From 3a279e01b0d3f30cd943f0e4c76a6017cfddf673 Mon Sep 17 00:00:00 2001
From: zhaoyrr <zhaoyuran@h-partners.com>
Date: Wed, 3 Sep 2025 15:26:13 +0800
Subject: [PATCH] fix fuzz Heap-buffer-overflow

Signed-off-by: zhaoyrr <zhaoyuran@h-partners.com>
---
 .../dataabilitymanager_fuzzer.cpp                    | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp b/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp
index ca8e8434627..2a27c49b7d1 100755
--- a/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp
+++ b/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp
@@ -17,6 +17,10 @@
 
 #include <cstddef>
 #include <cstdint>
+#include <memory>
+#include <cstring>
+#include <string>
+#include <vector>
 #include <fuzzer/FuzzedDataProvider.h>
 
 #define private public
@@ -112,10 +116,12 @@ bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
     dataAbilityManager->GetAbilityRecordById(int64Param);
     dataAbilityManager->GetAbilityRecordByToken(token);
     dataAbilityManager->GetAbilityRecordByScheduler(scheduler);
-    char *func = new char[stringParam.length() + 1];
-    dataAbilityManager->Dump(func, intParam);
+    auto func = std::make_unique<char[]>(stringParam.length() + 1);
+    memcpy_s(func.get(), stringParam.length() + 1, stringParam.data(), stringParam.length());
+    func[stringParam.length()] = '\0';
+    dataAbilityManager->Dump(static_cast<const char*>(func.get()), intParam);
     dataAbilityManager->LoadLocked(stringParam, abilityRequest);
-    dataAbilityManager->DumpLocked(func, intParam);
+    dataAbilityManager->DumpLocked(static_cast<const char*>(func.get()), intParam);
     dataAbilityManager->DumpState(info, stringParam);
     std::shared_ptr<DataAbilityRecord> record;
     dataAbilityManager->DumpClientInfo(info, isClient, record);
-- 
Gitee