From 9d1a2d6bb6f5cbedb221d733c1f6550bf73fe4be Mon Sep 17 00:00:00 2001 From: al9503 Date: Tue, 19 Aug 2025 17:39:30 +0800 Subject: [PATCH] =?UTF-8?q?ipc=E8=A1=A5=E5=85=85fuzz?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: al9503 Change-Id: I1829e56bc641c08a5a942f97090cf04acae622b3 --- test/fuzztest/BUILD.gn | 3 +- .../native/src/core/invokerfactory/BUILD.gn | 20 ++++ .../include}/invokerfactory_fuzzer.h | 0 .../invokerfactory001_fuzzer}/BUILD.gn | 15 ++- .../invokerfactory001_fuzzer}/corpus/init | 0 .../invokerfactory001_fuzzer.cpp} | 1 + .../invokerfactory001_fuzzer}/project.xml | 0 .../invokerfactory002_fuzzer/BUILD.gn | 40 +++++++ .../invokerfactory002_fuzzer/corpus/init | 16 +++ .../invokerfactory002_fuzzer.cpp | 63 ++++++++++ .../invokerfactory002_fuzzer/project.xml | 25 ++++ .../dbinderdatabusinvokermock005_fuzzer.cpp | 3 +- .../ipcobjectproxymock001_fuzzer.cpp | 14 --- .../mock/ipcworkthreadmock_fuzzer/BUILD.gn | 45 +++++++ .../mock/ipcworkthreadmock_fuzzer/corpus/init | 16 +++ .../ipcworkthreadmock_fuzzer.cpp | 110 ++++++++++++++++++ .../ipcworkthreadmock_fuzzer.h | 21 ++++ .../mock/ipcworkthreadmock_fuzzer/project.xml | 25 ++++ test/resource/ipc/ohos_test.xml | 6 + 19 files changed, 401 insertions(+), 22 deletions(-) create mode 100644 test/fuzztest/ipc/native/src/core/invokerfactory/BUILD.gn rename test/fuzztest/ipc/native/src/core/{invokerfactory_fuzzer => invokerfactory/include}/invokerfactory_fuzzer.h (100%) rename test/fuzztest/ipc/native/src/core/{invokerfactory_fuzzer => invokerfactory/invokerfactory001_fuzzer}/BUILD.gn (75%) rename test/fuzztest/ipc/native/src/core/{invokerfactory_fuzzer => invokerfactory/invokerfactory001_fuzzer}/corpus/init (100%) rename test/fuzztest/ipc/native/src/core/{invokerfactory_fuzzer/invokerfactory_fuzzer.cpp => invokerfactory/invokerfactory001_fuzzer/invokerfactory001_fuzzer.cpp} (98%) rename test/fuzztest/ipc/native/src/core/{invokerfactory_fuzzer => invokerfactory/invokerfactory001_fuzzer}/project.xml (100%) create mode 100644 test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/corpus/init create mode 100644 test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/invokerfactory002_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/project.xml create mode 100644 test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/BUILD.gn create mode 100644 test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/corpus/init create mode 100644 test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.cpp create mode 100644 test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.h create mode 100644 test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/project.xml diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 632b0258..0aa83e5b 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -32,7 +32,7 @@ group("fuzztest") { "ipc/native/src/mock/dbindersoftbusclientmock_fuzzer:DBinderSoftbusClientMockFuzzTest", "ipc/native/src/core/dbinderservicestub:dbinderservicestubfuzz", "ipc/native/src/core/getlocalnodedeviceid_fuzzer:GetLocalNodeDeviceIdFuzzTest", - "ipc/native/src/core/invokerfactory_fuzzer:InvokerFactoryFuzzTest", + "ipc/native/src/core/invokerfactory:invokerfactoryfuzztest", "ipc/native/src/core/ipcfiledescriptor:ipcfiledescriptorfuzz", "ipc/native/src/core/ipcfiledescriptormarshalling_fuzzer:IPCFileDescriptorMarshallingFuzzTest", "ipc/native/src/core/ipcfiledescriptorunmarshalling_fuzzer:IPCFileDescriptorUnmarshallingFuzzTest", @@ -79,6 +79,7 @@ group("fuzztest") { "ipc/native/src/mock/ipcskeletonmock:ipcskeletonmockfuzz", "ipc/native/src/mock/ipcthreadskeletonmock:ipcthreadskeletonmockfuzz", "ipc/native/src/mock/iremoteobjectmock:iremoteobjectmockfuzz", + "ipc/native/src/mock/ipcworkthreadmock_fuzzer:IPCWorkThreadMockFuzzTest", "dbinder/dbinder_service/src/dbinderservicenew_fuzzer:DBinderServiceNewFuzzTest", "dbinder/dbinder_service/src/socket/dbinderremotelistener:dbinderremotelistenerfuzz", ] diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory/BUILD.gn b/test/fuzztest/ipc/native/src/core/invokerfactory/BUILD.gn new file mode 100644 index 00000000..bab90f5c --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/invokerfactory/BUILD.gn @@ -0,0 +1,20 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +group("invokerfactoryfuzztest") { + testonly = true + deps = [ + "invokerfactory001_fuzzer:InvokerFactory001FuzzTest", + "invokerfactory002_fuzzer:InvokerFactory002FuzzTest", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/invokerfactory_fuzzer.h b/test/fuzztest/ipc/native/src/core/invokerfactory/include/invokerfactory_fuzzer.h similarity index 100% rename from test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/invokerfactory_fuzzer.h rename to test/fuzztest/ipc/native/src/core/invokerfactory/include/invokerfactory_fuzzer.h diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/BUILD.gn similarity index 75% rename from test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/BUILD.gn rename to test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/BUILD.gn index 515a1f33..dd17f773 100644 --- a/test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/BUILD.gn +++ b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/BUILD.gn @@ -16,20 +16,25 @@ import("//build/config/features.gni") import("//build/test.gni") ##############################fuzztest########################################## -ohos_fuzztest("InvokerFactoryFuzzTest") { +ohos_fuzztest("InvokerFactory001FuzzTest") { module_out_path = "ipc/ipc" - fuzz_config_file = "../invokerfactory_fuzzer" - + fuzz_config_file = "../invokerfactory001_fuzzer" + include_dirs = [ "../include" ] cflags = [ "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "invokerfactory_fuzzer.cpp" ] + sources = [ "invokerfactory001_fuzzer.cpp" ] - deps = [ "../../../../../../../test:ipc_single_test_static" ] + deps = [ "../../../../../../../../test:ipc_single_test_static" ] external_deps = [ "c_utils:utils", "hilog:libhilog", ] + + defines = [ + "private = public", + "protected = public", + ] } diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/corpus/init rename to test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/corpus/init diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/invokerfactory_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/invokerfactory001_fuzzer.cpp similarity index 98% rename from test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/invokerfactory_fuzzer.cpp rename to test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/invokerfactory001_fuzzer.cpp index 41e08042..0a1d200b 100644 --- a/test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/invokerfactory_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/invokerfactory001_fuzzer.cpp @@ -14,6 +14,7 @@ */ #include "invokerfactory_fuzzer.h" +#include #include "binder_invoker.h" #include "invoker_factory.h" #include "message_parcel.h" diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/project.xml similarity index 100% rename from test/fuzztest/ipc/native/src/core/invokerfactory_fuzzer/project.xml rename to test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory001_fuzzer/project.xml diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/BUILD.gn new file mode 100644 index 00000000..9374aab6 --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/BUILD.gn @@ -0,0 +1,40 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("InvokerFactory002FuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../invokerfactory002_fuzzer" + include_dirs = [ "../include" ] + cflags = [ + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "invokerfactory002_fuzzer.cpp" ] + + deps = [ "../../../../../../../../test:ipc_single_test_static" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + defines = [ + "private = public", + "protected = public", + ] +} diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/invokerfactory002_fuzzer.cpp b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/invokerfactory002_fuzzer.cpp new file mode 100644 index 00000000..0c6037bc --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/invokerfactory002_fuzzer.cpp @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "invokerfactory_fuzzer.h" +#include +#include "binder_invoker.h" +#include "invoker_factory.h" +#include "message_parcel.h" + +namespace OHOS { +IRemoteInvoker* CreatorFunction() +{ + IRemoteInvoker *globalInvoker = new (std::nothrow) BinderInvoker(); + return globalInvoker; +} + +void RegisterFuzzTest(FuzzedDataProvider &provider) +{ + InvokerFactory &invokerFactory = InvokerFactory::Get(); + invokerFactory.isAvailable_ = false; + int protocol = provider.ConsumeIntegral(); + invokerFactory.Register(protocol, CreatorFunction); +} + +void UnregisterFuzzTest(FuzzedDataProvider &provider) +{ + InvokerFactory &invokerFactory = InvokerFactory::Get(); + invokerFactory.isAvailable_ = false; + int protocol = provider.ConsumeIntegral(); + invokerFactory.Unregister(protocol); +} + +void NewInstanceFuzzTest(FuzzedDataProvider &provider) +{ + InvokerFactory &invokerFactory = InvokerFactory::Get(); + invokerFactory.isAvailable_ = false; + int protocol = provider.ConsumeIntegral(); + invokerFactory.newInstance(protocol); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::RegisterFuzzTest(provider); + OHOS::UnregisterFuzzTest(provider); + OHOS::NewInstanceFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/project.xml b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/core/invokerfactory/invokerfactory002_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/fuzztest/ipc/native/src/mock/dbinderdatabusinvokermock/dbinderdatabusinvokermock005_fuzzer/dbinderdatabusinvokermock005_fuzzer.cpp b/test/fuzztest/ipc/native/src/mock/dbinderdatabusinvokermock/dbinderdatabusinvokermock005_fuzzer/dbinderdatabusinvokermock005_fuzzer.cpp index c4e913ce..4053e745 100644 --- a/test/fuzztest/ipc/native/src/mock/dbinderdatabusinvokermock/dbinderdatabusinvokermock005_fuzzer/dbinderdatabusinvokermock005_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/mock/dbinderdatabusinvokermock/dbinderdatabusinvokermock005_fuzzer/dbinderdatabusinvokermock005_fuzzer.cpp @@ -93,7 +93,6 @@ void OnDatabusSessionServerSideClosedFuzzTest(FuzzedDataProvider &provider) { int32_t socketId = provider.ConsumeIntegral(); DBinderDatabusInvoker invoker; - invoker.OnDatabusSessionServerSideClosed(socketId); IPCProcessSkeleton *current = new (std::nothrow) IPCProcessSkeleton(); sptr stubObject = sptr::MakeSptr(); @@ -101,9 +100,9 @@ void OnDatabusSessionServerSideClosedFuzzTest(FuzzedDataProvider &provider) return; } current->exitFlag_ = false; + current->AddStubByIndex(stubObject.GetRefPtr()); uint64_t stubIndex = current->randNum_; std::list stubIndexs = {stubIndex}; - current->AddStubByIndex(stubObject.GetRefPtr()); NiceMock mock; EXPECT_CALL(mock, GetCurrent()).WillRepeatedly(Return(current)); EXPECT_CALL(mock, DetachAppAuthInfoBySocketId(socketId)).WillOnce(Return(stubIndexs)); diff --git a/test/fuzztest/ipc/native/src/mock/ipcobjectproxymock/ipcobjectproxymock001_fuzzer/ipcobjectproxymock001_fuzzer.cpp b/test/fuzztest/ipc/native/src/mock/ipcobjectproxymock/ipcobjectproxymock001_fuzzer/ipcobjectproxymock001_fuzzer.cpp index 4ede96d1..01a5f8c2 100644 --- a/test/fuzztest/ipc/native/src/mock/ipcobjectproxymock/ipcobjectproxymock001_fuzzer/ipcobjectproxymock001_fuzzer.cpp +++ b/test/fuzztest/ipc/native/src/mock/ipcobjectproxymock/ipcobjectproxymock001_fuzzer/ipcobjectproxymock001_fuzzer.cpp @@ -96,19 +96,6 @@ int IPCObjectProxy::SendRequestInner(bool isLocal, uint32_t code, MessageParcel } void GetSessionNameForPidUidFuzzTest001(FuzzedDataProvider &provider) -{ - sptr proxy = CreateIPCObjectProxy(provider); - if (proxy == nullptr) { - return; - } - int pid = provider.ConsumeIntegral(); - int uid = provider.ConsumeIntegral(); - NiceMock mock; - EXPECT_CALL(mock, WriteUint32(_)).WillRepeatedly(Return(true)); - proxy->GetSessionNameForPidUid(pid, uid); -} - -void GetSessionNameForPidUidFuzzTest002(FuzzedDataProvider &provider) { sptr proxy = CreateIPCObjectProxy(provider); if (proxy == nullptr) { @@ -153,7 +140,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) /* Run your code on data */ FuzzedDataProvider provider(data, size); OHOS::GetSessionNameForPidUidFuzzTest001(provider); - OHOS::GetSessionNameForPidUidFuzzTest002(provider); OHOS::RemoveSessionNameFuzzTest(provider); OHOS::WaitForInitFuzzTest(provider); return 0; diff --git a/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/BUILD.gn b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/BUILD.gn new file mode 100644 index 00000000..7216504f --- /dev/null +++ b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/BUILD.gn @@ -0,0 +1,45 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +SUBSYSTEM_DIR = "//foundation/communication/ipc" + +##############################fuzztest########################################## +ohos_fuzztest("IPCWorkThreadMockFuzzTest") { + module_out_path = "ipc/ipc" + fuzz_config_file = "../ipcworkthreadmock_fuzzer" + + include_dirs = [ + "../../../include", + "$SUBSYSTEM_DIR/utils/include", + ] + + sources = [ "ipcworkthreadmock_fuzzer.cpp" ] + + deps = [ "$SUBSYSTEM_DIR/interfaces/innerkits/ipc_single:ipc_single_test" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "googletest:gmock", + "googletest:gtest", + ] + + defines = [ + "private = public", + "protected = public", + ] + resource_config_file = "$SUBSYSTEM_DIR/test/resource/ipc/ohos_test.xml" +} diff --git a/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/corpus/init b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/corpus/init new file mode 100644 index 00000000..7ade8a0f --- /dev/null +++ b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.cpp b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.cpp new file mode 100644 index 00000000..4fb2a64e --- /dev/null +++ b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.cpp @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "ipcworkthreadmock_fuzzer.h" +#include +#include +#include +#include "binder_invoker.h" +#include "ipc_thread_skeleton.h" +#include "ipc_workthread.h" +#include "iremote_invoker.h" + +using namespace testing; +using namespace testing::ext; + +namespace OHOS { + +static constexpr size_t MAX_STR_LEN = 100; + +using threadPolicy = decltype(IPCWorkThread::SPAWN_PASSIVE); +static const std::vector policyList = { + IPCWorkThread::SPAWN_PASSIVE, + IPCWorkThread::SPAWN_ACTIVE, + IPCWorkThread::PROCESS_PASSIVE, + IPCWorkThread::PROCESS_ACTIVE +}; + +class IPCWorkThreadInterface { +public: + IPCWorkThreadInterface() {}; + virtual ~IPCWorkThreadInterface() {}; + + virtual IRemoteInvoker *GetRemoteInvoker(int proto) = 0; +}; + +class IPCWorkThreadInterfaceMock : public IPCWorkThreadInterface { +public: + IPCWorkThreadInterfaceMock(); + ~IPCWorkThreadInterfaceMock() override; + + MOCK_METHOD1(GetRemoteInvoker, IRemoteInvoker *(int)); +}; + +static void *g_interface = nullptr; + +IPCWorkThreadInterfaceMock::IPCWorkThreadInterfaceMock() +{ + g_interface = reinterpret_cast(this); +} + +IPCWorkThreadInterfaceMock::~IPCWorkThreadInterfaceMock() +{ + g_interface = nullptr; +} + +static IPCWorkThreadInterface *GetIPCWorkThreadInterface() +{ + return reinterpret_cast(g_interface); +} + +extern "C" { + IRemoteInvoker *IPCThreadSkeleton::GetRemoteInvoker(int proto) + { + if (GetIPCWorkThreadInterface() == nullptr) { + return nullptr; + } + return GetIPCWorkThreadInterface()->GetRemoteInvoker(proto); + } +} + +void ThreadHandlerFuzzTest(FuzzedDataProvider &provider) +{ + std::string threadName = provider.ConsumeRandomLengthString(MAX_STR_LEN); + IPCWorkThread ipcWorkThread(threadName); + ipcWorkThread.ThreadHandler(nullptr); +} + +void JoinThreadFuzzTest(FuzzedDataProvider &provider) +{ + int proto = provider.ConsumeIntegral(); + int policy = provider.ConsumeIntegral(); + std::string threadName = provider.ConsumeRandomLengthString(MAX_STR_LEN); + NiceMock mock; + EXPECT_CALL(mock, GetRemoteInvoker).WillRepeatedly(testing::Return(nullptr)); + IPCWorkThread ipcWorkThread(threadName); + ipcWorkThread.JoinThread(proto, policy); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + FuzzedDataProvider provider(data, size); + OHOS::ThreadHandlerFuzzTest(provider); + OHOS::JoinThreadFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.h b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.h new file mode 100644 index 00000000..eb730429 --- /dev/null +++ b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/ipcworkthreadmock_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef IPCWORKTHREADMOCK_FUZZER_H +#define IPCWORKTHREADMOCK_FUZZER_H + +#define FUZZ_PROJECT_NAME "ipcworkthreadmock_fuzzer" + +#endif // IPCWORKTHREADMOCK_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/project.xml b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/project.xml new file mode 100644 index 00000000..226522bd --- /dev/null +++ b/test/fuzztest/ipc/native/src/mock/ipcworkthreadmock_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 10000 + + 300 + + 4096 + + diff --git a/test/resource/ipc/ohos_test.xml b/test/resource/ipc/ohos_test.xml index ffa38ff9..892dde28 100644 --- a/test/resource/ipc/ohos_test.xml +++ b/test/resource/ipc/ohos_test.xml @@ -515,4 +515,10 @@