add fuzz test

Signed-off-by: shegangbin <shegangbin1@huawei.com>
Change-Id: Ie48a7dd78f203e8c56ed971825937af26c9a767e

rosen/modules/composer/vsync/test/fuzztest/vsyncreceiver_fuzzer/BUILD.gn

@@ -40,7 +40,10 @@ ohos_fuzztest("VsyncReceiverFuzzTest") {
     "//foundation/graphic/graphic_2d/rosen/modules/composer/vsync:libvsync",
     "//foundation/graphic/graphic_2d/utils:socketpair",
   ]
-  external_deps = [ "c_utils:utils" ]
+  external_deps = [
+    "c_utils:utils",
+    "eventhandler:libeventhandler",
+  ]
   defines = []
   if (graphic_2d_feature_enable_dvsync) {
     defines += [ "RS_ENABLE_DVSYNC" ]

rosen/modules/composer/vsync/test/fuzztest/vsyncreceiver_fuzzer/vsyncreceiver_fuzzer.cpp

@@ -15,9 +15,14 @@
 
 #include "vsyncreceiver_fuzzer.h"
 
+#include <cstdint>
+#include <memory>
 #include <securec.h>
 #include <sstream>
+#include <sys/socket.h>
 
+#include <event_handler.h>
+#include <sys/types.h>
 #include "graphic_common_c.h"
 #include "graphic_common.h"
 #include "vsync_receiver.h"
@@ -28,15 +33,15 @@
 namespace OHOS {
     namespace {
         constexpr size_t STR_LEN = 10;
-        const uint8_t* data_ = nullptr;
-        size_t size_ = 0;
-        size_t pos;
+        const uint8_t* g_data = nullptr;
+        size_t g_size = 0;
+        size_t g_pos;
 
         void OnVSync(int64_t now, void* data) {}
     }
 
     /*
-    * describe: get data from outside untrusted data(data_) which size is according to sizeof(T)
+    * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
     * tips: only support basic type
     */
     template<class T>
@@ -44,19 +49,19 @@ namespace OHOS {
     {
         T object {};
         size_t objectSize = sizeof(object);
-        if (data_ == nullptr || objectSize > size_ - pos) {
+        if (g_data == nullptr || objectSize > g_size - g_pos) {
             return object;
         }
-        errno_t ret = memcpy_s(&object, objectSize, data_ + pos, objectSize);
+        errno_t ret = memcpy_s(&object, objectSize, g_data + g_pos, objectSize);
         if (ret != EOK) {
             return {};
         }
-        pos += objectSize;
+        g_pos += objectSize;
         return object;
     }
 
     /*
-    * get a string from data_
+    * get a string from g_data
     */
     std::string GetStringFromData(int strlen)
     {
@@ -109,48 +114,18 @@ namespace OHOS {
         }
     }
 
-    bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
+    void VSyncCallBackListenerFuzzTest(sptr<Rosen::VSyncReceiver>& receiver)
     {
-        if (data == nullptr) {
-            return false;
-        }
-
-        // initialize
-        data_ = data;
-        size_ = size;
-        pos = 0;
-
-        // get data
-        int64_t offset = GetData<int64_t>();
-        int32_t rate = GetData<int32_t>();
-        bool uiDVSyncSwitch = GetData<bool>();
-        bool nativeDVSyncSwitch = GetData<bool>();
-        int32_t bufferCount = GetData<int32_t>();
-        void* data1 = static_cast<void*>(GetStringFromData(STR_LEN).data());
         std::string name = GetStringFromData(STR_LEN);
         bool rnvFlag = GetData<bool>();
-        bool isOpen = GetData<bool>();
-        int64_t period = GetData<int64_t>();
-        int64_t timestamp = GetData<int64_t>();
-        bool isThreadShared = GetData<bool>();
         int64_t now = GetData<int64_t>();
-
-        // test
-        sptr<Rosen::VSyncGenerator> vsyncGenerator = Rosen::CreateVSyncGenerator();
-        sptr<Rosen::VSyncController> vsyncController = new Rosen::VSyncController(vsyncGenerator, offset);
-        sptr<Rosen::VSyncDistributor> vsyncDistributor = new Rosen::VSyncDistributor(vsyncController, "Fuzz");
-        sptr<Rosen::VSyncConnection> vsyncConnection = new Rosen::VSyncConnection(vsyncDistributor, "Fuzz");
-        sptr<Rosen::VSyncReceiver> vsyncReceiver = new Rosen::VSyncReceiver(vsyncConnection);
+        int32_t fileDescriptor = GetData<int32_t>();
+        bool fdClosed = GetData<bool>();
+        void* userData = static_cast<void*>(GetStringFromData(STR_LEN).data());
         Rosen::VSyncReceiver::FrameCallback fcb = {
-            .userData_ = data1,
+            .userData_ = userData,
             .callback_ = OnVSync,
         };
-        vsyncReceiver->SetVSyncRate(fcb, rate);
-        vsyncReceiver->SetNativeDVSyncSwitch(nativeDVSyncSwitch);
-        vsyncReceiver->SetUiDvsyncSwitch(uiDVSyncSwitch);
-        vsyncReceiver->SetUiDvsyncConfig(bufferCount);
-        vsyncReceiver->RequestNextVSync(fcb);
-        vsyncReceiver->RequestNextVSyncWithMultiCallback(fcb);
 
         std::shared_ptr<Rosen::VSyncCallBackListener> vsyncCallBackListener(
             std::make_shared<Rosen::VSyncCallBackListener>());
@@ -165,14 +140,86 @@ namespace OHOS {
         vsyncCallBackListener->AddCallback(fcb);
         vsyncCallBackListener->CalculateExpectedEndLocked(now);
 
