13f4cbf05Sopenharmony_ci/* 23f4cbf05Sopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 33f4cbf05Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 43f4cbf05Sopenharmony_ci * you may not use this file except in compliance with the License. 53f4cbf05Sopenharmony_ci * You may obtain a copy of the License at 63f4cbf05Sopenharmony_ci * 73f4cbf05Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 83f4cbf05Sopenharmony_ci * 93f4cbf05Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 103f4cbf05Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 113f4cbf05Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 123f4cbf05Sopenharmony_ci * See the License for the specific language governing permissions and 133f4cbf05Sopenharmony_ci * limitations under the License. 143f4cbf05Sopenharmony_ci */ 153f4cbf05Sopenharmony_ci 163f4cbf05Sopenharmony_ci#include "ashmem_fuzzer.h" 173f4cbf05Sopenharmony_ci#include "fuzzer/FuzzedDataProvider.h" 183f4cbf05Sopenharmony_ci#include "ashmem.h" 193f4cbf05Sopenharmony_ci 203f4cbf05Sopenharmony_ciusing namespace std; 213f4cbf05Sopenharmony_ci 223f4cbf05Sopenharmony_cinamespace OHOS { 233f4cbf05Sopenharmony_ciconst int MAX_MEMORY_SIZE = 1024; 243f4cbf05Sopenharmony_ciconst int MAX_MEMORY_NAME_LEN = 10; 253f4cbf05Sopenharmony_ci 263f4cbf05Sopenharmony_civoid AshmemTestFunc(FuzzedDataProvider* dataProvider) 273f4cbf05Sopenharmony_ci{ 283f4cbf05Sopenharmony_ci string name = dataProvider->ConsumeRandomLengthString(MAX_MEMORY_NAME_LEN); 293f4cbf05Sopenharmony_ci int memorySize = dataProvider->ConsumeIntegralInRange(0, MAX_MEMORY_SIZE); 303f4cbf05Sopenharmony_ci sptr<Ashmem> ashmem = Ashmem::CreateAshmem(name.c_str(), memorySize); 313f4cbf05Sopenharmony_ci if (ashmem == nullptr) { 323f4cbf05Sopenharmony_ci return; 333f4cbf05Sopenharmony_ci } 343f4cbf05Sopenharmony_ci 353f4cbf05Sopenharmony_ci bool ret = ashmem->MapReadAndWriteAshmem(); 363f4cbf05Sopenharmony_ci if (ret != true) { 373f4cbf05Sopenharmony_ci return; 383f4cbf05Sopenharmony_ci } 393f4cbf05Sopenharmony_ci 403f4cbf05Sopenharmony_ci string memoryContent = dataProvider->ConsumeRandomLengthString(MAX_MEMORY_SIZE); 413f4cbf05Sopenharmony_ci ret = ashmem->WriteToAshmem(memoryContent.c_str(), memoryContent.size(), 0); 423f4cbf05Sopenharmony_ci if (ret != true) { 433f4cbf05Sopenharmony_ci return; 443f4cbf05Sopenharmony_ci } 453f4cbf05Sopenharmony_ci 463f4cbf05Sopenharmony_ci string memoryContent2 = dataProvider->ConsumeRandomLengthString(MAX_MEMORY_SIZE); 473f4cbf05Sopenharmony_ci ret = ashmem->WriteToAshmem(memoryContent2.c_str(), memoryContent2.size(), memoryContent.size()); 483f4cbf05Sopenharmony_ci if (ret != true) { 493f4cbf05Sopenharmony_ci return; 503f4cbf05Sopenharmony_ci } 513f4cbf05Sopenharmony_ci 523f4cbf05Sopenharmony_ci ashmem->ReadFromAshmem(memoryContent.size(), 0); 533f4cbf05Sopenharmony_ci 543f4cbf05Sopenharmony_ci ashmem->ReadFromAshmem(memoryContent2.size(), memoryContent.size()); 553f4cbf05Sopenharmony_ci 563f4cbf05Sopenharmony_ci int prot = dataProvider->ConsumeIntegral<int>(); 573f4cbf05Sopenharmony_ci ashmem->SetProtection(prot); 583f4cbf05Sopenharmony_ci 593f4cbf05Sopenharmony_ci ashmem->UnmapAshmem(); 603f4cbf05Sopenharmony_ci ashmem->CloseAshmem(); 613f4cbf05Sopenharmony_ci} 623f4cbf05Sopenharmony_ci 633f4cbf05Sopenharmony_ci} // namespace OHOS 643f4cbf05Sopenharmony_ci 653f4cbf05Sopenharmony_ci/* Fuzzer entry point */ 663f4cbf05Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 673f4cbf05Sopenharmony_ci{ 683f4cbf05Sopenharmony_ci FuzzedDataProvider dataProvider(data, size); 693f4cbf05Sopenharmony_ci OHOS::AshmemTestFunc(&dataProvider); 703f4cbf05Sopenharmony_ci return 0; 713f4cbf05Sopenharmony_ci} 72