From 8394534a5cc73794d82389d358f66de430357034 Mon Sep 17 00:00:00 2001 From: wangpggg Date: Thu, 29 May 2025 17:52:28 +0800 Subject: [PATCH] add fuzz Signed-off-by: wangpeng --- .../backupext_fuzzer/backupext_fuzzer.cpp | 17 ++++++++ .../servicereverse_fuzzer.cpp | 43 ++++++++++++++----- 2 files changed, 50 insertions(+), 10 deletions(-) diff --git a/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp b/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp index 33f5a4c93..2d7559fca 100644 --- a/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp +++ b/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp @@ -280,6 +280,22 @@ bool CmdGetIncrementalBackupFileHandleFuzzTest(shared_ptr ex extension->OnRemoteRequest(code, msg, reply, option); return true; } + +bool OnRemoteRequestFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +{ + uint32_t codeMax = 15; + for (uint32_t code = 1; code < codeMax; code++) { + MessageParcel datas; + MessageParcel reply; + MessageOption option; + + datas.WriteInterfaceToken(ExtensionStub::GetDescriptor()); + datas.WriteBuffer(reinterpret_cast(data), size); + datas.RewindRead(0); + extension->OnRemoteRequest(code, datas, reply, option); + } + return true; +} } // namespace OHOS /* Fuzzer entry point */ @@ -314,6 +330,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::CmdHandleIncrementalBackupFuzzTest(extension, data, size); OHOS::CmdIncrementalOnBackupFuzzTest(extension, data, size); OHOS::CmdGetIncrementalBackupFileHandleFuzzTest(extension, data, size); + OHOS::OnRemoteRequestFuzzTest(extension, data, size); } catch (OHOS::FileManagement::Backup::BError &err) { // Only filter BError errors, Other results are not expected. } diff --git a/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp b/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp index fe1d613a2..09767b6ee 100644 --- a/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp +++ b/test/fuzztest/servicereverse_fuzzer/servicereverse_fuzzer.cpp @@ -654,6 +654,32 @@ bool IncrementalRestoreOnProcessInfoFuzzTest(sptr service, const } return true; } + +bool OnRemoteRequestFuzzTest(sptr service, const uint8_t *data, size_t size) +{ + uint32_t codeMax = 26; + for (uint32_t code = 1; code < codeMax; code++) { + MessageParcel datas; + MessageParcel reply; + MessageOption option; + + datas.WriteInterfaceToken(ServiceReverseStub::GetDescriptor()); + datas.WriteBuffer(reinterpret_cast(data), size); + datas.RewindRead(0); + service->OnRemoteRequest(code, datas, reply, option); + } + { + MessageParcel datas; + MessageParcel reply; + MessageOption option; + datas.WriteInterfaceToken(ServiceReverseStub::GetDescriptor()); + datas.WriteBuffer(reinterpret_cast(data), size); + datas.RewindRead(0); + service->OnRemoteRequest(static_cast(IServiceReverseIpcCode::COMMAND_BACKUP_ON_BUNDLE_STARTED), + datas, reply, option); + } + return true; +} } // namespace OHOS /* Fuzzer entry point */ @@ -661,22 +687,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { OHOS::FileManagement::Backup::BSessionBackup::Callbacks backupCallbacks; OHOS::sptr backupService(new OHOS::FileManagement::Backup::ServiceReverse(backupCallbacks)); - if (backupService == nullptr) { - return 0; - } OHOS::FileManagement::Backup::BSessionRestore::Callbacks restoreCallbacks; OHOS::sptr restoreService(new OHOS::FileManagement::Backup::ServiceReverse(restoreCallbacks)); - if (restoreService == nullptr) { - return 0; - } OHOS::FileManagement::Backup::BIncrementalBackupSession::Callbacks incrementalBackupCallbacks; OHOS::sptr incrementalBackupService(new OHOS::FileManagement::Backup::ServiceReverse(incrementalBackupCallbacks)); - if (incrementalBackupService == nullptr) { - return 0; - } OHOS::FileManagement::Backup::BIncrementalRestoreSession::Callbacks incrementalRestoreCallbacks; OHOS::sptr incrementalRestoreService(new OHOS::FileManagement::Backup::ServiceReverse(incrementalRestoreCallbacks)); - if (incrementalRestoreService == nullptr) { + if (!backupService || !restoreService || !incrementalBackupService || !incrementalRestoreService) { + printf("service handler is nullptr"); return 0; } @@ -687,6 +705,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::BackupOnAllBundlesFinishedFuzzTest(backupService, data, size); OHOS::BackupOnProcessInfoFuzzTest(backupService, data, size); OHOS::BackupOnScanningInfoFuzzTest(backupService, data, size); + OHOS::OnRemoteRequestFuzzTest(backupService, data, size); OHOS::RestoreOnBundleStartedFuzzTest(restoreService, data, size); OHOS::RestoreOnBundleFinishedFuzzTest(restoreService, data, size); @@ -694,6 +713,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::RestoreOnFileReadyFuzzTest(restoreService, data, size); OHOS::RestoreOnResultReportFuzzTest(restoreService, data, size); OHOS::RestoreOnProcessInfoFuzzTest(restoreService, data, size); + OHOS::OnRemoteRequestFuzzTest(restoreService, data, size); OHOS::IncrementalBackupOnFileReadyFuzzTest(incrementalBackupService, data, size); OHOS::IncrementalBackupOnBundleStartedFuzzTest(incrementalBackupService, data, size); @@ -702,6 +722,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::IncrementalBackupOnAllBundlesFinishedFuzzTest(incrementalBackupService, data, size); OHOS::IncrementalBackupOnProcessInfoFuzzTest(incrementalBackupService, data, size); OHOS::IncrementalBackupOnScanningInfoFuzzTest(incrementalBackupService, data, size); + OHOS::OnRemoteRequestFuzzTest(incrementalBackupService, data, size); OHOS::IncrementalRestoreOnBundleStartedFuzzTest(incrementalRestoreService, data, size); OHOS::IncrementalRestoreOnBundleFinishedFuzzTest(incrementalRestoreService, data, size); @@ -709,5 +730,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::IncrementalRestoreOnFileReadyFuzzTest(incrementalRestoreService, data, size); OHOS::IncrementalRestoreOnResultReportFuzzTest(incrementalRestoreService, data, size); OHOS::IncrementalRestoreOnProcessInfoFuzzTest(incrementalRestoreService, data, size); + OHOS::OnRemoteRequestFuzzTest(incrementalRestoreService, data, size); + return 0; } \ No newline at end of file -- Gitee