1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "smseventissue_fuzzer.h"
17 
18 #ifdef GTEST_API_
19 #define private public
20 #define protected public
21 #endif
22 
23 #include "addsmstoken_fuzzer.h"
24 #include "delivery_short_message_callback_stub.h"
25 #include "send_short_message_callback_stub.h"
26 #include "sms_interface_manager.h"
27 
28 using namespace OHOS::Telephony;
29 namespace OHOS {
30 const std::int32_t SLOT_NUM = 2;
31 bool g_flag = false;
32 
DoSentIssueTest(const uint8_t * data,size_t size,std::shared_ptr<SmsSendManager> smsSendManager)33 void DoSentIssueTest(const uint8_t *data, size_t size, std::shared_ptr<SmsSendManager> smsSendManager)
34 {
35     std::string desAddr(reinterpret_cast<const char *>(data), size);
36     std::string scAddr(reinterpret_cast<const char *>(data), size);
37     std::string text(reinterpret_cast<const char *>(data), size);
38     const sptr<ISendShortMessageCallback> sendCallback =
39         iface_cast<ISendShortMessageCallback>(new SendShortMessageCallbackStub());
40     if (sendCallback == nullptr) {
41         return;
42     }
43     const sptr<IDeliveryShortMessageCallback> deliveryCallback =
44         iface_cast<IDeliveryShortMessageCallback>(new DeliveryShortMessageCallbackStub());
45     if (deliveryCallback == nullptr) {
46         return;
47     }
48     const std::shared_ptr<SmsSendIndexer> smsSendIndexer =
49         std::make_shared<SmsSendIndexer>(desAddr, scAddr, text, sendCallback, deliveryCallback);
50     smsSendManager->gsmSmsSender_->SendMessageSucceed(smsSendIndexer);
51     smsSendManager->gsmSmsSender_->HandleMessageResponse(smsSendIndexer);
52     smsSendManager->gsmSmsSender_->SyncSwitchISmsResponse();
53 
54     smsSendManager->gsmSmsSender_->SendResultCallBack(
55         smsSendIndexer, ISendShortMessageCallback::SEND_SMS_FAILURE_UNKNOWN);
56 
57     smsSendManager->gsmSmsSender_->SendCacheMapTimeoutCheck();
58     int64_t id = static_cast<int16_t>(size);
59     smsSendManager->gsmSmsSender_->SendCacheMapAddItem(id, smsSendIndexer);
60     smsSendManager->gsmSmsSender_->SendCacheMapEraseItem(id);
61     uint8_t refId = static_cast<uint8_t>(size);
62     smsSendManager->gsmSmsSender_->UpdateUnSentCellCount(refId);
63 
64     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
65     bool value = slotId == 0 ? true : false;
66     smsSendManager->gsmSmsSender_->SetImsSmsConfig(slotId, value);
67     smsSendManager->gsmSmsSender_->GetMsgRef8Bit();
68     smsSendManager->gsmSmsSender_->GetMsgRef64Bit();
69     smsSendManager->gsmSmsSender_->CheckForce7BitEncodeType();
70     smsSendManager->gsmSmsSender_->GetNetworkId();
71 
72     smsSendManager->cdmaSmsSender_->SendMessageSucceed(smsSendIndexer);
73     smsSendManager->gsmSmsSender_->SendMessageFailed(smsSendIndexer);
74     smsSendManager->cdmaSmsSender_->SendMessageFailed(smsSendIndexer);
75     smsSendManager->gsmSmsSender_->HandleResend(smsSendIndexer);
76     smsSendManager->cdmaSmsSender_->HandleResend(smsSendIndexer);
77     smsSendManager->cdmaSmsSender_->SendMessageSucceed(nullptr);
78     smsSendManager->gsmSmsSender_->SendMessageFailed(nullptr);
79     smsSendManager->cdmaSmsSender_->SendMessageFailed(nullptr);
80     smsSendManager->gsmSmsSender_->HandleResend(nullptr);
81     smsSendManager->cdmaSmsSender_->HandleResend(nullptr);
82 }
83 
DoSentIssuePartTest(const uint8_t * data,size_t size,std::shared_ptr<SmsSendManager> smsSendManager)84 void DoSentIssuePartTest(const uint8_t *data, size_t size, std::shared_ptr<SmsSendManager> smsSendManager)
85 {
86     std::int64_t erase = static_cast<int64_t>(size);
87     smsSendManager->gsmSmsSender_->SendCacheMapEraseItem(erase);
88     smsSendManager->cdmaSmsSender_->SendCacheMapEraseItem(erase);
89 
90     std::int32_t eventId = static_cast<int32_t>(size);
91     std::int64_t refId = static_cast<int64_t>(size);
92     AppExecFwk::InnerEvent::Pointer response = AppExecFwk::InnerEvent::Get(eventId, refId);
93     smsSendManager->gsmSmsSender_->FindCacheMapAndTransform(response);
94     smsSendManager->cdmaSmsSender_->FindCacheMapAndTransform(response);
95 
96     std::int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
97     std::int32_t enable = static_cast<int32_t>(size % SLOT_NUM);
98     smsSendManager->gsmSmsSender_->SetImsSmsConfig(slotId, enable);
99     smsSendManager->cdmaSmsSender_->SetImsSmsConfig(slotId, enable);
100 
101     bool isImsNetDomain = slotId == 1 ? true : false;
102     std::int32_t voiceServiceState = static_cast<int32_t>(size);
103     smsSendManager->gsmSmsSender_->SetNetworkState(isImsNetDomain, voiceServiceState);
104     smsSendManager->cdmaSmsSender_->SetNetworkState(isImsNetDomain, voiceServiceState);
105 
106     smsSendManager->gsmSmsSender_->SendCacheMapTimeoutCheck();
107     smsSendManager->cdmaSmsSender_->SendCacheMapTimeoutCheck();
108 }
109 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)110 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
111 {
112     if (data == nullptr || size == 0) {
113         return;
114     }
115 
116     if (g_flag) {
117         return;
118     }
119     g_flag = true;
120 
121     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
122     auto smsInterfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
123     if (smsInterfaceManager == nullptr) {
124         return;
125     }
126 
127     smsInterfaceManager->InitInterfaceManager();
128     auto smsSendManager = std::make_shared<SmsSendManager>(slotId);
129     if (smsSendManager == nullptr) {
130         return;
131     }
132     smsSendManager->Init();
133     smsSendManager->InitNetworkHandle();
134     if (smsSendManager->gsmSmsSender_ == nullptr || smsSendManager->cdmaSmsSender_ == nullptr) {
135         return;
136     }
137 
138     std::int32_t eventId = static_cast<int32_t>(size);
139     std::int64_t refId = static_cast<int64_t>(size);
140 
141     AppExecFwk::InnerEvent::Pointer response = AppExecFwk::InnerEvent::Get(eventId, refId);
142     smsSendManager->gsmSmsSender_->ProcessEvent(response);
143     smsSendManager->cdmaSmsSender_->ProcessEvent(response);
144 
145     DoSentIssueTest(data, size, smsSendManager);
146     DoSentIssuePartTest(data, size, smsSendManager);
147 }
148 } // namespace OHOS
149 
150 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)151 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
152 {
153     /* Run your code on data */
154     OHOS::AddSmsTokenFuzzer token;
155     OHOS::DoSomethingInterestingWithMyAPI(data, size);
156     return 0;
157 }
158