1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "setpreviewwindow_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <string_ex.h>
21 #define private public
22
23 #include "addcellularcalltoken_fuzzer.h"
24 #include "cellular_call_service.h"
25 #include "securec.h"
26 #include "surface_utils.h"
27 #include "system_ability_definition.h"
28
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 static bool g_isInited = false;
32 constexpr int32_t BOOL_NUM = 2;
33 constexpr int32_t VEDIO_STATE_NUM = 2;
34 constexpr int32_t OFFSET_SIZE = 11;
35 constexpr size_t MAX_NUMBER_LEN = 99;
36
IsServiceInited()37 bool IsServiceInited()
38 {
39 if (!g_isInited) {
40 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
41 }
42 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
43 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
44 g_isInited = true;
45 }
46 return g_isInited;
47 }
48
OnRemoteRequest(const uint8_t * data,size_t size)49 void OnRemoteRequest(const uint8_t *data, size_t size)
50 {
51 if (!IsServiceInited()) {
52 return;
53 }
54
55 MessageParcel dataMessageParcel;
56 if (!dataMessageParcel.WriteInterfaceToken(CellularCallStub::GetDescriptor())) {
57 return;
58 }
59 int32_t maxSize = static_cast<int32_t>(size) + OFFSET_SIZE;
60 dataMessageParcel.WriteInt32(maxSize);
61 dataMessageParcel.WriteBuffer(data, size);
62 dataMessageParcel.RewindRead(0);
63 uint32_t code = static_cast<uint32_t>(size);
64 MessageParcel reply;
65 MessageOption option;
66 DelayedSingleton<CellularCallService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
67 }
68
SetPreviewWindow(const uint8_t * data,size_t size)69 void SetPreviewWindow(const uint8_t *data, size_t size)
70 {
71 if (!IsServiceInited()) {
72 return;
73 }
74
75 int32_t maxSize = static_cast<int32_t>(size);
76 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
77 int32_t index = static_cast<int32_t>(size);
78 std::string surfaceId(reinterpret_cast<const char *>(data), size);
79 MessageParcel dataMessageParcel;
80 dataMessageParcel.WriteInt32(maxSize);
81 dataMessageParcel.WriteInt32(slotId);
82 dataMessageParcel.WriteInt32(index);
83 int len = static_cast<int>(surfaceId.length());
84 std::string subSurfaceId = surfaceId;
85 if (len >= 1) {
86 subSurfaceId = surfaceId.substr(0, 1);
87 }
88 if (subSurfaceId.empty() || subSurfaceId[0] < '0' || subSurfaceId[0] > '9') {
89 subSurfaceId = "";
90 dataMessageParcel.WriteString(subSurfaceId);
91 } else {
92 dataMessageParcel.WriteString(subSurfaceId);
93 uint64_t tmpSurfaceId = std::stoull(subSurfaceId);
94 auto surface = SurfaceUtils::GetInstance()->GetSurface(tmpSurfaceId);
95 if (surface != nullptr) {
96 sptr<IBufferProducer> producer = surface->GetProducer();
97 if (producer != nullptr) {
98 dataMessageParcel.WriteRemoteObject(producer->AsObject());
99 }
100 }
101 }
102 dataMessageParcel.RewindRead(0);
103 MessageParcel reply;
104 DelayedSingleton<CellularCallService>::GetInstance()->OnSetPreviewWindowInner(dataMessageParcel, reply);
105 }
106
SetDisplayWindow(const uint8_t * data,size_t size)107 void SetDisplayWindow(const uint8_t *data, size_t size)
108 {
109 if (!IsServiceInited()) {
110 return;
111 }
112
113 int32_t maxSize = static_cast<int32_t>(size);
114 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
115 int32_t index = static_cast<int32_t>(size);
116 std::string surfaceId(reinterpret_cast<const char *>(data), size);
117 MessageParcel dataMessageParcel;
118 dataMessageParcel.WriteInt32(maxSize);
119 dataMessageParcel.WriteInt32(slotId);
120 dataMessageParcel.WriteInt32(index);
121 int len = static_cast<int>(surfaceId.length());
122 std::string subSurfaceId = surfaceId;
123 if (len >= 1) {
