补充fuzz用例2.0

Signed-off-by: yanghang <yanghang86@huawei.com>
This commit is contained in:
yanghang 2024-07-26 17:12:58 +08:00
parent 6fc35faf30
commit 7eb3c31258
3 changed files with 767 additions and 726 deletions

View File

@ -542,7 +542,7 @@ std::shared_ptr<DBinderSessionObject> IPCProcessSkeleton::ProxyDetachDBinderSess
std::lock_guard<std::recursive_mutex> lockGuard(proxyToSessionMutex_);
std::shared_ptr<DBinderSessionObject> tmp = nullptr;
auto it = proxyToSession_.find(handle);
if (it != proxyToSession_.end() && it->second->GetProxy() == proxy) {
if (it != proxyToSession_.end() && it->second != nullptr && it->second->GetProxy() == proxy) {
tmp = it->second;
proxyToSession_.erase(it);
ZLOGI(LOG_LABEL, "detach handle:%{public}u from SocketId:%{public}d"
@ -587,6 +587,10 @@ bool IPCProcessSkeleton::ProxyMoveDBinderSession(uint32_t handle, IPCObjectProxy
std::lock_guard<std::recursive_mutex> lockGuard(proxyToSessionMutex_);
auto it = proxyToSession_.find(handle);
if (it != proxyToSession_.end()) {
if (it->second == nullptr) {
ZLOGE(LOG_LABEL, "find object is null");
return false;
}
ZLOGI(LOG_LABEL, "move proxy of handle:%{public}u old==new:%{public}d", handle,
it->second->GetProxy() == proxy);
// moves ownership to this new proxy, so old proxy should not detach this session and stubIndex
@ -602,6 +606,10 @@ bool IPCProcessSkeleton::QueryProxyBySocketId(int32_t socketId, std::vector<uint
CHECK_INSTANCE_EXIT_WITH_RETVAL(exitFlag_, false);
std::lock_guard<std::recursive_mutex> lockGuard(proxyToSessionMutex_);
for (auto it = proxyToSession_.begin(); it != proxyToSession_.end(); it++) {
if (it->second == nullptr) {
ZLOGE(LOG_LABEL, "find object is null");
return false;
}
if (socketId == it->second->GetSocketId()) {
proxyHandle.push_back(it->first);
}
@ -617,6 +625,10 @@ uint32_t IPCProcessSkeleton::QueryHandleByDatabusSession(const std::string &name
std::lock_guard<std::recursive_mutex> lockGuard(proxyToSessionMutex_);
for (auto it = proxyToSession_.begin(); it != proxyToSession_.end(); it++) {
if (it->second == nullptr) {
ZLOGE(LOG_LABEL, "find object is null");
return 0;
}
if ((it->second->GetStubIndex() == stubIndex) && (it->second->GetDeviceId().compare(deviceId) == 0) &&
(it->second->GetServiceName().compare(name) == 0)) {
ZLOGI(LOG_LABEL, "found handle:%{public}u of session, stubIndex:%{public}" PRIu64, it->first, stubIndex);
@ -638,6 +650,10 @@ std::shared_ptr<DBinderSessionObject> IPCProcessSkeleton::QuerySessionByInfo(con
std::lock_guard<std::recursive_mutex> lockGuard(proxyToSessionMutex_);
for (auto it = proxyToSession_.begin(); it != proxyToSession_.end(); it++) {
if (it->second == nullptr) {
ZLOGE(LOG_LABEL, "find object is null");
return nullptr;
}
if ((it->second->GetDeviceId().compare(deviceId) == 0) && (it->second->GetServiceName().compare(name) == 0)) {
return it->second;
}
@ -652,6 +668,10 @@ bool IPCProcessSkeleton::StubDetachDBinderSession(uint32_t handle, uint32_t &tok
std::unique_lock<std::shared_mutex> lockGuard(databusSessionMutex_);
auto it = dbinderSessionObjects_.find(handle);
if (it != dbinderSessionObjects_.end()) {
if (it->second == nullptr) {
ZLOGE(LOG_LABEL, "find object is null");
return false;
}
tokenId = it->second->GetTokenId();
ZLOGI(LOG_LABEL, "detach handle:%{public}u stubIndex:%{public}" PRIu64 " tokenId:%{public}u",
handle, it->second->GetStubIndex(), tokenId);

View File

@ -26,7 +26,9 @@ class DataGenerator {
public:
static void Write(const uint8_t *data, size_t size)
{
DataGenerator::parcel_.WriteBuffer(data, size);
if (!DataGenerator::parcel_.WriteBuffer(data, size)) {
return;
}
DataGenerator::parcel_.RewindRead(0);
}
@ -45,7 +47,7 @@ private:
};
template <typename T>
bool GenerateFromList(T &value, const std::vector<T> &candidateValues)
static inline bool GenerateFromList(T &value, const std::vector<T> &candidateValues)
{
if (candidateValues.empty()) {
return false;
@ -58,81 +60,64 @@ bool GenerateFromList(T &value, const std::vector<T> &candidateValues)
return true;
}
bool GenerateBool(bool &value)
static inline bool GenerateBool(bool &value)
{
return DataGenerator::GetInstance().ReadBool(value);
}
bool GenerateInt8(int8_t &value)
static inline bool GenerateInt8(int8_t &value)
{
return DataGenerator::GetInstance().ReadInt8(value);
}
bool GenerateInt16(int16_t &value)
static inline bool GenerateInt16(int16_t &value)
{
return DataGenerator::GetInstance().ReadInt16(value);
}
bool GenerateInt32(int32_t &value)
static inline bool GenerateInt32(int32_t &value)
{
return DataGenerator::GetInstance().ReadInt32(value);
}
bool GenerateInt64(int64_t &value)
static inline bool GenerateInt64(int64_t &value)
{
return DataGenerator::GetInstance().ReadInt64(value);
}
bool GenerateUint8(uint8_t &value)
static inline bool GenerateUint8(uint8_t &value)
{
return DataGenerator::GetInstance().ReadUint8(value);
}
bool GenerateUint16(uint16_t &value)
static inline bool GenerateUint16(uint16_t &value)
{
return DataGenerator::GetInstance().ReadUint16(value);
}
bool GenerateUint32(uint32_t &value)
static inline bool GenerateUint32(uint32_t &value)
{
return DataGenerator::GetInstance().ReadUint32(value);
}
bool GenerateUint64(uint64_t &value)
static inline bool GenerateUint64(uint64_t &value)
{
return DataGenerator::GetInstance().ReadUint64(value);
}
bool GenerateFloat(float &value)
static inline bool GenerateFloat(float &value)
{
return DataGenerator::GetInstance().ReadFloat(value);
}
bool GenerateDouble(double &value)
static inline bool GenerateDouble(double &value)
{
return DataGenerator::GetInstance().ReadDouble(value);
}
bool GenerateString(std::string &value)
static inline bool GenerateString(std::string &value)
{
return DataGenerator::GetInstance().ReadString(value);
}
bool GeneratePayload(std::vector<uint8_t> &payload, const std::vector<uint8_t> &prefix = {})
{
uint8_t len = 0;
if (!DataGenerator::GetInstance().ReadUint8(len)) {
return false;
}
size_t readableSize = DataGenerator::GetInstance().GetReadableBytes();
len = (readableSize == 0) ? 0 : (len % readableSize);
payload.push_back(len + prefix.size());
payload.insert(payload.end(), prefix.begin(), prefix.end());
for (uint8_t i = 0; i < len; ++i) {
payload.push_back(DataGenerator::GetInstance().ReadUint8());
}
return true;
}
#endif // FUZZ_DATA_GENERATOR_H