+        int64_t vsyncData[3];
+        ssize_t dataCount = GetData<ssize_t>();
+        vsyncData[0] = GetData<int64_t>();
+        vsyncData[1] = GetData<int64_t>();
+        vsyncData[2] = GetData<int64_t>(); // index 2
+        TEMP_FAILURE_RETRY(send(
+            receiver->fd_, vsyncData, sizeof(vsyncData), MSG_DONTWAIT | MSG_NOSIGNAL));
+        if (fileDescriptor >= 0 && fileDescriptor <= 2) { // 0, 1, 2 not allowed
+            fileDescriptor = receiver->fd_;
+        }
+        vsyncCallBackListener->OnReadable(receiver->fd_);
+        vsyncCallBackListener->OnShutdown(fileDescriptor);
+        vsyncCallBackListener->ReadFdInternal(receiver->fd_, vsyncData, dataCount);
+        vsyncCallBackListener->HandleVsyncCallbacks(vsyncData, dataCount, fileDescriptor);
+        vsyncCallBackListener->CalculateExpectedEndLocked(now);
+        vsyncCallBackListener->SetFdClosedFlagLocked(fdClosed);
+        vsyncCallBackListener->RegisterFdShutDownCallback([](int32_t fd) {});
+
         GraphicCommonTest();
+    }
+
+    bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
+    {
+        if (data == nullptr) {
+            return false;
+        }
+
+        // initialize
+        g_data = data;
+        g_size = size;
+        g_pos = 0;
+
+        // get data
+        int64_t offset = GetData<int64_t>();
+        int32_t rate = GetData<int32_t>();
+        bool uiDVSyncSwitch = GetData<bool>();
+        bool nativeDVSyncSwitch = GetData<bool>();
+        int32_t bufferCount = GetData<int32_t>();
+        void* data1 = static_cast<void*>(GetStringFromData(STR_LEN).data());
+        bool isOpen = GetData<bool>();
+        int64_t period = GetData<int64_t>();
+        int64_t timestamp = GetData<int64_t>();
+        bool isThreadShared = GetData<bool>();
+        bool needCreateNewThread = GetData<bool>();
+
+        // test
+        sptr<Rosen::VSyncGenerator> vsyncGenerator = Rosen::CreateVSyncGenerator();
+        sptr<Rosen::VSyncController> vsyncController = new Rosen::VSyncController(vsyncGenerator, offset);
+        sptr<Rosen::VSyncDistributor> vsyncDistributor = new Rosen::VSyncDistributor(vsyncController, "Fuzz");
+        sptr<Rosen::VSyncConnection> vsyncConnection = new Rosen::VSyncConnection(vsyncDistributor, "Fuzz");
+        sptr<Rosen::VSyncReceiver> vsyncReceiver = new Rosen::VSyncReceiver(vsyncConnection);
+        std::shared_ptr<AppExecFwk::EventRunner> eventRunner = AppExecFwk::EventRunner::Create(needCreateNewThread);
+        std::shared_ptr<AppExecFwk::EventHandler> eventHandler =
+            std::make_shared<AppExecFwk::EventHandler>(eventRunner);
+        sptr<Rosen::VSyncReceiver> vsyncReceiver2 = new Rosen::VSyncReceiver(
+            vsyncConnection, nullptr, eventHandler, "FuzzTest");
+        Rosen::VSyncReceiver::FrameCallback fcb = {
+            .userData_ = data1,
+            .callback_ = OnVSync,
+        };
+        vsyncReceiver->Init();
+        vsyncReceiver2->Init();
+        vsyncReceiver->SetVSyncRate(fcb, rate);
+        vsyncReceiver->SetNativeDVSyncSwitch(nativeDVSyncSwitch);
+        vsyncReceiver->SetUiDvsyncSwitch(uiDVSyncSwitch);
+        vsyncReceiver->SetUiDvsyncConfig(bufferCount);
+        vsyncReceiver->RequestNextVSync(fcb);
+        vsyncReceiver->RequestNextVSyncWithMultiCallback(fcb);
+
+        VSyncCallBackListenerFuzzTest(vsyncReceiver);
 
         vsyncReceiver->SetVsyncCallBackForEveryFrame(fcb, isOpen);
         vsyncReceiver->GetVSyncPeriodAndLastTimeStamp(period, timestamp, isThreadShared);
+        vsyncReceiver->GetVSyncPeriod(period);
         vsyncReceiver->IsRequestedNextVSync();
 
