Merge branch 'fuzz_highrisk' of https://gitee.com/sunjiakun/bundlemanager_bundle_framework into fuzz_highrisk

test/fuzztest/fuzztest_application/appcontrolhost_fuzzer/appcontrolhost_fuzzer.cpp

@@ -25,27 +25,21 @@ using namespace OHOS::AppExecFwk;
 namespace OHOS {
 constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
-constexpr size_t MESSAGE_SIZE = 21;
-constexpr size_t DCAMERA_SHIFT_24 = 24;
-constexpr size_t DCAMERA_SHIFT_16 = 16;
-constexpr size_t DCAMERA_SHIFT_8 = 8;
+constexpr uint32_t CODE_MAX = 23;
 
-uint32_t GetU32Data(const char* ptr)
-{
-    return (ptr[0] << DCAMERA_SHIFT_24) | (ptr[1] << DCAMERA_SHIFT_16) | (ptr[2] << DCAMERA_SHIFT_8) | (ptr[3]);
-}
 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 {
-    uint32_t code = (GetU32Data(data) % MESSAGE_SIZE);
-    MessageParcel datas;
-    std::u16string descriptor = AppControlHost::GetDescriptor();
-    datas.WriteInterfaceToken(descriptor);
-    datas.WriteBuffer(data, size);
-    datas.RewindRead(0);
-    MessageParcel reply;
-    MessageOption option;
-    AppControlHost appControlHost;
-    appControlHost.OnRemoteRequest(code, datas, reply, option);
+    for (uint32_t code = 0; code <= CODE_MAX; code++) {
+        MessageParcel datas;
+        std::u16string descriptor = AppControlHost::GetDescriptor();
+        datas.WriteInterfaceToken(descriptor);
+        datas.WriteBuffer(data, size);
+        datas.RewindRead(0);
+        MessageParcel reply;
+        MessageOption option;
+        AppControlHost appControlHost;
+        appControlHost.OnRemoteRequest(code, datas, reply, option);
+    }
     return true;
 }
 }

test/fuzztest/fuzztest_application/bundlemgrhost_fuzzer/bundlemgrhost_fuzzer.cpp

@@ -25,27 +25,22 @@ using namespace OHOS::AppExecFwk;
 namespace OHOS {
 constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
-constexpr size_t MESSAGE_SIZE = 133;
-constexpr size_t DCAMERA_SHIFT_24 = 24;
-constexpr size_t DCAMERA_SHIFT_16 = 16;
-constexpr size_t DCAMERA_SHIFT_8 = 8;
+constexpr uint32_t CODE_MAX = 155;
+
 
-uint32_t GetU32Data(const char* ptr)
-{
-    return (ptr[0] << DCAMERA_SHIFT_24) | (ptr[1] << DCAMERA_SHIFT_16) | (ptr[2] << DCAMERA_SHIFT_8) | (ptr[3]);
-}
 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 {
-    uint32_t code = (GetU32Data(data) % MESSAGE_SIZE);
-    MessageParcel datas;
-    std::u16string descriptor = BundleMgrHost::GetDescriptor();
-    datas.WriteInterfaceToken(descriptor);
-    datas.WriteBuffer(data, size);
-    datas.RewindRead(0);
-    MessageParcel reply;
-    MessageOption option;
-    BundleMgrHost bundleMgrHost;
-    bundleMgrHost.OnRemoteRequest(code, datas, reply, option);
+    for (uint32_t code = 0; code <= CODE_MAX; code++) {
+        MessageParcel datas;
+        std::u16string descriptor = BundleMgrHost::GetDescriptor();
+        datas.WriteInterfaceToken(descriptor);
+        datas.WriteBuffer(data, size);
+        datas.RewindRead(0);
+        MessageParcel reply;
+        MessageOption option;
+        BundleMgrHost bundleMgrHost;
+        bundleMgrHost.OnRemoteRequest(code, datas, reply, option);
+    }
     return true;
 }
 }

test/fuzztest/fuzztest_application/bundlestreaminstallerhost_fuzzer/bundlestreaminstallerhost_fuzzer.cpp