124 subSurfaceId = surfaceId.substr(0, 1);
125 }
126 if (subSurfaceId.empty() || subSurfaceId[0] < '0' || subSurfaceId[0] > '9') {
127 subSurfaceId = "";
128 dataMessageParcel.WriteString(subSurfaceId);
129 } else {
130 dataMessageParcel.WriteString(subSurfaceId);
131 uint64_t tmpSurfaceId = std::stoull(subSurfaceId);
132 auto surface = SurfaceUtils::GetInstance()->GetSurface(tmpSurfaceId);
133 if (surface != nullptr) {
134 sptr<IBufferProducer> producer = surface->GetProducer();
135 if (producer != nullptr) {
136 dataMessageParcel.WriteRemoteObject(producer->AsObject());
137 }
138 }
139 }
140 dataMessageParcel.RewindRead(0);
141 MessageParcel reply;
142 DelayedSingleton<CellularCallService>::GetInstance()->OnSetDisplayWindowInner(dataMessageParcel, reply);
143 }
144
SetCameraZoom(const uint8_t * data,size_t size)145 void SetCameraZoom(const uint8_t *data, size_t size)
146 {
147 if (!IsServiceInited()) {
148 return;
149 }
150
151 int32_t maxSize = static_cast<int32_t>(size);
152 float zoomRatio = static_cast<float>(size);
153 MessageParcel dataMessageParcel;
154 dataMessageParcel.WriteInt32(maxSize);
155 dataMessageParcel.WriteFloat(zoomRatio);
156 dataMessageParcel.RewindRead(0);
157 MessageParcel reply;
158 DelayedSingleton<CellularCallService>::GetInstance()->OnSetCameraZoomInner(dataMessageParcel, reply);
159 }
160
ControlCamera(const uint8_t * data,size_t size)161 void ControlCamera(const uint8_t *data, size_t size)
162 {
163 if (!IsServiceInited()) {
164 return;
165 }
166
167 int32_t maxSize = static_cast<int32_t>(size);
168 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
169 int32_t index = static_cast<int32_t>(size);
170 std::string cameraId(reinterpret_cast<const char *>(data), size);
171 MessageParcel dataMessageParcel;
172 dataMessageParcel.WriteInt32(maxSize);
173 dataMessageParcel.WriteInt32(slotId);
174 dataMessageParcel.WriteInt32(index);
175 dataMessageParcel.WriteString(cameraId);
176 dataMessageParcel.RewindRead(0);
177 MessageParcel reply;
178 DelayedSingleton<CellularCallService>::GetInstance()->OnControlCameraInner(dataMessageParcel, reply);
179 }
180
SetPausePicture(const uint8_t * data,size_t size)181 void SetPausePicture(const uint8_t *data, size_t size)
182 {
183 if (!IsServiceInited()) {
184 return;
185 }
186
187 int32_t maxSize = static_cast<int32_t>(size);
188 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
189 int32_t index = static_cast<int32_t>(size);
190 std::string path(reinterpret_cast<const char *>(data), size);
191 MessageParcel dataMessageParcel;
192 dataMessageParcel.WriteInt32(maxSize);
193 dataMessageParcel.WriteInt32(slotId);
194 dataMessageParcel.WriteInt32(index);
195 dataMessageParcel.WriteString(path);
196 dataMessageParcel.RewindRead(0);
197 MessageParcel reply;
198 DelayedSingleton<CellularCallService>::GetInstance()->OnSetPausePictureInner(dataMessageParcel, reply);
199 }
200
SetDeviceDirection(const uint8_t * data,size_t size)201 void SetDeviceDirection(const uint8_t *data, size_t size)
202 {
203 if (!IsServiceInited()) {
204 return;
205 }
206
207 int32_t maxSize = static_cast<int32_t>(size);
208 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
209 int32_t index = static_cast<int32_t>(size);
210 int32_t rotation = static_cast<int32_t>(size);
211 MessageParcel dataMessageParcel;
212 dataMessageParcel.WriteInt32(maxSize);
213 dataMessageParcel.WriteInt32(slotId);
214 dataMessageParcel.WriteInt32(index);
215 dataMessageParcel.WriteInt32(rotation);
216 dataMessageParcel.RewindRead(0);
217 MessageParcel reply;
218 DelayedSingleton<CellularCallService>::GetInstance()->OnSetDeviceDirectionInner(dataMessageParcel, reply);
219 }
220
