {
21 namespace Scan {
22 constexpr uint8_t MAX_STRING_LENGTH = 255;
23 constexpr int MAX_SET_NUMBER = 100;
24 constexpr size_t FOO_MAX_LEN = 1024;
25 constexpr size_t U32_AT_SIZE = 4;
26
WriteInterfaceToken(MessageParcel & datas)27 bool WriteInterfaceToken(MessageParcel &datas)
28 {
29 if (!datas.WriteInterfaceToken(ScanServiceAbility::GetInstance()->GetDescriptor())) {
30 return false;
31 }
32 return true;
33 }
34
TestOnInitScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)35 bool TestOnInitScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
36 {
37 MessageParcel datas;
38 MessageParcel reply;
39 MessageOption option;
40 if (!WriteInterfaceToken(datas)) {
41 return false;
42 }
43 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_INIT_SCAN, datas, reply, option);
44 return true;
45 }
46
TestOnExitScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)47 bool TestOnExitScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
48 {
49 MessageParcel datas;
50 MessageParcel reply;
51 MessageOption option;
52 if (!WriteInterfaceToken(datas)) {
53 return false;
54 }
55 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_EXIT_SCAN, datas, reply, option);
56 return true;
57 }
58
TestOnGetScannerList(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)59 bool TestOnGetScannerList(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
60 {
61 MessageParcel datas;
62 MessageParcel reply;
63 MessageOption option;
64 if (!WriteInterfaceToken(datas)) {
65 return false;
66 }
67 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCANNER_LIST, datas, reply, option);
68 return true;
69 }
70
TestOnStopDiscover(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)71 bool TestOnStopDiscover(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
72 {
73 MessageParcel datas;
74 MessageParcel reply;
75 MessageOption option;
76 if (!WriteInterfaceToken(datas)) {
77 return false;
78 }
79 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_STOP_DISCOVER, datas, reply, option);
80 return true;
81 }
82
TestOnOpenScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)83 bool TestOnOpenScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
84 {
85 MessageParcel datas;
86 MessageParcel reply;
87 MessageOption option;
88 if (!WriteInterfaceToken(datas)) {
89 return false;
90 }
91 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
92 datas.WriteString(scannerId);
93 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OPEN_SCANNER, datas, reply, option);
94 return true;
95 }
96
TestOnCloseScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)97 bool TestOnCloseScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
98 {
99 MessageParcel datas;
100 MessageParcel reply;
101 MessageOption option;
102 if (!WriteInterfaceToken(datas)) {
103 return false;
104 }
105 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
106 datas.WriteString(scannerId);
107 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CLOSE_SCANNER, datas, reply, option);
108 return true;
109 }
110
TestOnGetScanOptionDesc(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)111 bool TestOnGetScanOptionDesc(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
112 {
113 MessageParcel datas;
114 MessageParcel reply;
115 MessageOption option;
116 if (!WriteInterfaceToken(datas)) {
117 return false;
118 }
119 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
120 datas.WriteString(scannerId);
121 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
122 datas.WriteInt32(optionIndex);
123 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_OPTION_DESC, datas, reply, option);
124 return true;
125 }
126
TestOnOpScanOptionValue(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)127 bool TestOnOpScanOptionValue(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
128 {
129 MessageParcel datas;
130 MessageParcel reply;
131 MessageOption option;
132 if (!WriteInterfaceToken(datas)) {
133 return false;
134 }
135 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
136 datas.WriteString(scannerId);
137 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
138 datas.WriteInt32(optionIndex);
139 ScanOptionOpType op = SCAN_ACTION_SET_VALUE;
140 datas.WriteUint32(op);
141 ScanOptionValue value;
142 value.Marshalling(datas);
143 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OP_SCAN_OPTION_VALUE, datas, reply, option);
144 return true;
145 }
146
TestOnGetScanParameters(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)147 bool TestOnGetScanParameters(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
148 {
149 MessageParcel datas;
150 MessageParcel reply;
151 MessageOption option;
152 if (!WriteInterfaceToken(datas)) {
153 return false;
154 }
155 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
156 datas.WriteString(scannerId);
157 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PARAMETERS, datas, reply, option);
158 return true;
159 }
160
TestOnStartScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)161 bool TestOnStartScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
162 {
163 MessageParcel datas;
164 MessageParcel reply;
165 MessageOption option;
166 if (!WriteInterfaceToken(datas)) {
167 return false;
168 }
169 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
170 datas.WriteString(scannerId);
171 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_START_SCAN, datas, reply, option);
172 return true;
173 }
174
TestOnGetSingleFrameFD(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)175 bool TestOnGetSingleFrameFD(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