@@ -25,28 +25,21 @@ using namespace OHOS::AppExecFwk;
 namespace OHOS {
 constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
-constexpr size_t MESSAGE_SIZE = 5;
-constexpr size_t DCAMERA_SHIFT_24 = 24;
-constexpr size_t DCAMERA_SHIFT_16 = 16;
-constexpr size_t DCAMERA_SHIFT_8 = 8;
-
-uint32_t GetU32Data(const char* ptr)
-{
-    return (ptr[0] << DCAMERA_SHIFT_24) | (ptr[1] << DCAMERA_SHIFT_16) | (ptr[2] << DCAMERA_SHIFT_8) | (ptr[3]);
-}
+constexpr uint32_t CODE_MAX = 4;
 
 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 {
-    uint32_t code = (GetU32Data(data) % MESSAGE_SIZE);
-    MessageParcel datas;
-    std::u16string descriptor = BundleStreamInstallerHost::GetDescriptor();
-    datas.WriteInterfaceToken(descriptor);
-    datas.WriteBuffer(data, size);
-    datas.RewindRead(0);
-    MessageParcel reply;
-    MessageOption option;
-    BundleStreamInstallerHost host;
-    host.OnRemoteRequest(code, datas, reply, option);
+    for (uint32_t code = 0; code <= CODE_MAX; code++) {
+        MessageParcel datas;
+        std::u16string descriptor = BundleStreamInstallerHost::GetDescriptor();
+        datas.WriteInterfaceToken(descriptor);
+        datas.WriteBuffer(data, size);
+        datas.RewindRead(0);
+        MessageParcel reply;
+        MessageOption option;
+        BundleStreamInstallerHost host;
+        host.OnRemoteRequest(code, datas, reply, option);
+    }
     return true;
 }
 }

test/fuzztest/fuzztest_application/bundleusermgrhost_fuzzer/bundleusermgrhost_fuzzer.cpp

@@ -25,27 +25,21 @@ using namespace OHOS::AppExecFwk;
 namespace OHOS {
 constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
-constexpr size_t MESSAGE_SIZE = 2;
-constexpr size_t DCAMERA_SHIFT_24 = 24;
-constexpr size_t DCAMERA_SHIFT_16 = 16;
-constexpr size_t DCAMERA_SHIFT_8 = 8;
+constexpr uint32_t CODE_MAX = 1;
 
-uint32_t GetU32Data(const char* ptr)
-{
-    return (ptr[0] << DCAMERA_SHIFT_24) | (ptr[1] << DCAMERA_SHIFT_16) | (ptr[2] << DCAMERA_SHIFT_8) | (ptr[3]);
-}
 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 {
-    uint32_t code = (GetU32Data(data) % MESSAGE_SIZE);
-    MessageParcel datas;
-    std::u16string descriptor = BundleUserMgrHost::GetDescriptor();
-    datas.WriteInterfaceToken(descriptor);
-    datas.WriteBuffer(data, size);
-    datas.RewindRead(0);
-    MessageParcel reply;
-    MessageOption option;
-    BundleUserMgrHost bundleUserMgrHost;
-    bundleUserMgrHost.OnRemoteRequest(code, datas, reply, option);
+    for (uint32_t code = 0; code <= CODE_MAX; code++) {
+        MessageParcel datas;
+        std::u16string descriptor = BundleUserMgrHost::GetDescriptor();
+        datas.WriteInterfaceToken(descriptor);
+        datas.WriteBuffer(data, size);
+        datas.RewindRead(0);
+        MessageParcel reply;
+        MessageOption option;
+        BundleUserMgrHost bundleUserMgrHost;
+        bundleUserMgrHost.OnRemoteRequest(code, datas, reply, option);
+    };
     return true;
 }
 }

test/fuzztest/fuzztest_application/defaultapphost_fuzzer/defaultapphost_fuzzer.cpp