SendUpdateCallMediaModeRequest(const uint8_t * data,size_t size)221 void SendUpdateCallMediaModeRequest(const uint8_t *data, size_t size)
222 {
223 if (!IsServiceInited()) {
224 return;
225 }
226
227 int32_t maxSize = static_cast<int32_t>(size);
228 CellularCallInfo callInfo;
229 callInfo.callId = static_cast<int32_t>(size);
230 callInfo.slotId = static_cast<int32_t>(size % BOOL_NUM);
231 callInfo.accountId = static_cast<int32_t>(size % BOOL_NUM);
232 callInfo.callType = static_cast<CallType>(static_cast<int32_t>(size));
233 callInfo.videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
234 callInfo.index = static_cast<int32_t>(size);
235 std::string telNum = "000000000";
236 std::string tempNum(reinterpret_cast<const char *>(data), size);
237 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
238 telNum = tempNum;
239 }
240 size_t length = strlen(telNum.c_str()) + 1;
241 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
242 return;
243 }
244 int32_t mode = static_cast<int32_t>(size);
245 MessageParcel dataMessageParcel;
246 dataMessageParcel.WriteInt32(maxSize);
247 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
248 dataMessageParcel.WriteInt32(mode);
249 dataMessageParcel.RewindRead(0);
250 MessageParcel reply;
251 DelayedSingleton<CellularCallService>::GetInstance()->OnSendUpdateCallMediaModeRequestInner(
252 dataMessageParcel, reply);
253 }
254
SendUpdateCallMediaModeResponse(const uint8_t * data,size_t size)255 void SendUpdateCallMediaModeResponse(const uint8_t *data, size_t size)
256 {
257 if (!IsServiceInited()) {
258 return;
259 }
260
261 int32_t maxSize = static_cast<int32_t>(size);
262 CellularCallInfo callInfo;
263 callInfo.callId = static_cast<int32_t>(size);
264 callInfo.slotId = static_cast<int32_t>(size % BOOL_NUM);
265 callInfo.accountId = static_cast<int32_t>(size % BOOL_NUM);
266 callInfo.callType = static_cast<CallType>(static_cast<int32_t>(size));
267 callInfo.videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
268 callInfo.index = static_cast<int32_t>(size);
269 std::string telNum = "000000000";
270 std::string tempNum(reinterpret_cast<const char *>(data), size);
271 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
272 telNum = tempNum;
273 }
274 size_t length = strlen(telNum.c_str()) + 1;
275 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
276 return;
277 }
278 int32_t mode = static_cast<int32_t>(size);
279 MessageParcel dataMessageParcel;
280 dataMessageParcel.WriteInt32(maxSize);
281 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
282 dataMessageParcel.WriteInt32(mode);
283 dataMessageParcel.RewindRead(0);
284 MessageParcel reply;
285 DelayedSingleton<CellularCallService>::GetInstance()->OnSendUpdateCallMediaModeResponseInner(
286 dataMessageParcel, reply);
287 }
288
SetMute(const uint8_t * data,size_t size)289 void SetMute(const uint8_t *data, size_t size)
290 {
291 if (!IsServiceInited()) {
292 return;
293 }
294
295 int32_t mute = static_cast<int32_t>(size);
296 MessageParcel dataMessageParcel;
297 dataMessageParcel.WriteInt32(mute);
298 dataMessageParcel.WriteBuffer(data, size);
299 dataMessageParcel.RewindRead(0);
300 MessageParcel reply;
301 DelayedSingleton<CellularCallService>::GetInstance()->OnSetMuteInner(dataMessageParcel, reply);
302 }
303
GetMute(const uint8_t * data,size_t size)304 void GetMute(const uint8_t *data, size_t size)
305 {
306 if (!IsServiceInited()) {
307 return;
308 }
309
310 MessageParcel dataMessageParcel;
311 dataMessageParcel.WriteBuffer(data, size);
312 dataMessageParcel.RewindRead(0);
313 MessageParcel reply;
314 DelayedSingleton<CellularCallService>::GetInstance()->OnGetMuteInner(dataMessageParcel, reply);
315 }
316