         //tearDown
         vsyncReceiver->CloseVsyncReceiverFd();
+        vsyncReceiver2->RemoveAndCloseFdLocked();
+        vsyncReceiver2->DestroyLocked();
         return true;
     }
 }

utils/socketpair/test/BUILD.gn

@@ -13,5 +13,8 @@
 
 group("test") {
   testonly = true
-  deps = [ "unittest:unittest" ]
+  deps = [
+    "fuzztest:fuzztest",
+    "unittest:unittest",
+  ]
 }

utils/socketpair/test/fuzztest/BUILD.gn

@@ -0,0 +1,18 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+group("fuzztest") {
+  testonly = true
+
+  deps = [ "localsocketpair_fuzzer:fuzztest" ]
+}

utils/socketpair/test/fuzztest/localsocketpair_fuzzer/BUILD.gn

@@ -0,0 +1,51 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/graphic/graphic_2d/graphic_config.gni")
+module_output_path = "graphic_2d/graphic_2d"
+
+##############################fuzztest##########################################
+ohos_fuzztest("LocalSocketPairFuzzTest") {
+  fuzz_config_file = "../localsocketpair_fuzzer"
+  module_out_path = module_output_path
+
+  include_dirs = [ "../../../export" ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+    "-Dprivate=public",
+    "-Dprotected=public",
+  ]
+  sources = [ "localsocketpair_fuzzer.cpp" ]
+  deps = [ "../../../../../utils:socketpair" ]
+  external_deps = [
+    "c_utils:utils",
+    "ipc:ipc_core",
+  ]
+}
+
+###############################################################################
+group("fuzztest") {
+  testonly = true
+  deps = []
+  deps += [
+    # deps file
+    ":LocalSocketPairFuzzTest",
+  ]
+}
+###############################################################################

utils/socketpair/test/fuzztest/localsocketpair_fuzzer/corpus/init

@@ -0,0 +1,14 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ

utils/socketpair/test/fuzztest/localsocketpair_fuzzer/localsocketpair_fuzzer.cpp

@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "localsocketpair_fuzzer.h"
+
+#include <securec.h>
+#include "local_socketpair.h"
+#include <message_parcel.h>
+#include <message_option.h>
+
+
+namespace OHOS {
+    namespace {
+        const uint8_t* g_data = nullptr;
+        size_t g_size = 0;
+        size_t g_pos;
+        constexpr int32_t SOCKET_PAIR_SIZE = 2;
+    }
+
+    /*
+    * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
+    * tips: only support basic type
+    */
+    template<class T>
+    T GetData()
+    {
+        T object {};
+        size_t objectSize = sizeof(object);
+        if (g_data == nullptr || objectSize > g_size - g_pos) {
+            return object;
+        }
+        errno_t ret = memcpy_s(&object, objectSize, g_data + g_pos, objectSize);
+        if (ret != EOK) {
+            return {};
+        }
+        g_pos += objectSize;
+        return object;
+    }
+
+    bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
+    {
+        if (data == nullptr) {
+            return false;
+        }
+
+        // initialize
+        g_data = data;
+        g_size = size;
+        g_pos = 0;
+
+        // get data
+        size_t sendSize = GetData<size_t>();
+        size_t receiveSize = GetData<size_t>();
+        int64_t vsyncData[3];
+        vsyncData[0] = GetData<int64_t>();
+        vsyncData[1] = GetData<int64_t>();
+        vsyncData[2] = GetData<int64_t>(); // index 2
+        int32_t fd = GetData<int32_t>();
+
+        // test
+        sptr<LocalSocketPair> socketPair = new LocalSocketPair();
+        socketPair->CreateChannel(sendSize, receiveSize);
+        socketPair->GetSendDataFd();
+        socketPair->GetReceiveDataFd();
+        MessageParcel messageParcel;
+        socketPair->SendToBinder(messageParcel);
+        socketPair->ReceiveToBinder(messageParcel);
+        socketPair->SendData(vsyncData, sizeof(vsyncData));
+        socketPair->ReceiveData(vsyncData, sizeof(vsyncData));
+        socketPair->SendFdToBinder(messageParcel, fd);
+        int32_t socketPairFds[SOCKET_PAIR_SIZE] = {
+            socketPair->sendFd_,
+            socketPair->receiveFd_,
+        };
+        socketPair->SetSockopt(sendSize, receiveSize, socketPairFds, SOCKET_PAIR_SIZE);
+        socketPair->CloseFd(socketPair->sendFd_);
+        socketPair->CloseFd(socketPair->receiveFd_);
+
+        return true;
+    }
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::DoSomethingInterestingWithMyAPI(data, size);
+    return 0;
+}
+

utils/socketpair/test/fuzztest/localsocketpair_fuzzer/localsocketpair_fuzzer.h

@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef LOCAL_SOCKETPAIR_FUZZER_H
+#define LOCAL_SOCKETPAIR_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "localsocketpair_fuzzer"
+
+#endif // LOCAL_SOCKETPAIR_FUZZER_H

utils/socketpair/test/fuzztest/localsocketpair_fuzzer/project.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2024 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>