1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "updateincalldatamachine_fuzzer.h"
17 
18 #define private public
19 #define protected public
20 
21 #include "adddatatoken_fuzzer.h"
22 #include "incalldatastatemachine_fuzzer.h"
23 
24 namespace OHOS {
25 using namespace OHOS::Telephony;
26 using namespace AppExecFwk;
27 using namespace OHOS::EventFwk;
28 static int32_t SIM_COUNT = 2;
29 bool g_flag = false;
30 
IdleStateMachineFuzz(const uint8_t * data,size_t size)31 void IdleStateMachineFuzz(const uint8_t *data, size_t size)
32 {
33     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
34     if (fuzzer == nullptr) {
35         return;
36     }
37     int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
38     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
39     if (machine == nullptr) {
40         return;
41     }
42     std::int32_t intValue = static_cast<int32_t>(size);
43     machine->Init(intValue);
44     if (machine->idleState_ == nullptr) {
45         return;
46     }
47     auto idleState = static_cast<IdleState *>(machine->idleState_.GetRefPtr());
48     machine->GetCurrentState();
49     machine->CanActiveDataByRadioTech();
50     machine->IsSecondaryCanActiveData();
51     machine->IsIncallDataSwitchOn();
52     machine->GetSlotId();
53     machine->HasAnyConnectedState();
54     machine->GetCallState();
55     machine->UpdateCallState(intValue);
56     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
57     if (object == nullptr) {
58         return;
59     }
60     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
61     idleState->StateProcess(event);
62     idleState->ProcessCallStarted(event);
63     idleState->ProcessCallEnded(event);
64     idleState->ProcessSettingsOn(event);
65     idleState->ProcessDsdsChanged(event);
66 }
67 
ActivatingSecondaryStateMachineFuzz(const uint8_t * data,size_t size)68 void ActivatingSecondaryStateMachineFuzz(const uint8_t *data, size_t size)
69 {
70     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
71     if (fuzzer == nullptr) {
72         return;
73     }
74     int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
75     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
76     if (machine == nullptr) {
77         return;
78     }
79     std::int32_t intValue = static_cast<int32_t>(size);
80     machine->Init(intValue);
81     if (machine->activatingSecondaryState_ == nullptr || machine->secondaryActiveState_ == nullptr) {
82         return;
83     }
84     auto activatingSecondaryState =
85         static_cast<ActivatingSecondaryState *>(machine->activatingSecondaryState_.GetRefPtr());
86     auto secondaryActiveState = static_cast<SecondaryActiveState *>(machine->secondaryActiveState_.GetRefPtr());
87     machine->TransitionTo(machine->activatingSecondaryState_);
88     machine->GetCurrentState();
89     machine->CanActiveDataByRadioTech();
90     machine->IsSecondaryCanActiveData();
91     machine->IsIncallDataSwitchOn();
92     machine->GetSlotId();
93     machine->HasAnyConnectedState();
94     machine->GetCallState();
95     machine->UpdateCallState(intValue);
96     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
97     if (object == nullptr) {
98         return;
99     }
100     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
101     activatingSecondaryState->StateProcess(event);
102     secondaryActiveState->StateProcess(event);
103     secondaryActiveState->ProcessSettingsOn(event);
104     secondaryActiveState->ProcessCallEnded(event);
105     secondaryActiveState->ProcessSettingsOff(event);
106     secondaryActiveState->ProcessDsdsChanged(event);
107 }
108 
ActivatedSecondaryStateMachineFuzz(const uint8_t * data,size_t size)109 void ActivatedSecondaryStateMachineFuzz(const uint8_t *data, size_t size)
110 {
111     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
112     if (fuzzer == nullptr) {
113         return;
114     }
115     int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
116     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
117     if (machine == nullptr) {
118         return;
119     }
120     std::int32_t intValue = static_cast<int32_t>(size);
121     machine->Init(intValue);
