From cc78563f127b48bee675b70878667ed34c458839 Mon Sep 17 00:00:00 2001 From: wujiqin Date: Thu, 27 Oct 2022 16:03:57 +0800 Subject: [PATCH] =?UTF-8?q?IssueNo:https://gitee.com/openharmony/notificat?= =?UTF-8?q?ion=5Feventhandler/issues/I5Y20F=3Ffrom=3Dproject-issue=20Descr?= =?UTF-8?q?iption:=E8=A6=86=E7=9B=96=E7=8E=87=E6=8F=90=E5=8D=87fuzz=20Sig:?= =?UTF-8?q?SIG=5FApplicationFramework=20Feature=20or=20Bugfix:Bugfix=20Bin?= =?UTF-8?q?ary=20Source:=20No?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wujiqin Change-Id: I28139519696d34c92d034340ed5969511fb6bcbe --- bundle.json | 1 + test/fuzztest/BUILD.gn | 25 +++++ test/fuzztest/epolliowaiter_fuzzer/BUILD.gn | 49 ++++++++++ .../fuzztest/epolliowaiter_fuzzer/corpus/init | 13 +++ .../epolliowaiter_fuzzer.cpp | 67 ++++++++++++++ .../epolliowaiter_fuzzer.h | 29 ++++++ .../fuzztest/epolliowaiter_fuzzer/project.xml | 25 +++++ test/fuzztest/eventhandler_fuzzer/BUILD.gn | 49 ++++++++++ test/fuzztest/eventhandler_fuzzer/corpus/init | 13 +++ .../eventhandler_fuzzer.cpp | 92 +++++++++++++++++++ .../eventhandler_fuzzer/eventhandler_fuzzer.h | 29 ++++++ test/fuzztest/eventhandler_fuzzer/project.xml | 25 +++++ .../eventhandlerannex_fuzzer/BUILD.gn | 49 ++++++++++ .../eventhandlerannex_fuzzer/corpus/init | 13 +++ .../eventhandlerannex_fuzzer.cpp | 69 ++++++++++++++ .../eventhandlerannex_fuzzer.h | 29 ++++++ .../eventhandlerannex_fuzzer/project.xml | 25 +++++ .../BUILD.gn | 51 ++++++++++ .../corpus/init | 13 +++ .../nativeimplementeventhandler_fuzzer.cpp | 68 ++++++++++++++ .../nativeimplementeventhandler_fuzzer.h | 29 ++++++ .../project.xml | 25 +++++ 22 files changed, 788 insertions(+) create mode 100644 test/fuzztest/BUILD.gn create mode 100644 test/fuzztest/epolliowaiter_fuzzer/BUILD.gn create mode 100644 test/fuzztest/epolliowaiter_fuzzer/corpus/init create mode 100644 test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.cpp create mode 100644 test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.h create mode 100644 test/fuzztest/epolliowaiter_fuzzer/project.xml create mode 100644 test/fuzztest/eventhandler_fuzzer/BUILD.gn create mode 100644 test/fuzztest/eventhandler_fuzzer/corpus/init create mode 100644 test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.cpp create mode 100644 test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.h create mode 100644 test/fuzztest/eventhandler_fuzzer/project.xml create mode 100644 test/fuzztest/eventhandlerannex_fuzzer/BUILD.gn create mode 100644 test/fuzztest/eventhandlerannex_fuzzer/corpus/init create mode 100644 test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.cpp create mode 100644 test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.h create mode 100644 test/fuzztest/eventhandlerannex_fuzzer/project.xml create mode 100644 test/fuzztest/nativeimplementeventhandler_fuzzer/BUILD.gn create mode 100644 test/fuzztest/nativeimplementeventhandler_fuzzer/corpus/init create mode 100644 test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.cpp create mode 100644 test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.h create mode 100644 test/fuzztest/nativeimplementeventhandler_fuzzer/project.xml diff --git a/bundle.json b/bundle.json index f822aef..904cd7c 100644 --- a/bundle.json +++ b/bundle.json @@ -69,6 +69,7 @@ "test": [ "//base/notification/eventhandler/frameworks/eventhandler/test:unittest", "//base/notification/eventhandler/frameworks/test/moduletest:moduletest", + "//base/notification/eventhandler/test/fuzztest:fuzztest", "//base/notification/eventhandler/test/systemtest:systemtest" ] } diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn new file mode 100644 index 0000000..2134076 --- /dev/null +++ b/test/fuzztest/BUILD.gn @@ -0,0 +1,25 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//base/notification/eventhandler/eventhandler.gni") + +group("fuzztest") { + testonly = true + + deps = [ + "epolliowaiter_fuzzer:EpollIoWaiterFuzzTest", + "eventhandler_fuzzer:EventHandlerFuzzTest", + "eventhandlerannex_fuzzer:EventHandlerAnnexFuzzTest", + "nativeimplementeventhandler_fuzzer:NativeImplementEventHandlerFuzzTest", + ] +} diff --git a/test/fuzztest/epolliowaiter_fuzzer/BUILD.gn b/test/fuzztest/epolliowaiter_fuzzer/BUILD.gn new file mode 100644 index 0000000..60f05c5 --- /dev/null +++ b/test/fuzztest/epolliowaiter_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//base/notification/eventhandler/eventhandler.gni") +import("//build/config/features.gni") +import("//build/test.gni") +module_output_path = "eventhandler/fuzztest" + +##############################fuzztest########################################## +ohos_fuzztest("EpollIoWaiterFuzzTest") { + module_out_path = module_output_path + fuzz_config_file = + "//base/notification/eventhandler/test/fuzztest/epolliowaiter_fuzzer" + + include_dirs = [] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "epolliowaiter_fuzzer.cpp" ] + + deps = [ "${frameworks_path}/eventhandler:libeventhandler" ] + + external_deps = [ + "c_utils:utils", + "ipc:ipc_core", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + deps = [] + deps += [ ":EpollIoWaiterFuzzTest" ] +} +############################################################################### diff --git a/test/fuzztest/epolliowaiter_fuzzer/corpus/init b/test/fuzztest/epolliowaiter_fuzzer/corpus/init new file mode 100644 index 0000000..1b91014 --- /dev/null +++ b/test/fuzztest/epolliowaiter_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.cpp b/test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.cpp new file mode 100644 index 0000000..f30dccd --- /dev/null +++ b/test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define private public +#define protected public +#include "epoll_io_waiter.h" +#undef private +#undef protected + +#include "epolliowaiter_fuzzer.h" +#include "securec.h" + +namespace OHOS { +namespace { + constexpr size_t U32_AT_SIZE = 4; +} +bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) +{ + int32_t fileDescriptor = U32_AT(reinterpret_cast(data)); + OHOS::AppExecFwk::EpollIoWaiter epollIoWaiter; + epollIoWaiter.SupportListeningFileDescriptor(); + epollIoWaiter.RemoveFileDescriptor(fileDescriptor); + return true; +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + if (size < OHOS::U32_AT_SIZE) { + return 0; + } + + char* ch = (char *)malloc(size + 1); + if (ch == nullptr) { + return 0; + } + + (void)memset_s(ch, size + 1, 0x00, size + 1); + if (memcpy_s(ch, size, data, size) != EOK) { + free(ch); + ch = nullptr; + return 0; + } + + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + return 0; +} diff --git a/test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.h b/test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.h new file mode 100644 index 0000000..0240e53 --- /dev/null +++ b/test/fuzztest/epolliowaiter_fuzzer/epolliowaiter_fuzzer.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_EPOLLIOWAITER_FUZZER_EPOLLIOWAITER_FUZZER_H +#define TEST_FUZZTEST_EPOLLIOWAITER_FUZZER_EPOLLIOWAITER_FUZZER_H + +#define FUZZ_PROJECT_NAME "epolliowaiter_fuzzer" + +#include + +uint32_t U32_AT(const uint8_t *ptr) +{ + // convert fuzz input data to an integer + return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; +} + +#endif // TEST_FUZZTEST_EPOLLIOWAITER_FUZZER_EPOLLIOWAITER_FUZZER_H diff --git a/test/fuzztest/epolliowaiter_fuzzer/project.xml b/test/fuzztest/epolliowaiter_fuzzer/project.xml new file mode 100644 index 0000000..6e8ad2c --- /dev/null +++ b/test/fuzztest/epolliowaiter_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/eventhandler_fuzzer/BUILD.gn b/test/fuzztest/eventhandler_fuzzer/BUILD.gn new file mode 100644 index 0000000..94225fd --- /dev/null +++ b/test/fuzztest/eventhandler_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//base/notification/eventhandler/eventhandler.gni") +import("//build/config/features.gni") +import("//build/test.gni") +module_output_path = "eventhandler/fuzztest" + +##############################fuzztest########################################## +ohos_fuzztest("EventHandlerFuzzTest") { + module_out_path = module_output_path + fuzz_config_file = + "//base/notification/eventhandler/test/fuzztest/eventhandler_fuzzer" + + include_dirs = [] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "eventhandler_fuzzer.cpp" ] + + deps = [ "${frameworks_path}/eventhandler:libeventhandler" ] + + external_deps = [ + "c_utils:utils", + "ipc:ipc_core", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + deps = [] + deps += [ ":EventHandlerFuzzTest" ] +} +############################################################################### diff --git a/test/fuzztest/eventhandler_fuzzer/corpus/init b/test/fuzztest/eventhandler_fuzzer/corpus/init new file mode 100644 index 0000000..1b91014 --- /dev/null +++ b/test/fuzztest/eventhandler_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.cpp b/test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.cpp new file mode 100644 index 0000000..e2b15f6 --- /dev/null +++ b/test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.cpp @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define private public +#define protected public +#include "event_handler.h" +#undef private +#undef protected + +#include "eventhandler_fuzzer.h" +#include "securec.h" + +namespace OHOS { +namespace { + constexpr size_t U32_AT_SIZE = 4; +} + +class DumperTest : public AppExecFwk::Dumper { +public: + DumperTest() = default; + virtual ~DumperTest() + {}; + void Dump(const std::string &message) override + {} + std::string GetTag() override + { + return {}; + } +}; + +bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) +{ + std::shared_ptr runner = nullptr; + AppExecFwk::EventHandler eventHandler(runner); + uint32_t innerEventId = *data; + std::list events; + AppExecFwk::InnerEvent::Pointer event = std::move(events.front()); + int64_t taskTime = U32_AT(reinterpret_cast(data)); + AppExecFwk::EventQueue::Priority priority = AppExecFwk::EventQueue::Priority::LOW; + int32_t fileDescriptor = U32_AT(reinterpret_cast(data)); + DumperTest dumper; + eventHandler.Dump(dumper); + eventHandler.GetEventName(event); + eventHandler.ProcessEvent(event); + eventHandler.RemoveAllFileDescriptorListeners(); + eventHandler.SendTimingEvent(event, taskTime, priority); + eventHandler.RemoveFileDescriptorListener(fileDescriptor); + return eventHandler.HasInnerEvent(innerEventId); +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + if (size < OHOS::U32_AT_SIZE) { + return 0; + } + + char* ch = (char *)malloc(size + 1); + if (ch == nullptr) { + return 0; + } + + (void)memset_s(ch, size + 1, 0x00, size + 1); + if (memcpy_s(ch, size, data, size) != EOK) { + free(ch); + ch = nullptr; + return 0; + } + + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + return 0; +} diff --git a/test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.h b/test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.h new file mode 100644 index 0000000..1144224 --- /dev/null +++ b/test/fuzztest/eventhandler_fuzzer/eventhandler_fuzzer.