176 {
177 MessageParcel datas;
178 MessageParcel reply;
179 MessageOption option;
180 if (!WriteInterfaceToken(datas)) {
181 return false;
182 }
183 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
184 datas.WriteString(scannerId);
185 uint32_t fd = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
186 datas.WriteFileDescriptor(fd);
187 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SINGLE_FRAME_FD, datas, reply, option);
188 return true;
189 }
190
TestOnCancelScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)191 bool TestOnCancelScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
192 {
193 MessageParcel datas;
194 MessageParcel reply;
195 MessageOption option;
196 if (!WriteInterfaceToken(datas)) {
197 return false;
198 }
199 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
200 datas.WriteString(scannerId);
201 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CANCEL_SCAN, datas, reply, option);
202 return true;
203 }
204
TestOnSetScanIOMode(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)205 bool TestOnSetScanIOMode(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
206 {
207 MessageParcel datas;
208 MessageParcel reply;
209 MessageOption option;
210 if (!WriteInterfaceToken(datas)) {
211 return false;
212 }
213 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
214 datas.WriteString(scannerId);
215 bool isNonBlocking = dataProvider->ConsumeBool();
216 datas.WriteBool(isNonBlocking);
217 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_SET_SCAN_IO_MODE, datas, reply, option);
218 return true;
219 }
220
TestOnGetScanSelectFd(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)221 bool TestOnGetScanSelectFd(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
222 {
223 MessageParcel datas;
224 MessageParcel reply;
225 MessageOption option;
226 if (!WriteInterfaceToken(datas)) {
227 return false;
228 }
229 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
230 datas.WriteString(scannerId);
231 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_SELECT_FD, datas, reply, option);
232 return true;
233 }
234
TestOnGetScannerState(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)235 bool TestOnGetScannerState(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
236 {
237 MessageParcel datas;
238 MessageParcel reply;
239 MessageOption option;
240 if (!WriteInterfaceToken(datas)) {
241 return false;
242 }
243 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCANNER_STATE, datas, reply, option);
244 return true;
245 }
246
TestOnGetScanProgress(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)247 bool TestOnGetScanProgress(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
248 {
249 MessageParcel datas;
250 MessageParcel reply;
251 MessageOption option;
252 if (!WriteInterfaceToken(datas)) {
253 return false;
254 }
255 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
256 datas.WriteString(scannerId);
257 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PROGRESS, datas, reply, option);
258 return true;
259 }
260
TestOnEventOn(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)261 bool TestOnEventOn(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
262 {
263 MessageParcel datas;
264 MessageParcel reply;
265 MessageOption option;
266 if (!WriteInterfaceToken(datas)) {
267 return false;
268 }
269 std::string taskId = "";
270 datas.WriteString(taskId);
271 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
272 datas.WriteString(type);
273 return true;
274 }
275
TestOnEventOff(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)276 bool TestOnEventOff(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
277 {
278 MessageParcel datas;
279 MessageParcel reply;
280 MessageOption option;
281 if (!WriteInterfaceToken(datas)) {
282 return false;
283 }
284 std::string taskId = "";
285 datas.WriteString(taskId);
286 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
287 datas.WriteString(type);
288 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OFF, datas, reply, option);
289 return true;
290 }
291 }
292 }
293
294 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)295 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
296 {
297 if (data == nullptr) {
298 return 0;
299 }
300
301 if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) {
302 return 0;
303 }
304 FuzzedDataProvider dataProvider(data, size);
305 OHOS::Scan::TestOnInitScan(data, size, &dataProvider);
306 OHOS::Scan::TestOnExitScan(data, size, &dataProvider);
307 OHOS::Scan::TestOnGetScannerList(data, size, &dataProvider);
308 OHOS::Scan::TestOnStopDiscover(data, size, &dataProvider);
309 OHOS::Scan::TestOnOpenScanner(data, size, &dataProvider);
310 OHOS::Scan::TestOnCloseScanner(data, size, &dataProvider);
311 OHOS::Scan::TestOnGetScanOptionDesc(data, size, &dataProvider);
312 OHOS::Scan::TestOnOpScanOptionValue(data, size, &dataProvider);
313 OHOS::Scan::TestOnGetScanParameters(data, size, &dataProvider);
314 OHOS::Scan::TestOnStartScan(data, size, &dataProvider);
315 OHOS::Scan::TestOnGetSingleFrameFD(data, size, &dataProvider);
316 OHOS::Scan::TestOnCancelScan(data, size, &dataProvider);
317 OHOS::Scan::TestOnSetScanIOMode(data, size, &dataProvider);
318 OHOS::Scan::TestOnGetScanSelectFd(data, size, &dataProvider);
319 OHOS::Scan::TestOnGetScannerState(data, size, &dataProvider);
320 OHOS::Scan::TestOnGetScanProgress(data, size, &dataProvider);
321 OHOS::Scan::TestOnEventOn(data, size, &dataProvider);
322 OHOS::Scan::TestOnEventOff(data, size, &dataProvider);
323 return 0;
324 }