1/* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "fuzzer/FuzzedDataProvider.h" 17#include "scanservicestub_fuzzer.h" 18#include "scan_service_ability.h" 19 20namespace OHOS { 21namespace Scan { 22 constexpr uint8_t MAX_STRING_LENGTH = 255; 23 constexpr int MAX_SET_NUMBER = 100; 24 constexpr size_t FOO_MAX_LEN = 1024; 25 constexpr size_t U32_AT_SIZE = 4; 26 27 bool WriteInterfaceToken(MessageParcel &datas) 28 { 29 if (!datas.WriteInterfaceToken(ScanServiceAbility::GetInstance()->GetDescriptor())) { 30 return false; 31 } 32 return true; 33 } 34 35 bool TestOnOpenScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 36 { 37 MessageParcel datas; 38 MessageParcel reply; 39 MessageOption option; 40 if (!WriteInterfaceToken(datas)) { 41 return false; 42 } 43 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 44 datas.WriteString(scannerId); 45 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCANNER_LIST, datas, reply, option); 46 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_STOP_DISCOVER, datas, reply, option); 47 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_INIT_SCAN, datas, reply, option); 48 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OPEN_SCANNER, datas, reply, option); 49 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_EXIT_SCAN, datas, reply, option); 50 return true; 51 } 52 53 bool TestOnCloseScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 54 { 55 MessageParcel datas; 56 MessageParcel reply; 57 MessageOption option; 58 if (!WriteInterfaceToken(datas)) { 59 return false; 60 } 61 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 62 datas.WriteString(scannerId); 63 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CLOSE_SCANNER, datas, reply, option); 64 return true; 65 } 66 67 bool TestOnGetScanOptionDesc(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 68 { 69 MessageParcel datas; 70 MessageParcel reply; 71 MessageOption option; 72 if (!WriteInterfaceToken(datas)) { 73 return false; 74 } 75 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 76 datas.WriteString(scannerId); 77 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER); 78 datas.WriteInt32(optionIndex); 79 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_OPTION_DESC, datas, reply, option); 80 return true; 81 } 82 83 bool TestOnOpScanOptionValue(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 84 { 85 MessageParcel datas; 86 MessageParcel reply; 87 MessageOption option; 88 if (!WriteInterfaceToken(datas)) { 89 return false; 90 } 91 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 92 datas.WriteString(scannerId); 93 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER); 94 datas.WriteInt32(optionIndex); 95 ScanOptionOpType op = SCAN_ACTION_SET_VALUE; 96 datas.WriteUint32(op); 97 ScanOptionValue value; 98 value.Marshalling(datas); 99 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OP_SCAN_OPTION_VALUE, datas, reply, option); 100 return true; 101 } 102 103 bool TestOnGetScanParameters(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 104 { 105 MessageParcel datas; 106 MessageParcel reply; 107 MessageOption option; 108 if (!WriteInterfaceToken(datas)) { 109 return false; 110 } 111 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 112 datas.WriteString(scannerId); 113 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PARAMETERS, datas, reply, option); 114 return true; 115 } 116 117 bool TestOnStartScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 118 { 119 MessageParcel datas; 120 MessageParcel reply; 121 MessageOption option; 122 if (!WriteInterfaceToken(datas)) { 123 return false; 124 } 125 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 126 datas.WriteString(scannerId); 127 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_START_SCAN, datas, reply, option); 128 return true; 129 } 130 131 bool TestOnGetSingleFrameFD(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 132 { 133 MessageParcel datas; 134 MessageParcel reply; 135 MessageOption option; 136 if (!WriteInterfaceToken(datas)) { 137 return false; 138 } 139 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 140 datas.WriteString(scannerId); 141 uint32_t fd = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER); 142 datas.WriteFileDescriptor(fd); 143 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SINGLE_FRAME_FD, datas, reply, option); 144 return true; 145 } 146 147 bool TestOnCancelScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 148 { 149 MessageParcel datas; 150 MessageParcel reply; 151 MessageOption option; 152 if (!WriteInterfaceToken(datas)) { 153 return false; 154 } 155 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 156 datas.WriteString(scannerId); 157 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CANCEL_SCAN, datas, reply, option); 158 return true; 159 } 160 161 bool TestOnSetScanIOMode(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 162 { 163 MessageParcel datas; 164 MessageParcel reply; 165 MessageOption option; 166 if (!WriteInterfaceToken(datas)) { 167 return false; 168 } 169 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 170 datas.WriteString(scannerId); 171 bool isNonBlocking = dataProvider->ConsumeBool(); 172 datas.WriteBool(isNonBlocking); 173 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_SET_SCAN_IO_MODE, datas, reply, option); 174 return true; 175 } 176 177 bool TestOnGetScanSelectFd(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 178 { 179 MessageParcel datas; 180 MessageParcel reply; 181 MessageOption option; 182 if (!WriteInterfaceToken(datas)) { 183 return false; 184 } 185 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 186 datas.WriteString(scannerId); 187 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_SELECT_FD, datas, reply, option); 188 return true; 189 } 190 191 bool TestOnGetScanProgress(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 192 { 193 MessageParcel datas; 194 MessageParcel reply; 195 MessageOption option; 196 if (!WriteInterfaceToken(datas)) { 197 return false; 198 } 199 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 200 datas.WriteString(scannerId); 201 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PROGRESS, datas, reply, option); 202 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCANNER_STATE, datas, reply, option); 203 return true; 204 } 205 206 bool TestOnEventOn(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 207 { 208 MessageParcel datas; 209 MessageParcel reply; 210 MessageOption option; 211 if (!WriteInterfaceToken(datas)) { 212 return false; 213 } 214 std::string taskId = ""; 215 datas.WriteString(taskId); 216 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 217 datas.WriteString(type); 218 return true; 219 } 220 221 bool TestOnEventOff(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider) 222 { 223 MessageParcel datas; 224 MessageParcel reply; 225 MessageOption option; 226 if (!WriteInterfaceToken(datas)) { 227 return false; 228 } 229 std::string taskId = ""; 230 datas.WriteString(taskId); 231 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH); 232 datas.WriteString(type); 233 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OFF, datas, reply, option); 234 return true; 235 } 236} 237} 238 239/* Fuzzer entry point */ 240extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 241{ 242 if (data == nullptr) { 243 return 0; 244 } 245 246 if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) { 247 return 0; 248 } 249 FuzzedDataProvider dataProvider(data, size); 250 OHOS::Scan::TestOnOpenScanner(data, size, &dataProvider); 251 OHOS::Scan::TestOnCloseScanner(data, size, &dataProvider); 252 OHOS::Scan::TestOnGetScanOptionDesc(data, size, &dataProvider); 253 OHOS::Scan::TestOnOpScanOptionValue(data, size, &dataProvider); 254 OHOS::Scan::TestOnGetScanParameters(data, size, &dataProvider); 255 OHOS::Scan::TestOnStartScan(data, size, &dataProvider); 256 OHOS::Scan::TestOnGetSingleFrameFD(data, size, &dataProvider); 257 OHOS::Scan::TestOnCancelScan(data, size, &dataProvider); 258 OHOS::Scan::TestOnSetScanIOMode(data, size, &dataProvider); 259 OHOS::Scan::TestOnGetScanSelectFd(data, size, &dataProvider); 260 OHOS::Scan::TestOnGetScanProgress(data, size, &dataProvider); 261 OHOS::Scan::TestOnEventOn(data, size, &dataProvider); 262 OHOS::Scan::TestOnEventOff(data, size, &dataProvider); 263 return 0; 264}