1/*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "terminateability_fuzzer.h"
17
18#include <cstddef>
19#include <cstdint>
20
21#include "ability_context_impl.h"
22#include "ability_record.h"
23#include "parcel.h"
24#include "want.h"
25#include "securec.h"
26
27using namespace OHOS::AAFwk;
28using namespace OHOS::AppExecFwk;
29
30namespace OHOS {
31namespace {
32constexpr size_t FOO_MAX_LEN = 1024;
33constexpr size_t U32_AT_SIZE = 4;
34}
35bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
36{
37    AbilityRuntime::AbilityContextImpl* context = new AbilityRuntime::AbilityContextImpl();
38    int resultCode = 100;
39    if (!context) {
40        return false;
41    }
42
43    // fuzz for want
44    Parcel wantParcel;
45    Want* want = nullptr;
46    if (wantParcel.WriteBuffer(data, size)) {
47        want = Want::Unmarshalling(wantParcel);
48        if (!want) {
49            return false;
50        }
51    }
52
53    context->TerminateSelf();
54    context->TerminateAbilityWithResult(*want, resultCode);
55
56    // fuzz for AbilityRecord::TerminateAbility
57    AbilityInfo abilityInfo;
58    ApplicationInfo applicationInfo;
59    int requestCode = -1;
60    auto abilityRecord = new AbilityRecord(*want, abilityInfo, applicationInfo, requestCode);
61
62    if (!abilityRecord->Init()) {
63        std::cout << "AbilityRecord Init failed" << std::endl;
64        return false;
65    }
66    if (abilityRecord->TerminateAbility() != ERR_OK) {
67        std::cout << "AbilityRecord TerminateAbility failed" << std::endl;
68        return false;
69    }
70
71    if (want) {
72        delete want;
73        want = nullptr;
74    }
75
76    delete abilityRecord;
77    abilityRecord = nullptr;
78
79    return true;
80}
81}
82
83/* Fuzzer entry point */
84extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
85{
86    /* Run your code on data */
87    if (data == nullptr) {
88        std::cout << "invalid data" << std::endl;
89        return 0;
90    }
91
92    /* Validate the length of size */
93    if (size > OHOS::FOO_MAX_LEN || size < OHOS::U32_AT_SIZE) {
94        return 0;
95    }
96
97    char* ch = (char*)malloc(size + 1);
98    if (ch == nullptr) {
99        std::cout << "malloc failed." << std::endl;
100        return 0;
101    }
102
103    (void)memset_s(ch, size + 1, 0x00, size + 1);
104    if (memcpy_s(ch, size, data, size) != EOK) {
105        std::cout << "copy failed." << std::endl;
106        free(ch);
107        ch = nullptr;
108        return 0;
109    }
110
111    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
112    free(ch);
113    ch = nullptr;
114    return 0;
115}