1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "fuzzer/FuzzedDataProvider.h"
16 #include "scan_manager_client.h"
17 #include "scan_callback.h"
18 #include "scanner_info.h"
19 #include "scanmanagerclient_fuzzer.h"
20
21 namespace OHOS::Scan {
22 constexpr uint8_t MAX_STRING_LENGTH = 255;
23 constexpr int MAX_SET_NUMBER = 100;
24 constexpr size_t FOO_MAX_LEN = 1024;
25 constexpr size_t U32_AT_SIZE = 4;
26
TestGetScannerList(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)27 void TestGetScannerList(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
28 {
29 auto scanManagerPtr = ScanManagerClient::GetInstance();
30 if (scanManagerPtr == nullptr) {
31 return;
32 }
33 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
34 scanManagerPtr->InitScan(scanVersion);
35 scanManagerPtr->GetScannerList();
36 scanManagerPtr->ExitScan();
37 }
38
TestStopDiscover(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)39 void TestStopDiscover(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
40 {
41 auto scanManagerPtr = ScanManagerClient::GetInstance();
42 if (scanManagerPtr == nullptr) {
43 return;
44 }
45 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
46 scanManagerPtr->InitScan(scanVersion);
47 scanManagerPtr->StopDiscover();
48 scanManagerPtr->ExitScan();
49 }
50
TestGetScanOptionDesc(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)51 void TestGetScanOptionDesc(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
52 {
53 auto scanManagerPtr = ScanManagerClient::GetInstance();
54 if (scanManagerPtr == nullptr) {
55 return;
56 }
57 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
58 scanManagerPtr->InitScan(scanVersion);
59 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
60 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
61 ScanOptionDescriptor desc;
62 scanManagerPtr->OpenScanner(scannerId);
63 scanManagerPtr->GetScanOptionDesc(scannerId, optionIndex, desc);
64 scanManagerPtr->CloseScanner(scannerId);
65 scanManagerPtr->ExitScan();
66 }
67
TestOpScanOptionValue(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)68 void TestOpScanOptionValue(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
69 {
70 auto scanManagerPtr = ScanManagerClient::GetInstance();
71 if (scanManagerPtr == nullptr) {
72 return;
73 }
74 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
75 scanManagerPtr->InitScan(scanVersion);
76 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
77 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
78 auto op = static_cast<ScanOptionOpType>(dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER));
79 int32_t info = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
80 ScanOptionValue value;
81 scanManagerPtr->OpenScanner(scannerId);
82 scanManagerPtr->OpScanOptionValue(scannerId, optionIndex, op, value, info);
83 scanManagerPtr->CloseScanner(scannerId);
84 scanManagerPtr->ExitScan();
85 }
86
TestGetScanParameters(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)87 void TestGetScanParameters(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
88 {
89 auto scanManagerPtr = ScanManagerClient::GetInstance();
90 if (scanManagerPtr == nullptr) {
91 return;
92 }
93 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
94 scanManagerPtr->InitScan(scanVersion);
95 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
96 ScanParameters para;
97 scanManagerPtr->OpenScanner(scannerId);
98 scanManagerPtr->GetScanParameters(scannerId, para);
99 scanManagerPtr->CloseScanner(scannerId);
100 scanManagerPtr->ExitScan();
101 }
102
TestStartScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)103 void TestStartScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
104 {
105 auto scanManagerPtr = ScanManagerClient::GetInstance();
106 if (scanManagerPtr == nullptr) {
107 return;
108 }
109 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
110 scanManagerPtr->InitScan(scanVersion);
111 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
112 bool batchMode = dataProvider->ConsumeBool();
113 scanManagerPtr->OpenScanner(scannerId);
114 scanManagerPtr->StartScan(scannerId, batchMode);
115 scanManagerPtr->CancelScan(scannerId);
116 scanManagerPtr->CloseScanner(scannerId);
117 scanManagerPtr->ExitScan();
118 }
119
TestGetSingleFrameFD(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)120 void TestGetSingleFrameFD(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
121 {
122 auto scanManagerPtr = ScanManagerClient::GetInstance();
123 if (scanManagerPtr == nullptr) {
124 return;
125 }
126 int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
127 scanManagerPtr->InitScan(scanVersion);
128 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
129 uint32_t dataSize = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
130 uint32_t fd = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
131 scanManagerPtr->GetSingleFrameFD(scannerId, dataSize, fd);
132 scanManagerPtr->ExitScan();
133 }
134
TestSetScanIOMode(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)135 void TestSetScanIOMode(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
136 {
137 auto scanManagerPtr = ScanManagerClient::GetInstance();
138 if (scanManagerPtr == nullptr) {
139 return;
140 }
141 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
142 bool batchMode = dataProvider->ConsumeBool();
143 scanManagerPtr->OpenScanner(scannerId);
144 scanManagerPtr->SetScanIOMode(scannerId, batchMode);
145 scanManagerPtr->CloseScanner(scannerId);
146 }
147
TestGetScanSelectFd(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)148 void TestGetScanSelectFd(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
149 {
150 auto scanManagerPtr = ScanManagerClient::GetInstance();
151 if (scanManagerPtr == nullptr) {
