15c735df2Sopenharmony_ci/* 25c735df2Sopenharmony_ci * Copyright (c) 2022 Huawei Device Co., Ltd. 35c735df2Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 45c735df2Sopenharmony_ci * you may not use this file except in compliance with the License. 55c735df2Sopenharmony_ci * You may obtain a copy of the License at 65c735df2Sopenharmony_ci * 75c735df2Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 85c735df2Sopenharmony_ci * 95c735df2Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 105c735df2Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 115c735df2Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 125c735df2Sopenharmony_ci * See the License for the specific language governing permissions and 135c735df2Sopenharmony_ci * limitations under the License. 145c735df2Sopenharmony_ci */ 155c735df2Sopenharmony_ci 165c735df2Sopenharmony_ci#include "locationswitchcallbackhost_fuzzer.h" 175c735df2Sopenharmony_ci 185c735df2Sopenharmony_ci#include "accesstoken_kit.h" 195c735df2Sopenharmony_ci#include "if_system_ability_manager.h" 205c735df2Sopenharmony_ci#include "iservice_registry.h" 215c735df2Sopenharmony_ci#include "message_option.h" 225c735df2Sopenharmony_ci#include "message_parcel.h" 235c735df2Sopenharmony_ci#include "nativetoken_kit.h" 245c735df2Sopenharmony_ci#include "system_ability_definition.h" 255c735df2Sopenharmony_ci#include "token_setproc.h" 265c735df2Sopenharmony_ci#include "locator_ability.h" 275c735df2Sopenharmony_ci 285c735df2Sopenharmony_ci#include "location_switch_callback_napi.h" 295c735df2Sopenharmony_ci 305c735df2Sopenharmony_cinamespace OHOS { 315c735df2Sopenharmony_ciusing namespace OHOS::Location; 325c735df2Sopenharmony_ciconst int32_t MAX_MEM_SIZE = 4 * 1024 * 1024; 335c735df2Sopenharmony_ci 345c735df2Sopenharmony_cichar* ParseData(const uint8_t* data, size_t size) 355c735df2Sopenharmony_ci{ 365c735df2Sopenharmony_ci if (data == nullptr) { 375c735df2Sopenharmony_ci return nullptr; 385c735df2Sopenharmony_ci } 395c735df2Sopenharmony_ci 405c735df2Sopenharmony_ci if (size > MAX_MEM_SIZE) { 415c735df2Sopenharmony_ci return nullptr; 425c735df2Sopenharmony_ci } 435c735df2Sopenharmony_ci 445c735df2Sopenharmony_ci char* ch = (char *)malloc(size + 1); 455c735df2Sopenharmony_ci if (ch == nullptr) { 465c735df2Sopenharmony_ci return nullptr; 475c735df2Sopenharmony_ci } 485c735df2Sopenharmony_ci 495c735df2Sopenharmony_ci (void)memset_s(ch, size + 1, 0x00, size + 1); 505c735df2Sopenharmony_ci if (memcpy_s(ch, size, data, size) != EOK) { 515c735df2Sopenharmony_ci free(ch); 525c735df2Sopenharmony_ci ch = nullptr; 535c735df2Sopenharmony_ci return nullptr; 545c735df2Sopenharmony_ci } 555c735df2Sopenharmony_ci return ch; 565c735df2Sopenharmony_ci} 575c735df2Sopenharmony_ci 585c735df2Sopenharmony_cibool LocationSwitchCallbackHostFuzzTest(const char* data, size_t size) 595c735df2Sopenharmony_ci{ 605c735df2Sopenharmony_ci MessageParcel requestParcel; 615c735df2Sopenharmony_ci requestParcel.WriteInterfaceToken(u"location.ISwitchCallback"); 625c735df2Sopenharmony_ci requestParcel.WriteBuffer(data, size); 635c735df2Sopenharmony_ci requestParcel.RewindRead(0); 645c735df2Sopenharmony_ci 655c735df2Sopenharmony_ci MessageParcel reply; 665c735df2Sopenharmony_ci MessageOption option; 675c735df2Sopenharmony_ci auto callback = sptr<LocationSwitchCallbackNapi>(new (std::nothrow) LocationSwitchCallbackNapi()); 685c735df2Sopenharmony_ci callback->OnRemoteRequest(ISwitchCallback::RECEIVE_SWITCH_STATE_EVENT, requestParcel, reply, option); 695c735df2Sopenharmony_ci return true; 705c735df2Sopenharmony_ci} 715c735df2Sopenharmony_ci} // namespace OHOS 725c735df2Sopenharmony_ci 735c735df2Sopenharmony_ci/* Fuzzer entry point */ 745c735df2Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 755c735df2Sopenharmony_ci{ 765c735df2Sopenharmony_ci char* ch = OHOS::ParseData(data, size); 775c735df2Sopenharmony_ci if (ch != nullptr) { 785c735df2Sopenharmony_ci OHOS::LocationSwitchCallbackHostFuzzTest(ch, size); 795c735df2Sopenharmony_ci free(ch); 805c735df2Sopenharmony_ci ch = nullptr; 815c735df2Sopenharmony_ci } 825c735df2Sopenharmony_ci return 0; 835c735df2Sopenharmony_ci} 845c735df2Sopenharmony_ci 85