@@ -1,85 +1,79 @@
-/*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "defaultapphost_fuzzer.h"
-
-#include <cstddef>
-#include <cstdint>
-
-#include "default_app_host.h"
-#include "securec.h"
-
-using namespace OHOS::AppExecFwk;
-namespace OHOS {
-constexpr size_t FOO_MAX_LEN = 1024;
-constexpr size_t U32_AT_SIZE = 4;
-constexpr size_t MESSAGE_SIZE = 4;
-constexpr size_t DCAMERA_SHIFT_24 = 24;
-constexpr size_t DCAMERA_SHIFT_16 = 16;
-constexpr size_t DCAMERA_SHIFT_8 = 8;
-
-uint32_t GetU32Data(const char* ptr)
-{
-    return (ptr[0] << DCAMERA_SHIFT_24) | (ptr[1] << DCAMERA_SHIFT_16) | (ptr[2] << DCAMERA_SHIFT_8) | (ptr[3]);
-}
-bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
-{
-    uint32_t code = (GetU32Data(data) % MESSAGE_SIZE);
-    MessageParcel datas;
-    std::u16string descriptor = DefaultAppHost::GetDescriptor();
-    datas.WriteInterfaceToken(descriptor);
-    datas.WriteBuffer(data, size);
-    datas.RewindRead(0);
-    MessageParcel reply;
-    MessageOption option;
-    DefaultAppHost defaultAppHost;
-    defaultAppHost.OnRemoteRequest(code, datas, reply, option);
-    return true;
-}
-}
-
-// Fuzzer entry point.
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
-{
-    /* Run your code on data */
-    if (data == nullptr) {
-        return 0;
-    }
-
-    if (size < OHOS::U32_AT_SIZE) {
-        return 0;
-    }
-
-    /* Validate the length of size */
-    if (size > OHOS::FOO_MAX_LEN) {
-        return 0;
-    }
-
-    char* ch = static_cast<char*>(malloc(size + 1));
-    if (ch == nullptr) {
-        return 0;
-    }
-
-    (void)memset_s(ch, size + 1, 0x00, size + 1);
-    if (memcpy_s(ch, size, data, size) != EOK) {
-        free(ch);
-        ch = nullptr;
-        return 0;
-    }
-    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
-    free(ch);
-    ch = nullptr;
-    return 0;
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "defaultapphost_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#define private public
+#include "default_app_host.h"
+#include "securec.h"
+
+using namespace OHOS::AppExecFwk;
+namespace OHOS {
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+constexpr uint32_t CODE_MAX = 3;
+
+bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
+{
+    for (uint32_t code = 0; code <= CODE_MAX; code++) {
+        MessageParcel datas;
+        std::u16string descriptor = DefaultAppHost::GetDescriptor();
+        datas.WriteInterfaceToken(descriptor);
+        datas.WriteBuffer(data, size);
+        datas.RewindRead(0);
+        MessageParcel reply;
+        MessageOption option;
+        DefaultAppHost defaultAppHost;
+        defaultAppHost.OnRemoteRequest(code, datas, reply, option);
+    }
+    return true;
+}
+}
+
+// Fuzzer entry point.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    if (size < OHOS::U32_AT_SIZE) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    char* ch = static_cast<char*>(malloc(size + 1));
+    if (ch == nullptr) {
+        return 0;
+    }
+
+    (void)memset_s(ch, size + 1, 0x00, size + 1);
+    if (memcpy_s(ch, size, data, size) != EOK) {
+        free(ch);
+        ch = nullptr;
+        return 0;
+    }
+    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
+    free(ch);
+    ch = nullptr;
+    return 0;
 }

test/fuzztest/fuzztest_others/overlaymanagerhost_fuzzer/overlaymanagerhost_fuzzer.cpp

