diff --git a/test/fuzztest/dschedallconnectmanager_fuzzer/dschedallconnectmanager_fuzzer.cpp b/test/fuzztest/dschedallconnectmanager_fuzzer/dschedallconnectmanager_fuzzer.cpp index a1548b33..be8af0ee 100644 --- a/test/fuzztest/dschedallconnectmanager_fuzzer/dschedallconnectmanager_fuzzer.cpp +++ b/test/fuzztest/dschedallconnectmanager_fuzzer/dschedallconnectmanager_fuzzer.cpp @@ -20,38 +20,114 @@ namespace OHOS { namespace DistributedSchedule { +namespace { +constexpr uint32_t MIN_SIZE = 38; +constexpr uint32_t UINT32_T_OFFSET = 4; +constexpr uint32_t ENUM_OFFSET = 4; +constexpr uint32_t BOOL_OFFSET = 1; +constexpr uint32_t INT32_T_OFFSET = 4; +constexpr uint32_t CHAR_PONTER_OFFSET = 4; +} + void FuzzApplyAdvanceResource(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(uint32_t))) { + if ((data == nullptr) || (size < MIN_SIZE)) { return; } - const std::string peerNetworkId(reinterpret_cast(data), size); ServiceCollaborationManager_ResourceRequestInfoSets reqInfoSets; + reqInfoSets.remoteHardwareListSize = *(reinterpret_cast(data)); - reqInfoSets.localHardwareListSize = *(reinterpret_cast(data)); + + ServiceCollaborationManager_HardwareRequestInfo remoteHardwareListTemp; + uint32_t offset = UINT32_T_OFFSET; + remoteHardwareListTemp.hardWareType = + *(reinterpret_cast(data + offset)); + offset += ENUM_OFFSET; + remoteHardwareListTemp.canShare = *(reinterpret_cast(data + offset)); + offset += BOOL_OFFSET; + reqInfoSets.remoteHardwareList = &remoteHardwareListTemp; + + reqInfoSets.localHardwareListSize = *(reinterpret_cast(data + offset)); + offset += UINT32_T_OFFSET; + + ServiceCollaborationManager_HardwareRequestInfo localHardwareListTemp; + localHardwareListTemp.hardWareType = + *(reinterpret_cast(data + offset)); + offset += ENUM_OFFSET; + localHardwareListTemp.canShare = *(reinterpret_cast(data + offset)); + offset += BOOL_OFFSET; + reqInfoSets.localHardwareList = &localHardwareListTemp; + + ServiceCollaborationManager_CommunicationRequestInfo communicationRequestTemp; + communicationRequestTemp.minBandwidth = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.maxLatency = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.minLatency = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.maxWaitTime = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.dataType = reinterpret_cast(data + offset); + offset += CHAR_PONTER_OFFSET; + reqInfoSets.communicationRequest = &communicationRequestTemp; + + const std::string peerNetworkId(reinterpret_cast(data + offset), size - MIN_SIZE); DSchedAllConnectManager::GetInstance().ApplyAdvanceResource(peerNetworkId, reqInfoSets); } void FuzzGetResourceRequest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(uint32_t))) { + if ((data == nullptr) || (size < MIN_SIZE)) { return; } ServiceCollaborationManager_ResourceRequestInfoSets reqInfoSets; + reqInfoSets.remoteHardwareListSize = *(reinterpret_cast(data)); - reqInfoSets.localHardwareListSize = *(reinterpret_cast(data)); + + ServiceCollaborationManager_HardwareRequestInfo remoteHardwareListTemp; + uint32_t offset = UINT32_T_OFFSET; + remoteHardwareListTemp.hardWareType = + *(reinterpret_cast(data + offset)); + offset += ENUM_OFFSET; + remoteHardwareListTemp.canShare = *(reinterpret_cast(data + offset)); + offset += BOOL_OFFSET; + reqInfoSets.remoteHardwareList = &remoteHardwareListTemp; + + reqInfoSets.localHardwareListSize = *(reinterpret_cast(data + offset)); + offset += UINT32_T_OFFSET; + + ServiceCollaborationManager_HardwareRequestInfo