152 return;
153 }
154 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
155 int32_t fd = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
156 scanManagerPtr->OpenScanner(scannerId);
157 scanManagerPtr->GetScanSelectFd(scannerId, fd);
158 scanManagerPtr->CloseScanner(scannerId);
159 }
160
TestOn(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)161 void TestOn(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
162 {
163 auto scanManagerPtr = ScanManagerClient::GetInstance();
164 if (scanManagerPtr == nullptr) {
165 return;
166 }
167 std::string taskId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
168 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
169 std::function<void(std::vector<ScanDeviceInfo> &infos)> callbackFunction;
170 sptr<IScanCallback> listener = new (std::nothrow) ScanCallback(callbackFunction);
171 if (listener == nullptr) {
172 return;
173 }
174 scanManagerPtr->On(taskId, type, listener);
175 }
176
TestOff(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)177 void TestOff(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
178 {
179 auto scanManagerPtr = ScanManagerClient::GetInstance();
180 if (scanManagerPtr == nullptr) {
181 return;
182 }
183 std::string taskId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
184 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
185 scanManagerPtr->Off(taskId, type);
186 }
187
TestGetScannerState(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)188 void TestGetScannerState(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
189 {
190 auto scanManagerPtr = ScanManagerClient::GetInstance();
191 if (scanManagerPtr == nullptr) {
192 return;
193 }
194 int32_t scannerState = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
195 scanManagerPtr->GetScannerState(scannerState);
196 }
197
TestGetScanProgress(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)198 void TestGetScanProgress(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
199 {
200 auto scanManagerPtr = ScanManagerClient::GetInstance();
201 if (scanManagerPtr == nullptr) {
202 return;
203 }
204 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
205 ScanProgress prog;
206 scanManagerPtr->GetScanProgress(scannerId, prog);
207 }
208
TestAddScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)209 void TestAddScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
210 {
211 auto scanManagerPtr = ScanManagerClient::GetInstance();
212 if (scanManagerPtr == nullptr) {
213 return;
214 }
215 std::string serialNumber = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
216 std::string discoverMode = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
217 scanManagerPtr->AddScanner(serialNumber, discoverMode);
218 }
219
TestDeleteScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)220 void TestDeleteScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
221 {
222 auto scanManagerPtr = ScanManagerClient::GetInstance();
223 if (scanManagerPtr == nullptr) {
224 return;
225 }
226 std::string serialNumber = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
227 std::string discoverMode = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
228 scanManagerPtr->DeleteScanner(serialNumber, discoverMode);
229 }
230
TestGetAddedScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)231 void TestGetAddedScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
232 {
233 auto scanManagerPtr = ScanManagerClient::GetInstance();
234 if (scanManagerPtr == nullptr) {
235 return;
236 }
237 int32_t count = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
238 std::vector<ScanDeviceInfo> allAddedScanner(count);
239 scanManagerPtr->GetAddedScanner(allAddedScanner);
240 }
241
TestUpdateScannerName(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)242 void TestUpdateScannerName(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
243 {
244 auto scanManagerPtr = ScanManagerClient::GetInstance();
245 if (scanManagerPtr == nullptr) {
246 return;
247 }
248 std::string serialNumber = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
249 std::string discoverMode = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
250 std::string deviceName = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
251 scanManagerPtr->UpdateScannerName(serialNumber, discoverMode, deviceName);
252 }
253
254 }
255
256 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)257 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
258 {
259 if (data == nullptr) {
260 return 0;
261 }
262
263 if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) {
264 return 0;
265 }
266 FuzzedDataProvider dataProvider(data, size);
267 OHOS::Scan::TestGetScannerList(data, size, &dataProvider);
268 OHOS::Scan::TestStopDiscover(data, size, &dataProvider);
269 OHOS::Scan::TestGetScanOptionDesc(data, size, &dataProvider);
270 OHOS::Scan::TestOpScanOptionValue(data, size, &dataProvider);
271 OHOS::Scan::TestGetScanParameters(data, size, &dataProvider);
272 OHOS::Scan::TestStartScan(data, size, &dataProvider);
273 OHOS::Scan::TestGetSingleFrameFD(data, size, &dataProvider);
274 OHOS::Scan::TestSetScanIOMode(data, size, &dataProvider);
275 OHOS::Scan::TestGetScanSelectFd(data, size, &dataProvider);
276 OHOS::Scan::TestOn(data, size, &dataProvider);
277 OHOS::Scan::TestOff(data, size, &dataProvider);
278 OHOS::Scan::TestGetScannerState(data, size, &dataProvider);
279 OHOS::Scan::TestGetScanProgress(data, size, &dataProvider);
280 OHOS::Scan::TestAddScanner(data, size, &dataProvider);
281 OHOS::Scan::TestDeleteScanner(data, size, &dataProvider);
282 OHOS::Scan::TestGetAddedScanner(data, size, &dataProvider);
283 OHOS::Scan::TestUpdateScannerName(data, size, &dataProvider);
284
285 return 0;
286 }
287
288