@@ -25,27 +25,21 @@ using namespace OHOS::AppExecFwk;
 namespace OHOS {
 constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
-constexpr size_t MESSAGE_SIZE = 9;
-constexpr size_t DCAMERA_SHIFT_24 = 24;
-constexpr size_t DCAMERA_SHIFT_16 = 16;
-constexpr size_t DCAMERA_SHIFT_8 = 8;
+constexpr uint32_t CODE_MAX = 8;
 
-uint32_t GetU32Data(const char* ptr)
-{
-    return (ptr[0] << DCAMERA_SHIFT_24) | (ptr[1] << DCAMERA_SHIFT_16) | (ptr[2] << DCAMERA_SHIFT_8) | (ptr[3]);
-}
 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 {
-    uint32_t code = (GetU32Data(data) % MESSAGE_SIZE);
-    MessageParcel datas;
-    std::u16string descriptor = OverlayManagerHost::GetDescriptor();
-    datas.WriteInterfaceToken(descriptor);
-    datas.WriteBuffer(data, size);
-    datas.RewindRead(0);
-    MessageParcel reply;
-    MessageOption option;
-    OverlayManagerHost overlayManagerHost;
-    overlayManagerHost.OnRemoteRequest(code, datas, reply, option);
+    for (uint32_t code = 0; code <= CODE_MAX; code++) {
+        MessageParcel datas;
+        std::u16string descriptor = OverlayManagerHost::GetDescriptor();
+        datas.WriteInterfaceToken(descriptor);
+        datas.WriteBuffer(data, size);
+        datas.RewindRead(0);
+        MessageParcel reply;
+        MessageOption option;
+        OverlayManagerHost overlayManagerHost;
+        overlayManagerHost.OnRemoteRequest(code, datas, reply, option);
+    }
     return true;
 }
 }

test/fuzztest/fuzztest_others/quickfixmanagerhost_fuzzer/quickfixmanagerhost_fuzzer.cpp

@@ -25,32 +25,21 @@ using namespace OHOS::AppExecFwk;
 namespace OHOS {
 constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
-constexpr size_t MESSAGE_SIZE = 4;
-constexpr size_t DCAMERA_SHIFT_24 = 24;
-constexpr size_t DCAMERA_SHIFT_16 = 16;
-constexpr size_t DCAMERA_SHIFT_8 = 8;
+constexpr uint32_t CODE_MAX = 3;
 
-uint32_t GetU32Data(const char* ptr)
-{
-    return (ptr[0] << DCAMERA_SHIFT_24) | (ptr[1] << DCAMERA_SHIFT_16) | (ptr[2] << DCAMERA_SHIFT_8) | (ptr[3]);
-}
 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
 {
-    uint32_t code = (GetU32Data(data) % MESSAGE_SIZE);
-    MessageParcel datas;
-    std::u16string descriptor = QuickFixManagerHost::GetDescriptor();
-    datas.WriteInterfaceToken(descriptor);
-    datas.WriteBuffer(data, size);
-    datas.RewindRead(0);
-    MessageParcel reply;
-    MessageOption option;
-    QuickFixManagerHost quickFixManagerHost;
-    quickFixManagerHost.OnRemoteRequest(code, datas, reply, option);
-
-    quickFixManagerHost.HandleDeleteQuickFix(datas, reply);
-    quickFixManagerHost.HandleCreateFd(datas, reply);
-    quickFixManagerHost.HandleDeployQuickFix(datas, reply);
-    quickFixManagerHost.HandleSwitchQuickFix(datas, reply);
+    for (uint32_t code = 0; code <= CODE_MAX; code++) {
+        MessageParcel datas;
+        std::u16string descriptor = QuickFixManagerHost::GetDescriptor();
+        datas.WriteInterfaceToken(descriptor);
+        datas.WriteBuffer(data, size);
+        datas.RewindRead(0);
+        MessageParcel reply;
+        MessageOption option;
+        QuickFixManagerHost quickFixManagerHost;
+        quickFixManagerHost.OnRemoteRequest(code, datas, reply, option);
+    }
     return true;
 }
 }