From 5533da1ad1da30ccc2d1405436ebb32a456a9e8e Mon Sep 17 00:00:00 2001
From: zhang-cui11 <zhangcui11@huawei.com>
Date: Wed, 31 Aug 2022 10:33:14 +0800
Subject: [PATCH 1/2] fix fuzz test failed

Signed-off-by: zhang-cui11 <zhangcui11@huawei.com>
---
 src/elf_file.cpp                              | 20 +++++++++++--
 test/fuzztest/clientapi_fuzzer/project.xml    |  2 +-
 test/fuzztest/commandline_fuzzer/project.xml  |  2 +-
 .../elfparser_fuzzer/ElfParser_fuzzer.cpp     | 28 ++-----------------
 test/fuzztest/elfparser_fuzzer/project.xml    |  2 +-
 test/fuzztest/libreport_fuzzer/project.xml    |  2 +-
 .../perffile_fuzzer/PerfFile_fuzzer.cpp       |  5 ++--
 test/fuzztest/perffile_fuzzer/project.xml     |  2 +-
 8 files changed, 27 insertions(+), 36 deletions(-)

diff --git a/src/elf_file.cpp b/src/elf_file.cpp
index 1268c4c..3b58238 100644
--- a/src/elf_file.cpp
+++ b/src/elf_file.cpp
@@ -35,7 +35,6 @@ ElfFile::ElfFile(const std::string &filename)
             HLOGE("unable to check the file size");
         } else {
             HLOGD("file stat size %" PRIu64 "", sb.st_size);
-
             mmap_ = mmap(0, sb.st_size, PROT_READ, MAP_PRIVATE, fd_, 0);
             if (mmap_ == MMAP_FAILED) {
                 HLOGE("unable to map the file size %" PRIu64 " ", sb.st_size);
@@ -180,10 +179,13 @@ bool ElfFile::ParseSecNamesStr()
     }
     delete[] shdrBuf;
     shdrBuf = nullptr;
-
     // get content of string section table
     uint64_t secOffset = shdrs_[secName]->fileOffset_;
     size_t secSize = shdrs_[secName]->secSize_;
+    if (secSize > mmapSize_ || mmapSize_ == 0) {
+        HLOGE("secSize is too large secSize: %" PRIu64 " mmapSize_: %" PRIu64 "", secSize, mmapSize_);
+        return false;
+    }
     ret = lseek(fd_, secOffset, SEEK_SET);
     HLOG_ASSERT(ret == static_cast<int64_t>(secOffset));
     char *secNamesBuf = new (std::nothrow) char[secSize];
@@ -261,6 +263,11 @@ bool ElfFile::ParseSymTable(const SectionHeader *shdr)
     HLOG_ASSERT(ret == static_cast<int64_t>(secOffset));
     uint64_t secSize = shdr->secSize_;
     uint64_t entrySize = shdr->secEntrySize_;
+    if (entrySize > mmapSize_ || secSize > mmapSize_ || mmapSize_ == 0) {
+        HLOGE("entrySize or secSize is too large secSize: %" PRIu64 " entrySize: %" PRIu64 " mmapSize_: %" PRIu64 "",
+            secSize, entrySize, mmapSize_);
+        return false;
+    }
     char *secBuf = new (std::nothrow) char[secSize];
     if (secBuf == nullptr) {
         HLOGE("Error in EFL::ElfFile::ParseSymTable(): new failed");
@@ -289,6 +296,10 @@ bool ElfFile::ParseSymNamesStr()
     const auto &shdr = shdrs_[secName];
     uint64_t secOffset = shdr->fileOffset_;
     uint64_t secSize = shdr->secSize_;
+    if (secSize > mmapSize_ || mmapSize_ == 0) {
+        HLOGE("secSize is too large secSize: %" PRIu64 " mmapSize_: %" PRIu64 "", secSize, mmapSize_);
+        return false;
+    }
     int64_t ret = lseek(fd_, secOffset, SEEK_SET);
