diff --git a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp b/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp index 2b1f339e3d0abe399c6d767b1ac55907b00bf193..a202ce4b6ba5ecb982e38a3eae7206439d60de42 100644 --- a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp +++ b/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include +#include #include #include "message_parcel.h" @@ -103,19 +104,24 @@ bool CmdReleaseFuzzTest(const uint8_t *data, size_t size) void GetBundleNamesData(const uint8_t *data, size_t size, vector &bundleNames) { - for (size_t i = 0; i < size; i++) { - string param(reinterpret_cast(data), size); - string name = param + to_string(i); - if (size < sizeof(int64_t)) { - BIncrementalData data(name, 0); - bundleNames.push_back(data); - continue; - } - - int64_t nTime = *(reinterpret_cast(data)); - int fd = *(reinterpret_cast(data)); - int32_t priority = *(reinterpret_cast(data + sizeof(int32_t))); - string parameters = string(reinterpret_cast(data), size) + to_string(size - i); + int minLen = sizeof(int64_t) + sizeof(int) + sizeof(int32_t); + if (size < minLen + 1) { + return; + } + FuzzedDataProvider fdp(data, size); + uint8_t loop = fdp.ConsumeIntegral(); + size--; + if (loop == 0 || (minLen * loop) > size) { + return; + } + int blob = (size / loop); + int len = (blob - minLen) >> 1; + for (size_t i = 0, pos = 1; i < loop; i++, pos += blob) { + int64_t nTime = fdp.ConsumeIntegral(); + int fd = fdp.ConsumeIntegral(); + int32_t priority = fdp.ConsumeIntegral(); + string name(reinterpret_cast(data + pos + minLen), len); + string parameters(reinterpret_cast(data + pos + len + minLen), len); BIncrementalData incrementaData(name, nTime, fd, parameters, priority); bundleNames.push_back(incrementaData); } @@ -202,7 +208,7 @@ bool CmdPublishIncrementalFileFuzzTest(const uint8_t *data, size_t size) if (size > 0) { int pos = (size + 1) >> 1; std::string fileName(reinterpret_cast(data), pos); - std::string bundleName(reinterpret_cast(data) + pos, size - pos); + std::string bundleName(reinterpret_cast(data + pos), size - pos); uint32_t sn = 0; if (size > sizeof(uint32_t)) { sn = *(reinterpret_cast(data)); diff --git a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp index 73826f873c63f7a8d655e7f30ab6c38939031dd1..9a6e46113927a07fb242375553133ee2882cdd70 100644 --- a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp +++ b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp @@ -74,7 +74,7 @@ bool CmdPublishFileFuzzTest(const uint8_t *data, size_t size) if (size > 0) { int pos = (size + 1) >> 1; std::string fileName(reinterpret_cast(data), pos); - std::string bundleName(reinterpret_cast(data) + pos, size - pos); + std::string bundleName(reinterpret_cast(data + pos), size - pos); uint32_t sn = 0; if (size > sizeof(uint32_t)) { sn = *(reinterpret_cast(data)); diff --git a/test/fuzztest/backupservicestub_fuzzer/backupservicestub_fuzzer.cpp b/test/fuzztest/backupservicestub_fuzzer/backupservicestub_fuzzer.cpp index 6172e19b203b0f03082700c5c0da762fbffb4176..6b2c9cd2bd2c941ecd1b99aed4ba28be434fe3c2 100644 --- a/test/fuzztest/backupservicestub_fuzzer/backupservicestub_fuzzer.cpp +++ b/test/fuzztest/backupservicestub_fuzzer/backupservicestub_fuzzer.cpp @@ -526,7 +526,7 @@ bool CmdPublishIncrementalFileFuzzTest(sptr service, const uint8_t *dat int pos = 0; BFileInfo info; int fd = TypeCast(data, &pos); - info.sn = TypeCast(data, &pos); + info.sn = TypeCast(data + pos, &pos); int len = (size - pos) >> 1; info.owner = string(reinterpret_cast(data + pos), len); info.fileName = string(reinterpret_cast(data + pos + len), len); diff --git a/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp b/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp index 96cd65d2e32e7fd6184fbcefff5220535dbbc9ab..271813d4aa5a1aed6eb4db18d88bb2efaa948fb7 100644 --- a/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp +++ b/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp @@ -51,7 +51,7 @@ bool BackupOnFileReadyFuzzTest(sptr service, const uint8_t *data try { int pos = 0; int fd = TypeCast(data, &pos); - bool fdFlag = TypeCast(data, &pos); + bool fdFlag = TypeCast(data + pos, &pos); int len = ((size - pos) >> 1); msg.WriteString(string(reinterpret_cast(data + pos), len)); msg.WriteString(string(reinterpret_cast(data + pos + len), size - pos - len)); @@ -258,8 +258,8 @@ bool RestoreOnFileReadyFuzzTest(sptr service, const uint8_t *dat try { int pos = 0; int fd = TypeCast(data, &pos); - bool fdFlag = TypeCast(data, &pos); - int32_t errCode = TypeCast(data, &pos); + bool fdFlag = TypeCast(data + pos, &pos); + int32_t errCode = TypeCast(data + pos, &pos); int len = ((size - pos) >> 1); msg.WriteString(string(reinterpret_cast(data + pos), len)); msg.WriteString(string(reinterpret_cast(data + pos + len), size - pos - len)); @@ -330,9 +330,9 @@ bool IncrementalBackupOnFileReadyFuzzTest(sptr service, const ui try { int pos = 0; int fd = TypeCast(data, &pos); - int manifestFd = TypeCast(data, &pos); - bool fdFlag = TypeCast(data, &pos); - int32_t errCode = TypeCast(data, &pos); + int manifestFd = TypeCast(data + pos, &pos); + bool fdFlag = TypeCast(data + pos, &pos); + int32_t errCode = TypeCast(data + pos, &pos); int len = ((size - pos) >> 1); msg.WriteString(string(reinterpret_cast(data + pos), len)); msg.WriteString(string(reinterpret_cast(data + pos + len), size - pos - len)); @@ -541,9 +541,9 @@ bool IncrementalRestoreOnFileReadyFuzzTest(sptr service, const u try { int pos = 0; int fd = TypeCast(data, &pos); - int manifestFd = TypeCast(data, &pos); - bool fdFlag = TypeCast(data, &pos); - int32_t errCode = TypeCast(data, &pos); + int manifestFd = TypeCast(data + pos, &pos); + bool fdFlag = TypeCast(data + pos, &pos); + int32_t errCode = TypeCast(data + pos, &pos); int len = ((size - pos) >> 1); msg.WriteString(string(reinterpret_cast(data + pos), len)); msg.WriteString(string(reinterpret_cast(data + pos + len), size - pos - len));