1/*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "freezeutil_fuzzer.h"
17#include "ability_record.h"
18
19#include <cstddef>
20#include <cstdint>
21
22#define private public
23#include "freeze_util.h"
24#undef private
25#include "securec.h"
26
27using namespace OHOS::AAFwk;
28using namespace OHOS::AppExecFwk;
29using namespace OHOS::AbilityRuntime;
30
31namespace OHOS {
32namespace {
33constexpr size_t FOO_MAX_LEN = 1024;
34constexpr size_t U32_AT_SIZE = 4;
35}
36
37sptr<Token> GetFuzzAbilityToken()
38{
39    sptr<Token> token = nullptr;
40    AbilityRequest abilityRequest;
41    abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
42    abilityRequest.abilityInfo.name = "MainAbility";
43    abilityRequest.abilityInfo.type = AbilityType::DATA;
44    std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
45    if (abilityRecord) {
46        token = abilityRecord->GetToken();
47    }
48    return token;
49}
50
51bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
52{
53    FreezeUtil::LifecycleFlow flow;
54    std::string JsonStr(data, size);
55    FreezeUtil::GetInstance();
56    sptr<IRemoteObject> token = GetFuzzAbilityToken();
57    if (!token) {
58        std::cout << "Get ability token failed." << std::endl;
59        return false;
60    };
61    FreezeUtil::GetInstance().AddLifecycleEvent(flow, JsonStr);
62    FreezeUtil::GetInstance().GetLifecycleEvent(flow);
63    FreezeUtil::GetInstance().DeleteLifecycleEvent(flow);
64    FreezeUtil::GetInstance().DeleteLifecycleEvent(token);
65    FreezeUtil::GetInstance().DeleteLifecycleEventInner(flow);
66    return true;
67}
68}
69
70/* Fuzzer entry point */
71extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
72{
73    /* Run your code on data */
74    if (data == nullptr) {
75        std::cout << "invalid data" << std::endl;
76        return 0;
77    }
78
79    /* Validate the length of size */
80    if (size > OHOS::FOO_MAX_LEN || size < OHOS::U32_AT_SIZE) {
81        return 0;
82    }
83
84    char* ch = (char*)malloc(size + 1);
85    if (ch == nullptr) {
86        std::cout << "malloc failed." << std::endl;
87        return 0;
88    }
89
90    (void)memset_s(ch, size + 1, 0x00, size + 1);
91    if (memcpy_s(ch, size + 1, data, size) != EOK) {
92        std::cout << "copy failed." << std::endl;
93        free(ch);
94        ch = nullptr;
95        return 0;
96    }
97
98    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
99    free(ch);
100    ch = nullptr;
101    return 0;
102}