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_EVENTHANDLER_FUZZER_EVENTHANDLER_FUZZER_H +#define TEST_FUZZTEST_EVENTHANDLER_FUZZER_EVENTHANDLER_FUZZER_H + +#define FUZZ_PROJECT_NAME "eventhandler_fuzzer" + +#include + +uint32_t U32_AT(const uint8_t *ptr) +{ + // convert fuzz input data to an integer + return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; +} + +#endif // TEST_FUZZTEST_EVENTHANDLER_FUZZER_EVENTHANDLER_FUZZER_H diff --git a/test/fuzztest/eventhandler_fuzzer/project.xml b/test/fuzztest/eventhandler_fuzzer/project.xml new file mode 100644 index 0000000..6e8ad2c --- /dev/null +++ b/test/fuzztest/eventhandler_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/eventhandlerannex_fuzzer/BUILD.gn b/test/fuzztest/eventhandlerannex_fuzzer/BUILD.gn new file mode 100644 index 0000000..d10390e --- /dev/null +++ b/test/fuzztest/eventhandlerannex_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//base/notification/eventhandler/eventhandler.gni") +import("//build/config/features.gni") +import("//build/test.gni") +module_output_path = "eventhandler/fuzztest" + +##############################fuzztest########################################## +ohos_fuzztest("EventHandlerAnnexFuzzTest") { + module_out_path = module_output_path + fuzz_config_file = + "//base/notification/eventhandler/test/fuzztest/eventhandlerannex_fuzzer" + + include_dirs = [ "${inner_api_path}" ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "eventhandlerannex_fuzzer.cpp" ] + + deps = [ "${frameworks_path}/eventhandler:libeventhandler" ] + + external_deps = [ + "c_utils:utils", + "ipc:ipc_core", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + deps = [] + deps += [ ":EventHandlerAnnexFuzzTest" ] +} +############################################################################### diff --git a/test/fuzztest/eventhandlerannex_fuzzer/corpus/init b/test/fuzztest/eventhandlerannex_fuzzer/corpus/init new file mode 100644 index 0000000..1b91014 --- /dev/null +++ b/test/fuzztest/eventhandlerannex_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.cpp b/test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.cpp new file mode 100644 index 0000000..fa1f0ed --- /dev/null +++ b/test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "native_implement_eventhandler.h" +#include "eventhandlerannex_fuzzer.h" +#include "file_descriptor_listener.h" +#include "securec.h" + +namespace OHOS { +namespace { + constexpr size_t U32_AT_SIZE = 4; + constexpr uint8_t ENABLE = 2; +} +bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) +{ + bool current = *data % ENABLE; + if (current == 1) { + EventRunnerNativeImplement eventRunnerNativeImplement(current); + eventRunnerNativeImplement.RunEventRunnerNativeObj(); + eventRunnerNativeImplement.StopEventRunnerNativeObj(); + eventRunnerNativeImplement.GetEventRunnerNativeObj(); + return true; + } else { + return false; + } +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + if (size < OHOS::U32_AT_SIZE) { + return 0; + } + + char* ch = (char *)malloc(size + 1); + if (ch == nullptr) { + return 0; + } + + (void)memset_s(ch, size + 1, 0x00, size + 1); + if (memcpy_s(ch, size, data, size) != EOK) { + free(ch); + ch = nullptr; + return 0; + } + + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + return 0; +} diff --git a/test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.h b/test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.h new file mode 100644 index 0000000..dac9b9a --- /dev/null +++ b/test/fuzztest/eventhandlerannex_fuzzer/eventhandlerannex_fuzzer.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_EVENTHANDLERANNEX_FUZZER_EVENTHANDLERANNEX_FUZZER_H +#define TEST_FUZZTEST_EVENTHANDLERANNEX_FUZZER_EVENTHANDLERANNEX_FUZZER_H + +#define FUZZ_PROJECT_NAME "eventhandlerannex_fuzzer" + +#include + +uint32_t U32_AT(const uint8_t *ptr) +{ + // convert fuzz input data to an integer + return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; +} + +#endif // TEST_FUZZTEST_EVENTHANDLERANNEX_FUZZER_EVENTHANDLERANNEX_FUZZER_H diff --git a/test/fuzztest/eventhandlerannex_fuzzer/project.xml b/test/fuzztest/eventhandlerannex_fuzzer/project.xml new file mode 100644 index 0000000..6e8ad2c --- /dev/null +++ b/test/fuzztest/eventhandlerannex_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/nativeimplementeventhandler_fuzzer/BUILD.gn b/test/fuzztest/nativeimplementeventhandler_fuzzer/BUILD.gn new file mode 100644 