122     if (machine->activatedSecondaryState_ == nullptr || machine->secondaryActiveState_ == nullptr) {
123         return;
124     }
125     auto activatedSecondaryState =
126         static_cast<ActivatedSecondaryState *>(machine->activatedSecondaryState_.GetRefPtr());
127     auto secondaryActiveState = static_cast<SecondaryActiveState *>(machine->secondaryActiveState_.GetRefPtr());
128     machine->TransitionTo(machine->activatingSecondaryState_);
129     machine->TransitionTo(machine->activatedSecondaryState_);
130     machine->GetCurrentState();
131     machine->CanActiveDataByRadioTech();
132     machine->IsSecondaryCanActiveData();
133     machine->IsIncallDataSwitchOn();
134     machine->GetSlotId();
135     machine->HasAnyConnectedState();
136     machine->GetCallState();
137     machine->UpdateCallState(intValue);
138     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
139     if (object == nullptr) {
140         return;
141     }
142     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
143     activatedSecondaryState->StateProcess(event);
144     secondaryActiveState->StateProcess(event);
145     secondaryActiveState->ProcessSettingsOn(event);
146     secondaryActiveState->ProcessCallEnded(event);
147     secondaryActiveState->ProcessSettingsOff(event);
148     secondaryActiveState->ProcessDsdsChanged(event);
149 }
150 
DeactivatingSecondaryStateMachineFuzz(const uint8_t * data,size_t size)151 void DeactivatingSecondaryStateMachineFuzz(const uint8_t *data, size_t size)
152 {
153     std::shared_ptr<IncallDataStateMachineFuzzer> fuzzer = std::make_shared<IncallDataStateMachineFuzzer>();
154     if (fuzzer == nullptr) {
155         return;
156     }
157     int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
158     std::shared_ptr<IncallDataStateMachine> machine = fuzzer->CreateIncallDataStateMachine(slotId);
159     if (machine == nullptr) {
160         return;
161     }
162     std::int32_t intValue = static_cast<int32_t>(size);
163     machine->Init(intValue);
164     if (machine->deactivatingSecondaryState_ == nullptr || machine->idleState_ == nullptr) {
165         return;
166     }
167     auto deactivatingSecondaryState =
168         static_cast<DeactivatingSecondaryState *>(machine->deactivatingSecondaryState_.GetRefPtr());
169     auto idleState = static_cast<IdleState *>(machine->idleState_.GetRefPtr());
170     machine->TransitionTo(machine->activatingSecondaryState_);
171     machine->TransitionTo(machine->activatedSecondaryState_);
172     machine->TransitionTo(machine->deactivatingSecondaryState_);
173     machine->GetCurrentState();
174     machine->CanActiveDataByRadioTech();
175     machine->IsSecondaryCanActiveData();
176     machine->IsIncallDataSwitchOn();
177     machine->GetSlotId();
178     machine->HasAnyConnectedState();
179     machine->GetCallState();
180     machine->UpdateCallState(intValue);
181     std::shared_ptr<uint8_t> object = std::make_shared<uint8_t>(*data);
182     if (object == nullptr) {
183         return;
184     }
185     InnerEvent::Pointer event = InnerEvent::Get(intValue, object);
186     deactivatingSecondaryState->StateProcess(event);
187     idleState->StateProcess(event);
188     idleState->ProcessCallStarted(event);
189     idleState->ProcessCallEnded(event);
190     idleState->ProcessSettingsOn(event);
191     idleState->ProcessDsdsChanged(event);
192 }
193 
UpdateIncallDataMachineWithMyAPI(const uint8_t * data,size_t size)194 void UpdateIncallDataMachineWithMyAPI(const uint8_t *data, size_t size)
195 {
196     if (data == nullptr || size == 0) {
197         return;
198     }
199 
200     if (!g_flag) {
201         IdleStateMachineFuzz(data, size);
202         ActivatingSecondaryStateMachineFuzz(data, size);
203         ActivatedSecondaryStateMachineFuzz(data, size);
204         DeactivatingSecondaryStateMachineFuzz(data, size);
205         g_flag = true;
206     }
207 }
208 } // namespace OHOS
209 
210 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)211 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
212 {
213     OHOS::AddDataTokenFuzzer token;
214     /* Run your code on data */
215     OHOS::UpdateIncallDataMachineWithMyAPI(data, size);
216     return 0;
217 }