1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "fuzzer/FuzzedDataProvider.h"
17 #include "scanservicestub_fuzzer.h"
18 #include "scan_service_ability.h"
19
20 namespace OHOS {
21 namespace Scan {
22 constexpr uint8_t MAX_STRING_LENGTH = 255;
23 constexpr int MAX_SET_NUMBER = 100;
24 constexpr size_t FOO_MAX_LEN = 1024;
25 constexpr size_t U32_AT_SIZE = 4;
26
WriteInterfaceToken(MessageParcel & datas)27 bool WriteInterfaceToken(MessageParcel &datas)
28 {
29 if (!datas.WriteInterfaceToken(ScanServiceAbility::GetInstance()->GetDescriptor())) {
30 return false;
31 }
32 return true;
33 }
34
TestOnOpenScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)35 bool TestOnOpenScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
36 {
37 MessageParcel datas;
38 MessageParcel reply;
39 MessageOption option;
40 if (!WriteInterfaceToken(datas)) {
41 return false;
42 }
43 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
44 datas.WriteString(scannerId);
45 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCANNER_LIST, datas, reply, option);
46 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_STOP_DISCOVER, datas, reply, option);
47 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_INIT_SCAN, datas, reply, option);
48 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OPEN_SCANNER, datas, reply, option);
49 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_EXIT_SCAN, datas, reply, option);
50 return true;
51 }
52
TestOnCloseScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)53 bool TestOnCloseScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
54 {
55 MessageParcel datas;
56 MessageParcel reply;
57 MessageOption option;
58 if (!WriteInterfaceToken(datas)) {
59 return false;
60 }
61 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
62 datas.WriteString(scannerId);
63 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CLOSE_SCANNER, datas, reply, option);
64 return true;
65 }
66
TestOnGetScanOptionDesc(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)67 bool TestOnGetScanOptionDesc(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
68 {
69 MessageParcel datas;
70 MessageParcel reply;
71 MessageOption option;
72 if (!WriteInterfaceToken(datas)) {
73 return false;
74 }
75 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
76 datas.WriteString(scannerId);
77 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
78 datas.WriteInt32(optionIndex);
79 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_OPTION_DESC, datas, reply, option);
80 return true;
81 }
82
TestOnOpScanOptionValue(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)83 bool TestOnOpScanOptionValue(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
84 {
85 MessageParcel datas;
86 MessageParcel reply;
87 MessageOption option;
88 if (!WriteInterfaceToken(datas)) {
89 return false;
90 }
91 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
92 datas.WriteString(scannerId);
93 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
94 datas.WriteInt32(optionIndex);
95 ScanOptionOpType op = SCAN_ACTION_SET_VALUE;
96 datas.WriteUint32(op);
97 ScanOptionValue value;
98 value.Marshalling(datas);
99 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OP_SCAN_OPTION_VALUE, datas, reply, option);
100 return true;
101 }
102
TestOnGetScanParameters(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)103 bool TestOnGetScanParameters(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
104 {
105 MessageParcel datas;
106 MessageParcel reply;
107 MessageOption option;
108 if (!WriteInterfaceToken(datas)) {
109 return false;
110 }
111 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
112 datas.WriteString(scannerId);
113 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PARAMETERS, datas, reply, option);
114 return true;
115 }
116
TestOnStartScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)117 bool TestOnStartScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
118 {
119 MessageParcel datas;
120 MessageParcel reply;
121 MessageOption option;
122 if (!WriteInterfaceToken(datas)) {
123 return false;
124 }
125 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
126 datas.WriteString(scannerId);
127 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_START_SCAN, datas, reply, option);
128 return true;
129 }
130
TestOnGetSingleFrameFD(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)131 bool TestOnGetSingleFrameFD(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
132 {
133 MessageParcel datas;
134 MessageParcel reply;
135 MessageOption option;
136 if (!WriteInterfaceToken(datas)) {
137 return false;
138 }
139 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
