15c735df2Sopenharmony_ci/* 25c735df2Sopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 35c735df2Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 45c735df2Sopenharmony_ci * you may not use this file except in compliance with the License. 55c735df2Sopenharmony_ci * You may obtain a copy of the License at 65c735df2Sopenharmony_ci * 75c735df2Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 85c735df2Sopenharmony_ci * 95c735df2Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 105c735df2Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 115c735df2Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 125c735df2Sopenharmony_ci * See the License for the specific language governing permissions and 135c735df2Sopenharmony_ci * limitations under the License. 145c735df2Sopenharmony_ci */ 155c735df2Sopenharmony_ci 165c735df2Sopenharmony_ci#include "gnssstatuscallbackhost_fuzzer.h" 175c735df2Sopenharmony_ci 185c735df2Sopenharmony_ci#include "accesstoken_kit.h" 195c735df2Sopenharmony_ci#include "if_system_ability_manager.h" 205c735df2Sopenharmony_ci#include "iservice_registry.h" 215c735df2Sopenharmony_ci#include "message_option.h" 225c735df2Sopenharmony_ci#include "message_parcel.h" 235c735df2Sopenharmony_ci#include "nativetoken_kit.h" 245c735df2Sopenharmony_ci#include "system_ability_definition.h" 255c735df2Sopenharmony_ci#include "token_setproc.h" 265c735df2Sopenharmony_ci#include "locator_ability.h" 275c735df2Sopenharmony_ci 285c735df2Sopenharmony_ci#ifdef FEATURE_GNSS_SUPPORT 295c735df2Sopenharmony_ci#include "gnss_status_callback_napi.h" 305c735df2Sopenharmony_ci#endif 315c735df2Sopenharmony_ci 325c735df2Sopenharmony_ci 335c735df2Sopenharmony_cinamespace OHOS { 345c735df2Sopenharmony_ciusing namespace OHOS::Location; 355c735df2Sopenharmony_ciconst int32_t MAX_MEM_SIZE = 4 * 1024 * 1024; 365c735df2Sopenharmony_ci 375c735df2Sopenharmony_cichar* ParseData(const uint8_t* data, size_t size) 385c735df2Sopenharmony_ci{ 395c735df2Sopenharmony_ci if (data == nullptr) { 405c735df2Sopenharmony_ci return nullptr; 415c735df2Sopenharmony_ci } 425c735df2Sopenharmony_ci 435c735df2Sopenharmony_ci if (size > MAX_MEM_SIZE) { 445c735df2Sopenharmony_ci return nullptr; 455c735df2Sopenharmony_ci } 465c735df2Sopenharmony_ci 475c735df2Sopenharmony_ci char* ch = (char *)malloc(size + 1); 485c735df2Sopenharmony_ci if (ch == nullptr) { 495c735df2Sopenharmony_ci return nullptr; 505c735df2Sopenharmony_ci } 515c735df2Sopenharmony_ci 525c735df2Sopenharmony_ci (void)memset_s(ch, size + 1, 0x00, size + 1); 535c735df2Sopenharmony_ci if (memcpy_s(ch, size, data, size) != EOK) { 545c735df2Sopenharmony_ci free(ch); 555c735df2Sopenharmony_ci ch = nullptr; 565c735df2Sopenharmony_ci return nullptr; 575c735df2Sopenharmony_ci } 585c735df2Sopenharmony_ci return ch; 595c735df2Sopenharmony_ci} 605c735df2Sopenharmony_ci 615c735df2Sopenharmony_ci#ifdef FEATURE_GNSS_SUPPORT 625c735df2Sopenharmony_cibool GnssStatusCallbackHostFuzzTest(const char* data, size_t size) 635c735df2Sopenharmony_ci{ 645c735df2Sopenharmony_ci MessageParcel requestParcel; 655c735df2Sopenharmony_ci requestParcel.WriteInterfaceToken(u"location.IGnssStatusCallback"); 665c735df2Sopenharmony_ci requestParcel.WriteBuffer(data, size); 675c735df2Sopenharmony_ci requestParcel.RewindRead(0); 685c735df2Sopenharmony_ci 695c735df2Sopenharmony_ci MessageParcel reply; 705c735df2Sopenharmony_ci MessageOption option; 715c735df2Sopenharmony_ci auto callback = sptr<GnssStatusCallbackNapi>(new (std::nothrow) GnssStatusCallbackNapi()); 725c735df2Sopenharmony_ci callback->OnRemoteRequest(GnssStatusCallbackNapi::RECEIVE_STATUS_INFO_EVENT, requestParcel, reply, option); 735c735df2Sopenharmony_ci return true; 745c735df2Sopenharmony_ci} 755c735df2Sopenharmony_ci#endif 765c735df2Sopenharmony_ci} // namespace OHOS 775c735df2Sopenharmony_ci 785c735df2Sopenharmony_ci/* Fuzzer entry point */ 795c735df2Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 805c735df2Sopenharmony_ci{ 815c735df2Sopenharmony_ci char* ch = OHOS::ParseData(data, size); 825c735df2Sopenharmony_ci if (ch != nullptr) { 835c735df2Sopenharmony_ci#ifdef FEATURE_GNSS_SUPPORT 845c735df2Sopenharmony_ci OHOS::GnssStatusCallbackHostFuzzTest(ch, size); 855c735df2Sopenharmony_ci#endif 865c735df2Sopenharmony_ci free(ch); 875c735df2Sopenharmony_ci ch = nullptr; 885c735df2Sopenharmony_ci } 895c735df2Sopenharmony_ci return 0; 905c735df2Sopenharmony_ci} 915c735df2Sopenharmony_ci 92