From 88d247d5bdd29951f125e6906573d8c62b94c8da Mon Sep 17 00:00:00 2001 From: wangyikai Date: Sat, 27 Jul 2024 17:05:48 +0800 Subject: [PATCH] =?UTF-8?q?fuzz=E7=94=A8=E4=BE=8B=20crash=20=E4=BF=AE?= =?UTF-8?q?=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wangyikai --- .../hcs_fuzzer/hcs_fuzzer.cpp | 261 ++++++------------ .../innerapi_utils_fuzzer.cpp | 8 +- 2 files changed, 94 insertions(+), 175 deletions(-) diff --git a/framework/test/fuzztest/framework_fuzzer/hcs_fuzzer/hcs_fuzzer.cpp b/framework/test/fuzztest/framework_fuzzer/hcs_fuzzer/hcs_fuzzer.cpp index 5ab927b27..59f3435e2 100644 --- a/framework/test/fuzztest/framework_fuzzer/hcs_fuzzer/hcs_fuzzer.cpp +++ b/framework/test/fuzztest/framework_fuzzer/hcs_fuzzer/hcs_fuzzer.cpp @@ -11,6 +11,7 @@ #include "hcs_tree_if.h" #include "hdf_base.h" #include "hdf_log.h" +#include "securec.h" namespace OHOS { constexpr size_t THRESHOLD = 10; @@ -25,14 +26,6 @@ enum FuncId { HCS_HCSGETUINT16ARRAYELEM, HCS_HCSGETUINT32ARRAYELEM, HCS_HCSGETUINT64ARRAYELEM, - HCS_HCSGETUINT8ARRAY, - HCS_HCSGETUINT16ARRAY, - HCS_HCSGETUINT32ARRAY, - HCS_HCSGETUINT64ARRAY, - HCS_HCSGETELEMNUM, - HCS_HCSGETNODEBYMATCHATTR, - HCS_HCSGETCHILDNODE, - HCS_HCSGETNODEBYREFATTR, HCS_END }; @@ -42,9 +35,18 @@ void FuncHcsGetBool(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { + return; + } + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; - HcsGetBool(node, attrName); + HcsGetBool(&node, attrName); return; } @@ -54,12 +56,21 @@ void FuncHcsGetUint8(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { + return; + } + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; uint8_t value = 0; uint8_t def = 0; - HcsGetUint8(node, attrName, &value, def); + HcsGetUint8(&node, attrName, &value, def); return; } @@ -69,12 +80,21 @@ void FuncHcsGetUint32(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { + return; + } + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; uint32_t value = 0; uint32_t def = 0; - HcsGetUint32(node, attrName, &value, def); + HcsGetUint32(&node, attrName, &value, def); return; } @@ -84,12 +104,21 @@ void FuncHcsGetUint64(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { + return; + } + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; uint64_t value = 0; uint64_t def = 0; - HcsGetUint64(node, attrName, &value, def); + HcsGetUint64(&node, attrName, &value, def); return; } @@ -99,13 +128,22 @@ void FuncHcsGetUint8ArrayElem(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { + return; + } + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; uint32_t index = 0; uint8_t value = 0; uint8_t def = 0; - HcsGetUint8ArrayElem(node, attrName, index, &value, def); + HcsGetUint8ArrayElem(&node, attrName, index, &value, def); return; } @@ -115,13 +153,22 @@ void FuncHcsGetUint16ArrayElem(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { + return; + } + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; uint32_t index = 0; uint16_t value = 0; uint16_t def = 0; - HcsGetUint16ArrayElem(node, attrName, index, &value, def); + HcsGetUint16ArrayElem(&node, attrName, index, &value, def); return; } @@ -131,13 +178,22 @@ void FuncHcsGetUint32ArrayElem(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { + return; + } + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; uint32_t index = 0; uint32_t value = 0; uint32_t def = 0; - HcsGetUint32ArrayElem(node, attrName, index, &value, def); + HcsGetUint32ArrayElem(&node, attrName, index, &value, def); return; } @@ -147,129 +203,22 @@ void FuncHcsGetUint64ArrayElem(const uint8_t *data, size_t size) return; } - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *attrName = "nothing"; - uint32_t index = 0; - uint64_t value = 0; - uint64_t def = 0; - - HcsGetUint64ArrayElem(node, attrName, index, &value, def); - return; -} - -void FuncHcsGetUint8Array(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { - return; - } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *attrName = "nothing"; - uint8_t *value = (uint8_t *)(data + sizeof(struct DeviceResourceNode)); - uint32_t len = (size - sizeof(struct DeviceResourceNode)) / sizeof(uint8_t); - uint8_t def = 0; - - HcsGetUint8Array(node, attrName, value, len, def); - return; -} - -void FuncHcsGetUint16Array(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { - return; - } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *attrName = "nothing"; - uint16_t *value = (uint16_t *)(data + sizeof(struct DeviceResourceNode)); - uint32_t len = (size - sizeof(struct DeviceResourceNode)) / sizeof(uint16_t); - uint16_t def = 0; - - HcsGetUint16Array(node, attrName, value, len, def); - return; -} - -void FuncHcsGetUint32Array(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { - return; - } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *attrName = "nothing"; - uint32_t *value = (uint32_t *)(data + sizeof(struct DeviceResourceNode)); - uint32_t len = (size - sizeof(struct DeviceResourceNode)) / sizeof(uint32_t); - uint32_t def = 0; - - HcsGetUint32Array(node, attrName, value, len, def); - return; -} - -void FuncHcsGetUint64Array(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { + struct DeviceResourceNode node; + size_t sz = sizeof(struct DeviceResourceNode); + if (memcpy_s(&node, sz, data, sz) != EOK) { return; } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; + node.name = "nothing"; + node.attrData = NULL; + node.parent = NULL; + node.child = NULL; + node.sibling = NULL; const char *attrName = "nothing"; - uint64_t *value = (uint64_t *)(data + sizeof(struct DeviceResourceNode)); - uint32_t len = (size - sizeof(struct DeviceResourceNode)) / sizeof(uint64_t); + uint32_t index = 0; + uint64_t value = 0; uint64_t def = 0; - HcsGetUint64Array(node, attrName, value, len, def); - return; -} - -void FuncHcsGetElemNum(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { - return; - } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *attrName = "nothing"; - - HcsGetElemNum(node, attrName); - return; -} - -void FuncHcsGetNodeByMatchAttr(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { - return; - } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *attrValue = "nothing"; - - HcsGetNodeByMatchAttr(node, attrValue); - return; -} - -void FuncHcsGetChildNode(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { - return; - } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *nodeName = "nothing"; - - HcsGetChildNode(node, nodeName); - return; -} - -void FuncHcsGetNodeByRefAttr(const uint8_t *data, size_t size) -{ - if (size < sizeof(struct DeviceResourceNode)) { - return; - } - - struct DeviceResourceNode *node = (struct DeviceResourceNode *)data; - const char *attrName = "nothing"; - - HcsGetNodeByRefAttr(node, attrName); + HcsGetUint64ArrayElem(&node, attrName, index, &value, def); return; } @@ -308,38 +257,6 @@ void FuncSwitch(uint32_t cmd, const uint8_t *data, size_t size) FuncHcsGetUint64ArrayElem(data, size); break; } - case HCS_HCSGETUINT8ARRAY: { - FuncHcsGetUint8Array(data, size); - break; - } - case HCS_HCSGETUINT16ARRAY: { - FuncHcsGetUint16Array(data, size); - break; - } - case HCS_HCSGETUINT32ARRAY: { - FuncHcsGetUint32Array(data, size); - break; - } - case HCS_HCSGETUINT64ARRAY: { - FuncHcsGetUint64Array(data, size); - break; - } - case HCS_HCSGETELEMNUM: { - FuncHcsGetElemNum(data, size); - break; - } - case HCS_HCSGETNODEBYMATCHATTR: { - FuncHcsGetNodeByMatchAttr(data, size); - break; - } - case HCS_HCSGETCHILDNODE: { - FuncHcsGetChildNode(data, size); - break; - } - case HCS_HCSGETNODEBYREFATTR: { - FuncHcsGetNodeByRefAttr(data, size); - break; - } default: return; } diff --git a/framework/test/fuzztest/uhdf2_utils_fuzzer/inner_api_utils_fuzzer/innerapi_utils_fuzzer.cpp b/framework/test/fuzztest/uhdf2_utils_fuzzer/inner_api_utils_fuzzer/innerapi_utils_fuzzer.cpp index e10decdc0..08357112b 100644 --- a/framework/test/fuzztest/uhdf2_utils_fuzzer/inner_api_utils_fuzzer/innerapi_utils_fuzzer.cpp +++ b/framework/test/fuzztest/uhdf2_utils_fuzzer/inner_api_utils_fuzzer/innerapi_utils_fuzzer.cpp @@ -23,14 +23,16 @@ enum FuncId { void FuncdListInsertHead(const uint8_t *data, size_t size) { + (void)data; constexpr uint16_t cnt = 2; if (size < sizeof(struct DListHead) * cnt) { return; } - struct DListHead *entry = (struct DListHead *)data; - struct DListHead *head = (struct DListHead *)(data + sizeof(struct DListHead)); - DListInsertHead(entry, head); + struct DListHead entry; + struct DListHead head; + DListHeadInit(&head); + DListInsertHead(&entry, &head); return; } -- Gitee