140 datas.WriteString(scannerId);
141 uint32_t fd = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
142 datas.WriteFileDescriptor(fd);
143 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SINGLE_FRAME_FD, datas, reply, option);
144 return true;
145 }
146
TestOnCancelScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)147 bool TestOnCancelScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
148 {
149 MessageParcel datas;
150 MessageParcel reply;
151 MessageOption option;
152 if (!WriteInterfaceToken(datas)) {
153 return false;
154 }
155 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
156 datas.WriteString(scannerId);
157 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CANCEL_SCAN, datas, reply, option);
158 return true;
159 }
160
TestOnSetScanIOMode(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)161 bool TestOnSetScanIOMode(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
162 {
163 MessageParcel datas;
164 MessageParcel reply;
165 MessageOption option;
166 if (!WriteInterfaceToken(datas)) {
167 return false;
168 }
169 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
170 datas.WriteString(scannerId);
171 bool isNonBlocking = dataProvider->ConsumeBool();
172 datas.WriteBool(isNonBlocking);
173 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_SET_SCAN_IO_MODE, datas, reply, option);
174 return true;
175 }
176
TestOnGetScanSelectFd(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)177 bool TestOnGetScanSelectFd(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
178 {
179 MessageParcel datas;
180 MessageParcel reply;
181 MessageOption option;
182 if (!WriteInterfaceToken(datas)) {
183 return false;
184 }
185 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
186 datas.WriteString(scannerId);
187 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_SELECT_FD, datas, reply, option);
188 return true;
189 }
190
TestOnGetScanProgress(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)191 bool TestOnGetScanProgress(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
192 {
193 MessageParcel datas;
194 MessageParcel reply;
195 MessageOption option;
196 if (!WriteInterfaceToken(datas)) {
197 return false;
198 }
199 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
200 datas.WriteString(scannerId);
201 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PROGRESS, datas, reply, option);
202 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCANNER_STATE, datas, reply, option);
203 return true;
204 }
205
TestOnEventOn(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)206 bool TestOnEventOn(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
207 {
208 MessageParcel datas;
209 MessageParcel reply;
210 MessageOption option;
211 if (!WriteInterfaceToken(datas)) {
212 return false;
213 }
214 std::string taskId = "";
215 datas.WriteString(taskId);
216 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
217 datas.WriteString(type);
218 return true;
219 }
220
TestOnEventOff(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)221 bool TestOnEventOff(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
222 {
223 MessageParcel datas;
224 MessageParcel reply;
225 MessageOption option;
226 if (!WriteInterfaceToken(datas)) {
227 return false;
228 }
229 std::string taskId = "";
230 datas.WriteString(taskId);
231 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
232 datas.WriteString(type);
233 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OFF, datas, reply, option);
234 return true;
235 }
236 }
237 }
238
239 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)240 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
241 {
242 if (data == nullptr) {
243 return 0;
244 }
245
246 if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) {
247 return 0;
248 }
249 FuzzedDataProvider dataProvider(data, size);
250 OHOS::Scan::TestOnOpenScanner(data, size, &dataProvider);
251 OHOS::Scan::TestOnCloseScanner(data, size, &dataProvider);
252 OHOS::Scan::TestOnGetScanOptionDesc(data, size, &dataProvider);
253 OHOS::Scan::TestOnOpScanOptionValue(data, size, &dataProvider);
254 OHOS::Scan::TestOnGetScanParameters(data, size, &dataProvider);
255 OHOS::Scan::TestOnStartScan(data, size, &dataProvider);
256 OHOS::Scan::TestOnGetSingleFrameFD(data, size, &dataProvider);
257 OHOS::Scan::TestOnCancelScan(data, size, &dataProvider);
258 OHOS::Scan::TestOnSetScanIOMode(data, size, &dataProvider);
259 OHOS::Scan::TestOnGetScanSelectFd(data, size, &dataProvider);
260 OHOS::Scan::TestOnGetScanProgress(data, size, &dataProvider);
261 OHOS::Scan::TestOnEventOn(data, size, &dataProvider);
262 OHOS::Scan::TestOnEventOff(data, size, &dataProvider);
263 return 0;
264 }