localHardwareListTemp; + localHardwareListTemp.hardWareType = + *(reinterpret_cast(data + offset)); + offset += ENUM_OFFSET; + localHardwareListTemp.canShare = *(reinterpret_cast(data + offset)); + offset += BOOL_OFFSET; + reqInfoSets.localHardwareList = &localHardwareListTemp; + + ServiceCollaborationManager_CommunicationRequestInfo communicationRequestTemp; + communicationRequestTemp.minBandwidth = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.maxLatency = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.minLatency = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.maxWaitTime = *(reinterpret_cast(data + offset)); + offset += INT32_T_OFFSET; + communicationRequestTemp.dataType = reinterpret_cast(data + offset); + reqInfoSets.communicationRequest = &communicationRequestTemp; DSchedAllConnectManager::GetInstance().GetResourceRequest(reqInfoSets); } void FuzzPublishServiceState(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(uint32_t))) { + if ((data == nullptr) || (size < sizeof(size_t))) { return; } const std::string peerNetworkId(reinterpret_cast(data), size); const std::string extraInfo(reinterpret_cast(data), size); + uint8_t* temp = const_cast(data); ServiceCollaborationManagerBussinessStatus state = - *(reinterpret_cast(data)); + *(reinterpret_cast(temp)); DSchedAllConnectManager::GetInstance().PublishServiceState(peerNetworkId, extraInfo, state); } } diff --git a/test/fuzztest/dschedsoftbussession_fuzzer/dschedsoftbussession_fuzzer.cpp b/test/fuzztest/dschedsoftbussession_fuzzer/dschedsoftbussession_fuzzer.cpp index 3267a694..b02855c6 100644 --- a/test/fuzztest/dschedsoftbussession_fuzzer/dschedsoftbussession_fuzzer.cpp +++ b/test/fuzztest/dschedsoftbussession_fuzzer/dschedsoftbussession_fuzzer.cpp @@ -17,23 +17,62 @@ #include #include +#include #include "dsched_data_buffer.h" #include "dsched_softbus_session.h" namespace OHOS { namespace DistributedSchedule { +namespace { +static const uint32_t DSCHED_MAX_BUFFER_SIZE = 80 * 1024 * 1024; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; +constexpr int32_t POS_0 = 0; +constexpr int32_t POS_1 = 1; +constexpr int32_t POS_2 = 2; +constexpr int32_t POS_3 = 3; +constexpr int32_t OFFSET_24 = 24; +constexpr int32_t OFFSET_16 = 16; +constexpr int32_t OFFSET_8 = 8; +} + +int32_t Get32Data(const uint8_t* ptr, size_t size) +{ + if (size > FOO_MAX_LEN || size < U32_AT_SIZE) { + return 0; + } + char *ch = static_cast(malloc(size + 1)); + if (ch == nullptr) { + return 0; + } + (void)memset_s(ch, size + 1, 0x00, size + 1); + if (memcpy_s(ch, size + 1, ptr, size) != EOK) { + free(ch); + ch = nullptr; + return 0; + } + int32_t data = (ch[POS_0] << OFFSET_24) | (ch[POS_1] << OFFSET_16) | (ch[POS_2] << OFFSET_8) | ch[POS_3]; + free(ch); + ch = nullptr; + return data; +} + void FuzzOnBytesReceived(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < U32_AT_SIZE)) { return; } - std::shared_ptr buffer = std::make_shared(size); + size_t intParam = static_cast(Get32Data(data, size)); + if (intParam >= DSCHED_MAX_BUFFER_SIZE) { + return; + } + std::shared_ptr buffer = std::make_shared(intParam); DSchedSoftbusSession dschedSoftbusSession; dschedSoftbusSession.OnBytesReceived(buffer); dschedSoftbusSession.OnConnect(); dschedSoftbusSession.GetPeerDeviceId(); - int32_t dataType = *(reinterpret_cast(data)); + int32_t dataType = Get32Data(data, size); dschedSoftbusSession.SendData(buffer, dataType); dschedSoftbusSession.OnDisconnect(); }