index 0000000..4bc2321 --- /dev/null +++ b/test/fuzztest/nativeimplementeventhandler_fuzzer/BUILD.gn @@ -0,0 +1,51 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//base/notification/eventhandler/eventhandler.gni") +import("//build/config/features.gni") +import("//build/test.gni") +module_output_path = "eventhandler/fuzztest" + +##############################fuzztest########################################## +ohos_fuzztest("NativeImplementEventHandlerFuzzTest") { + module_out_path = module_output_path + fuzz_config_file = "//base/notification/eventhandler/test/fuzztest/nativeimplementeventhandler_fuzzer" + + include_dirs = [ + "${inner_api_path}", + "//base/notification/eventhandler/interfaces/kits/native", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "nativeimplementeventhandler_fuzzer.cpp" ] + + deps = [ "${frameworks_path}/eventhandler:libeventhandler" ] + + external_deps = [ + "c_utils:utils", + "ipc:ipc_core", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + deps = [] + deps += [ ":NativeImplementEventHandlerFuzzTest" ] +} +############################################################################### diff --git a/test/fuzztest/nativeimplementeventhandler_fuzzer/corpus/init b/test/fuzztest/nativeimplementeventhandler_fuzzer/corpus/init new file mode 100644 index 0000000..1b91014 --- /dev/null +++ b/test/fuzztest/nativeimplementeventhandler_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.cpp b/test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.cpp new file mode 100644 index 0000000..899917b --- /dev/null +++ b/test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.cpp @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "native_implement_eventhandler.h" +#include "native_interface_eventhandler.h" +#include "nativeimplementeventhandler_fuzzer.h" +#include "securec.h" + +namespace OHOS { +namespace { + constexpr size_t U32_AT_SIZE = 4; + constexpr uint8_t ENABLE = 2; +} +bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) +{ + bool current = *data % ENABLE; + if (current == 0) { + int32_t fileDescriptor = U32_AT(reinterpret_cast(data)); + EventRunnerNativeImplement eventRunnerNativeImplement(current); + eventRunnerNativeImplement.RemoveFileDescriptorListener(fileDescriptor); + return true; + } else { + return false; + } +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + if (size < OHOS::U32_AT_SIZE) { + return 0; + } + + char* ch = (char *)malloc(size + 1); + if (ch == nullptr) { + return 0; + } + + (void)memset_s(ch, size + 1, 0x00, size + 1); + if (memcpy_s(ch, size, data, size) != EOK) { + free(ch); + ch = nullptr; + return 0; + } + + OHOS::DoSomethingInterestingWithMyAPI(ch, size); + free(ch); + ch = nullptr; + return 0; +} diff --git a/test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.h b/test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.h new file mode 100644 index 0000000..a697ad5 --- /dev/null +++ b/test/fuzztest/nativeimplementeventhandler_fuzzer/nativeimplementeventhandler_fuzzer.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_NATIVEIMPLEMENTEVENTHANDLER_FUZZER_NATIVEIMPLEMENTEVENTHANDLER_FUZZER_H +#define TEST_FUZZTEST_NATIVEIMPLEMENTEVENTHANDLER_FUZZER_NATIVEIMPLEMENTEVENTHANDLER_FUZZER_H + +#define FUZZ_PROJECT_NAME "nativeimplementeventhandler_fuzzer" + +#include + +uint32_t U32_AT(const uint8_t *ptr) +{ + // convert fuzz input data to an integer + return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3]; +} + +#endif // TEST_FUZZTEST_NATIVEIMPLEMENTEVENTHANDLER_FUZZER_NATIVEIMPLEMENTEVENTHANDLER_FUZZER_H diff --git a/test/fuzztest/nativeimplementeventhandler_fuzzer/project.xml b/test/fuzztest/nativeimplementeventhandler_fuzzer/project.xml new file mode 100644 index 0000000..6e8ad2c --- /dev/null +++ b/test/fuzztest/nativeimplementeventhandler_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + -- Gitee