1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <functional>
17 #include "fuzzer/FuzzedDataProvider.h"
18 #include "ohscan.h"
19 #include "scancapi_fuzzer.h"
20
21
22 namespace OHOS {
23 namespace Scan {
24 constexpr uint8_t MAX_STRING_LENGTH = 255;
25 constexpr int MAX_SET_NUMBER = 100;
26 constexpr size_t FOO_MAX_LEN = 1024;
27 constexpr size_t U32_AT_SIZE = 4;
28
OHScanInitFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)29 void OHScanInitFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
30 {
31 OH_Scan_Init();
32 }
33
DiscoveryCallBack(Scan_ScannerDevice ** devices,int32_t deviceCount)34 void DiscoveryCallBack(Scan_ScannerDevice** devices, int32_t deviceCount) {}
35
OHScanStartScannerDiscoveryFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)36 void OHScanStartScannerDiscoveryFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
37 {
38 OH_Scan_StartScannerDiscovery(DiscoveryCallBack);
39 }
40
OHScanOpenScannerFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)41 void OHScanOpenScannerFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
42 {
43 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
44 OH_Scan_OpenScanner(scannerId.c_str());
45 }
46
OHScanCloseScannerFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)47 void OHScanCloseScannerFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
48 {
49 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
50 OH_Scan_CloseScanner(scannerId.c_str());
51 }
52
OHScanGetScannerParameterFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)53 void OHScanGetScannerParameterFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
54 {
55 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
56 int32_t errorCode = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
57 OH_Scan_GetScannerParameter(scannerId.c_str(), &errorCode);
58 }
59
OHScanSetScannerParameterFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)60 void OHScanSetScannerParameterFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
61 {
62 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
63 int32_t option = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
64 std::string value = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
65 OH_Scan_SetScannerParameter(scannerId.c_str(), option, value.c_str());
66 }
67
OHScanStartScanFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)68 void OHScanStartScanFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
69 {
70 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
71 bool batchMode = dataProvider->ConsumeBool();
72 OH_Scan_StartScan(scannerId.c_str(), batchMode);
73 }
74
OHScanCancelScanFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)75 void OHScanCancelScanFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
76 {
77 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
78 OH_Scan_CancelScan(scannerId.c_str());
79 }
80
OHScanGetScanPictureProgressFuzzTest(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)81 void OHScanGetScanPictureProgressFuzzTest(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
82 {
83 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
84 Scan_PictureScanProgress progress;
85 progress.progress = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
86 progress.fd = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
87 progress.isFinal = dataProvider->ConsumeBool();
88 OH_Scan_GetPictureScanProgress(scannerId.c_str(), &progress);
89 }
90
91 }
92 }
93
94 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)95 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
96 {
97 if (data == nullptr) {
98 return 0;
99 }
100
101 if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) {
102 return 0;
103 }
104 FuzzedDataProvider dataProvider(data, size);
105 OHOS::Scan::OHScanInitFuzzTest(data, size, &dataProvider);
106 OHOS::Scan::OHScanStartScannerDiscoveryFuzzTest(data, size, &dataProvider);
107 OHOS::Scan::OHScanOpenScannerFuzzTest(data, size, &dataProvider);
108 OHOS::Scan::OHScanCloseScannerFuzzTest(data, size, &dataProvider);
109 OHOS::Scan::OHScanGetScannerParameterFuzzTest(data, size, &dataProvider);
110 OHOS::Scan::OHScanSetScannerParameterFuzzTest(data, size, &dataProvider);
111 OHOS::Scan::OHScanStartScanFuzzTest(data, size, &dataProvider);
112 OHOS::Scan::OHScanCancelScanFuzzTest(data, size, &dataProvider);
113 OHOS::Scan::OHScanGetScanPictureProgressFuzzTest(data, size, &dataProvider);
114 return 0;
115 }
116
117