1  /*
2   * Copyright (c) 2024 Huawei Device Co., Ltd.
3   * Licensed under the Apache License, Version 2.0 (the "License");
4   * you may not use this file except in compliance with the License.
5   * You may obtain a copy of the License at
6   *
7   *     http://www.apache.org/licenses/LICENSE-2.0
8   *
9   * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  #include "startcontinuation_fuzzer.h"
17  
18  #include <cstddef>
19  #include <cstdint>
20  
21  #include "ability_manager_client.h"
22  #include "ability_record.h"
23  #include "parcel.h"
24  #include "securec.h"
25  #include "want.h"
26  
27  using namespace OHOS::AAFwk;
28  using namespace OHOS::AppExecFwk;
29  
30  namespace OHOS {
31  namespace {
32  constexpr size_t FOO_MAX_LEN = 1024;
33  constexpr size_t U32_AT_SIZE = 4;
34  }
GetFuzzAbilityToken()35  sptr<Token> GetFuzzAbilityToken()
36  {
37      sptr<Token> token = nullptr;
38  
39      AbilityRequest abilityRequest;
40      abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
41      abilityRequest.abilityInfo.name = "MainAbility";
42      abilityRequest.abilityInfo.type = AbilityType::DATA;
43      std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
44      if (abilityRecord) {
45          token = abilityRecord->GetToken();
46      }
47  
48      return token;
49  }
50  
DoSomethingInterestingWithMyAPI(const char * data,size_t size)51  bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
52  {
53      auto abilityMgr = AbilityManagerClient::GetInstance();
54      if (!abilityMgr) {
55          return false;
56      }
57  
58      // get token
59      sptr<Token> token = GetFuzzAbilityToken();
60      if (!token) {
61          std::cout << "Get ability token failed." << std::endl;
62          return false;
63      }
64  
65      // fuzz for want
66      Parcel wantParcel;
67      Want* want = nullptr;
68      if (wantParcel.WriteBuffer(data, size)) {
69          want = Want::Unmarshalling(wantParcel);
70          if (want) {
71              abilityMgr->StartContinuation(*want, token, 0);
72              abilityMgr->StartContinuation(*want, token, 1);
73          }
74      }
75  
76      if (want) {
77          delete want;
78          want = nullptr;
79      }
80  
81      return true;
82  }
83  }
84  
85  /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)86  extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
87  {
88      /* Run your code on data */
89      if (data == nullptr) {
90          std::cout << "invalid data" << std::endl;
91          return 0;
92      }
93  
94      /* Validate the length of size */
95      if (size > OHOS::FOO_MAX_LEN || size < OHOS::U32_AT_SIZE) {
96          return 0;
97      }
98  
99      char* ch = static_cast<char*>(malloc(size + 1));
100      if (ch == nullptr) {
101          std::cout << "malloc failed." << std::endl;
102          return 0;
103      }
104  
105      (void)memset_s(ch, size + 1, 0x00, size + 1);
106      if (memcpy_s(ch, size, data, size) != EOK) {
107          std::cout << "copy failed." << std::endl;
108          free(ch);
109          ch = nullptr;
110          return 0;
111      }
112  
113      OHOS::DoSomethingInterestingWithMyAPI(ch, size);
114      free(ch);
115      ch = nullptr;
116      return 0;
117  }
118  
119