     HLOG_ASSERT(ret >= 0);
     char *secBuf = new (std::nothrow) char[secSize];
@@ -323,6 +334,11 @@ bool ElfFile::ParseDynSymTable()
     HLOG_ASSERT(ret == static_cast<int64_t>(secOffset));
     uint64_t secSize = shdr->secSize_;
     uint64_t entrySize = shdr->secEntrySize_;
+    if (entrySize > mmapSize_ || secSize > mmapSize_ || mmapSize_ == 0) {
+        HLOGE("entrySize or secSize is too large secSize: %" PRIu64 " entrySize: %" PRIu64 " mmapSize_: %" PRIu64 "",
+            secSize, entrySize, mmapSize_);
+        return false;
+    }
     char *secBuf = new (std::nothrow) char[secSize];
     if (secBuf == nullptr) {
         HLOGE("Error in EFL::ElfFile::ParseDynSymTable(): new failed");
diff --git a/test/fuzztest/clientapi_fuzzer/project.xml b/test/fuzztest/clientapi_fuzzer/project.xml
index 4e051b8..85e7ef2 100644
--- a/test/fuzztest/clientapi_fuzzer/project.xml
+++ b/test/fuzztest/clientapi_fuzzer/project.xml
@@ -18,7 +18,7 @@
     <!-- maximum length of a test input -->
     <max_len>1000</max_len>
     <!-- maximum total time in seconds to run the fuzzer -->
-    <max_total_time>30</max_total_time>
+    <max_total_time>300</max_total_time>
     <!-- memory usage limit in Mb -->
     <rss_limit_mb>4096</rss_limit_mb>
   </fuzztest>
diff --git a/test/fuzztest/commandline_fuzzer/project.xml b/test/fuzztest/commandline_fuzzer/project.xml
index 4e051b8..85e7ef2 100644
--- a/test/fuzztest/commandline_fuzzer/project.xml
+++ b/test/fuzztest/commandline_fuzzer/project.xml
@@ -18,7 +18,7 @@
     <!-- maximum length of a test input -->
     <max_len>1000</max_len>
     <!-- maximum total time in seconds to run the fuzzer -->
-    <max_total_time>30</max_total_time>
+    <max_total_time>300</max_total_time>
     <!-- memory usage limit in Mb -->
     <rss_limit_mb>4096</rss_limit_mb>
   </fuzztest>
diff --git a/test/fuzztest/elfparser_fuzzer/ElfParser_fuzzer.cpp b/test/fuzztest/elfparser_fuzzer/ElfParser_fuzzer.cpp
index f0b8b4d..b807fde 100644
--- a/test/fuzztest/elfparser_fuzzer/ElfParser_fuzzer.cpp
+++ b/test/fuzztest/elfparser_fuzzer/ElfParser_fuzzer.cpp
@@ -20,25 +20,6 @@ using namespace OHOS::Developtools::HiPerf;
 using namespace OHOS::Developtools::HiPerf::ELF;
 class ElfFileFuzzer : public ElfFile {
 public:
-    const char *dataPtr_ = nullptr;
-    size_t dataSize_ = 0;
-    size_t FuzzerTime_ = 0; // when we make a fuzzer read
-
-    ssize_t ReadFile(void *buf, size_t len) override
-    {
-        if (FuzzerTime_ != 0 or dataSize_ == 0) {
-            FuzzerTime_--;
-            return ElfFile::ReadFile(buf, len);
-        } else {
-            HLOGV("fuzz read %zu/%zu\n", dataSize_, len);
-            if (ElfFile::ReadFile(buf, len) != 0) {
-                std::copy(dataPtr_, dataPtr_ + std::min(len, dataSize_),
-                          reinterpret_cast<char *>(buf));
-            }
-            return len;
-        }
-    }
-
     explicit ElfFileFuzzer(const std::string &filename) : ElfFile(filename) {}
 