StartDtmf(const uint8_t * data,size_t size)317 void StartDtmf(const uint8_t *data, size_t size)
318 {
319 if (!IsServiceInited()) {
320 return;
321 }
322
323 int32_t maxSize = static_cast<int32_t>(size);
324 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
325 int32_t callId = static_cast<int32_t>(size);
326 int32_t accountId = static_cast<int32_t>(size);
327 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
328 int32_t index = static_cast<int32_t>(size);
329 char cDtmfCode = static_cast<char>(size);
330 std::string telNum = "000000000";
331 std::string tempNum(reinterpret_cast<const char *>(data), size);
332 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
333 telNum = tempNum;
334 }
335 size_t length = strlen(telNum.c_str()) + 1;
336 CellularCallInfo callInfo;
337 callInfo.slotId = slotId;
338 callInfo.callId = callId;
339 callInfo.accountId = accountId;
340 callInfo.videoState = videoState;
341 callInfo.index = index;
342 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
343 return;
344 }
345 MessageParcel dataMessageParcel;
346 dataMessageParcel.WriteInt32(maxSize);
347 dataMessageParcel.WriteInt8(cDtmfCode);
348 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
349 dataMessageParcel.RewindRead(0);
350 MessageParcel reply;
351 DelayedSingleton<CellularCallService>::GetInstance()->OnStartDtmfInner(dataMessageParcel, reply);
352 }
353
CancelCallUpgrade(const uint8_t * data,size_t size)354 void CancelCallUpgrade(const uint8_t *data, size_t size)
355 {
356 if (!IsServiceInited()) {
357 return;
358 }
359
360 int32_t maxSize = static_cast<int32_t>(size);
361 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
362 int32_t index = static_cast<int32_t>(size);
363 MessageParcel dataMessageParcel;
364 dataMessageParcel.WriteInt32(maxSize);
365 dataMessageParcel.WriteInt32(slotId);
366 dataMessageParcel.WriteInt32(index);
367 dataMessageParcel.RewindRead(0);
368 MessageParcel reply;
369 DelayedSingleton<CellularCallService>::GetInstance()->OnCancelCallUpgradeInner(dataMessageParcel, reply);
370 }
371
RequestCameraCapabilities(const uint8_t * data,size_t size)372 void RequestCameraCapabilities(const uint8_t *data, size_t size)
373 {
374 if (!IsServiceInited()) {
375 return;
376 }
377
378 int32_t maxSize = static_cast<int32_t>(size);
379 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
380 int32_t index = static_cast<int32_t>(size);
381 MessageParcel dataMessageParcel;
382 dataMessageParcel.WriteInt32(maxSize);
383 dataMessageParcel.WriteInt32(slotId);
384 dataMessageParcel.WriteInt32(index);
385 dataMessageParcel.RewindRead(0);
386 MessageParcel reply;
387 DelayedSingleton<CellularCallService>::GetInstance()->OnRequestCameraCapabilitiesInner(dataMessageParcel, reply);
388 }
389
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)390 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
391 {
392 if (data == nullptr || size == 0) {
393 return;
394 }
395
396 OnRemoteRequest(data, size);
397 SetPreviewWindow(data, size);
398 SetDisplayWindow(data, size);
399 SetCameraZoom(data, size);
400 ControlCamera(data, size);
401 SetPausePicture(data, size);
402 SetDeviceDirection(data, size);
403 SetMute(data, size);
404 GetMute(data, size);
405 StartDtmf(data, size);
406 SendUpdateCallMediaModeRequest(data, size);
407 SendUpdateCallMediaModeResponse(data, size);
408 CancelCallUpgrade(data, size);
409 RequestCameraCapabilities(data, size);
410 }
411 } // namespace OHOS
412
413 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)414 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
415 {
416 OHOS::AddCellularCallTokenFuzzer token;
417 /* Run your code on data */
418 OHOS::DoSomethingInterestingWithMyAPI(data, size);
419 return 0;
420 }
421