1  /*
2   * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3   * Licensed under the Apache License, Version 2.0 (the "License");
4   * you may not use this file except in compliance with the License.
5   * You may obtain a copy of the License at
6   *
7   *     http://www.apache.org/licenses/LICENSE-2.0
8   *
9   * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  #include "wappushbuffer_fuzzer.h"
17  
18  #ifdef GTEST_API_
19  #define private public
20  #endif
21  
22  #include "addsmstoken_fuzzer.h"
23  #include "sms_wap_push_handler.h"
24  
25  using namespace OHOS::Telephony;
26  namespace OHOS {
27  static int32_t SIM_COUNT = 2;
28  
WapPushBuffer(const uint8_t * data,size_t size)29  void WapPushBuffer(const uint8_t *data, size_t size)
30  {
31      int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
32      std::string strValue(reinterpret_cast<const char *>(data), size);
33      std::unique_ptr<SmsWapPushHandler> smsWapPushHandler = std::make_unique<SmsWapPushHandler>(slotId);
34      auto indexer = std::make_shared<SmsReceiveIndexer>();
35      smsWapPushHandler->DecodeWapPushPdu(indexer, strValue);
36  
37      auto decodeBuffer = std::make_shared<SmsWapPushBuffer>();
38      if (decodeBuffer == nullptr) {
39          return;
40      }
41      uint32_t desLen = static_cast<uint32_t>(size);
42      decodeBuffer->ReadDataBuffer(desLen);
43  
44      std::unique_ptr<char[]> inBuff = std::make_unique<char[]>(desLen);
45      decodeBuffer->WriteDataBuffer(std::move(inBuff), desLen);
46      decodeBuffer->GetCurPosition();
47      decodeBuffer->GetSize();
48  
49      uint8_t uint8tValue;
50      decodeBuffer->PeekOneByte(uint8tValue);
51      decodeBuffer->IncreasePointer(desLen);
52      decodeBuffer->DecreasePointer(desLen);
53      decodeBuffer->DecodeUintvar(desLen, desLen);
54  
55      decodeBuffer->DecodeShortLength(uint8tValue);
56      decodeBuffer->DecodeValueLength(desLen);
57      decodeBuffer->CharIsToken(uint8tValue);
58      decodeBuffer->DecodeTokenText(strValue, desLen);
59      decodeBuffer->DecodeText(strValue, desLen);
60  
61      decodeBuffer->DecodeQuotedText(strValue, desLen);
62      decodeBuffer->DecodeShortInteger(uint8tValue);
63  
64      uint64_t uint64tValue;
65      decodeBuffer->DecodeLongInteger(uint64tValue);
66      decodeBuffer->DecodeInteger(uint64tValue);
67  
68      decodeBuffer->DecodeIsShortInt();
69      decodeBuffer->DecodeIsString();
70      decodeBuffer->DecodeIsValueLength();
71      decodeBuffer->DecodeExtensionMedia();
72      decodeBuffer->DecodeConstrainedEncoding();
73  
74      bool isNoValue = slotId == 0 ? true : false;
75      decodeBuffer->DecodeTextValue(strValue, isNoValue);
76      decodeBuffer->DecodeNoValue(isNoValue);
77      decodeBuffer->MarkPosition();
78      decodeBuffer->UnMarkPosition();
79  }
80  
DoWapPushBufferWithMyAPI(const uint8_t * data,size_t size)81  void DoWapPushBufferWithMyAPI(const uint8_t *data, size_t size)
82  {
83      if (data == nullptr || size == 0) {
84          return;
85      }
86  
87      WapPushBuffer(data, size);
88  }
89  } // namespace OHOS
90  
91  /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)92  extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
93  {
94      /* Run your code on data */
95      OHOS::AddSmsTokenFuzzer token;
96      OHOS::DoWapPushBufferWithMyAPI(data, size);
97      return 0;
98  }
99