     static std::unique_ptr<ElfFileFuzzer> MakeUnique(const std::string &filename,
@@ -49,9 +30,6 @@ public:
             HLOGE("Error in ElfFile::MakeUnique(): ElfFile::ElfFile() failed");
             return nullptr;
         }
-        file->dataPtr_ = reinterpret_cast<const char *>(data);
-        file->dataSize_ = size;
-        file->FuzzerTime_ = size;
         if (!file->IsOpened()) {
             HLOGE("Error in ElfFile::MakeUnique(): elf file not opened");
             return nullptr;
@@ -68,11 +46,9 @@ bool FuzzElfFile(const uint8_t *data, size_t size)
 {
     const std::string testData = "/data/test/resource/testdata/elf_test";
     HLOGV("test data size %zu\n", size);
-    return true;
     if (size == 0) {
         return true;
     }
-
     FILE *fp = fopen(testData.c_str(), "ab");
     if (fp == nullptr) {
         printf("fail to append file %s\n", testData.c_str());
@@ -90,8 +66,8 @@ bool FuzzElfFile(const uint8_t *data, size_t size)
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
 #ifdef DEBUG_HIPERF_FUZZ
-    ScopeDebugLevel mix(LEVEL_DEBUG, true);
-    DebugLogger::GetInstance()->Disable(false);
+    OHOS::ScopeDebugLevel mix(OHOS::LEVEL_DEBUG, true);
+    OHOS::DebugLogger::GetInstance()->Disable(false);
 #else
     OHOS::Developtools::HiPerf::StdoutRecord noStdOut("/dev/null", "w");
 #endif
diff --git a/test/fuzztest/elfparser_fuzzer/project.xml b/test/fuzztest/elfparser_fuzzer/project.xml
index 4e051b8..85e7ef2 100644
--- a/test/fuzztest/elfparser_fuzzer/project.xml
+++ b/test/fuzztest/elfparser_fuzzer/project.xml
@@ -18,7 +18,7 @@
     <!-- maximum length of a test input -->
     <max_len>1000</max_len>
     <!-- maximum total time in seconds to run the fuzzer -->
-    <max_total_time>30</max_total_time>
+    <max_total_time>300</max_total_time>
     <!-- memory usage limit in Mb -->
     <rss_limit_mb>4096</rss_limit_mb>
   </fuzztest>
diff --git a/test/fuzztest/libreport_fuzzer/project.xml b/test/fuzztest/libreport_fuzzer/project.xml
index 4e051b8..85e7ef2 100644
--- a/test/fuzztest/libreport_fuzzer/project.xml
+++ b/test/fuzztest/libreport_fuzzer/project.xml
@@ -18,7 +18,7 @@
     <!-- maximum length of a test input -->
     <max_len>1000</max_len>
     <!-- maximum total time in seconds to run the fuzzer -->
-    <max_total_time>30</max_total_time>
+    <max_total_time>300</max_total_time>
     <!-- memory usage limit in Mb -->
     <rss_limit_mb>4096</rss_limit_mb>
   </fuzztest>
diff --git a/test/fuzztest/perffile_fuzzer/PerfFile_fuzzer.cpp b/test/fuzztest/perffile_fuzzer/PerfFile_fuzzer.cpp
index cf21b5f..0318a08 100644
--- a/test/fuzztest/perffile_fuzzer/PerfFile_fuzzer.cpp
+++ b/test/fuzztest/perffile_fuzzer/PerfFile_fuzzer.cpp
@@ -61,7 +61,6 @@ bool FuzzPerfFileReader(const uint8_t *data, size_t size)
 {
     const std::string testData = "/data/test/resource/testdata/report_test.data";
     HLOGV("test data size %zu\n", size);
-    return true;
     if (size == 0) {
         return false;
     }
@@ -85,8 +84,8 @@ bool FuzzPerfFileReader(const uint8_t *data, size_t size)
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
 #ifdef DEBUG_HIPERF_FUZZ
-    ScopeDebugLevel mix(LEVEL_VERBOSE, true);
-    DebugLogger::GetInstance()->Disable(false);
+    OHOS::ScopeDebugLevel mix(OHOS::LEVEL_VERBOSE, true);
+    OHOS::DebugLogger::GetInstance()->Disable(false);
 #else
     OHOS::Developtools::HiPerf::StdoutRecord noStdOut("/dev/null", "w");
 #endif
diff --git a/test/fuzztest/perffile_fuzzer/project.xml b/test/fuzztest/perffile_fuzzer/project.xml
index 4e051b8..85e7ef2 100644
--- a/test/fuzztest/perffile_fuzzer/project.xml
+++ b/test/fuzztest/perffile_fuzzer/project.xml
@@ -18,7 +18,7 @@
     <!-- maximum length of a test input -->
     <max_len>1000</max_len>
     <!-- maximum total time in seconds to run the fuzzer -->
-    <max_total_time>30</max_total_time>
+    <max_total_time>300</max_total_time>
     <!-- memory usage limit in Mb -->
     <rss_limit_mb>4096</rss_limit_mb>
   </fuzztest>
-- 
Gitee


From 377c69df45ed5074559eae9b932de2a95ea42ac6 Mon Sep 17 00:00:00 2001
From: zhang-cui11 <zhangcui11@huawei.com>
Date: Wed, 31 Aug 2022 12:37:05 +0800
Subject: [PATCH 2/2] fix codex

Signed-off-by: zhang-cui11 <zhangcui11@huawei.com>
---
 src/elf_file.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/elf_file.cpp b/src/elf_file.cpp
index 3b58238..344036d 100644
--- a/src/elf_file.cpp
+++ b/src/elf_file.cpp
@@ -181,7 +181,7 @@ bool ElfFile::ParseSecNamesStr()
     shdrBuf = nullptr;
     // get content of string section table
     uint64_t secOffset = shdrs_[secName]->fileOffset_;
-    size_t secSize = shdrs_[secName]->secSize_;
+    uint64_t secSize = shdrs_[secName]->secSize_;
     if (secSize > mmapSize_ || mmapSize_ == 0) {
         HLOGE("secSize is too large secSize: %" PRIu64 " mmapSize_: %" PRIu64 "", secSize, mmapSize_);
         return false;
-- 
Gitee