1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "medialibrary_extension_query_fuzzer.h"
16
17 #include <cstdint>
18 #include <memory>
19 #include <string>
20
21 #include "data_ability_observer_interface.h"
22 #include "datashare_business_error.h"
23 #include "datashare_helper.h"
24 #include "datashare_predicates.h"
25 #include "datashare_values_bucket.h"
26 #include "media_datashare_ext_ability.h"
27 #include "media_file_ext_ability.h"
28 #include "media_datashare_stub_impl.h"
29 #include "media_log.h"
30 #include "runtime.h"
31
32 namespace OHOS {
33 using namespace std;
34 using namespace AbilityRuntime;
35 using namespace DataShare;
36
37 using namespace FileAccessFwk;
FuzzInt32(const uint8_t * data,size_t size)38 static inline int32_t FuzzInt32(const uint8_t *data, size_t size)
39 {
40 return static_cast<int32_t>(*data);
41 }
42
FuzzInt64(const uint8_t * data,size_t size)43 static inline int64_t FuzzInt64(const uint8_t *data, size_t size)
44 {
45 return static_cast<int64_t>(*data);
46 }
47
FuzzDouble(const uint8_t * data,size_t size)48 static inline double FuzzDouble(const uint8_t *data, size_t size)
49 {
50 return static_cast<double>(*data);
51 }
52
FuzzString(const uint8_t * data,size_t size)53 static inline string FuzzString(const uint8_t *data, size_t size)
54 {
55 return {reinterpret_cast<const char*>(data), size};
56 }
57
FuzzVectorInt32(const uint8_t * data,size_t size)58 static inline vector<int32_t> FuzzVectorInt32(const uint8_t *data, size_t size)
59 {
60 return {FuzzInt32(data, size)};
61 }
62
FuzzVectorInt64(const uint8_t * data,size_t size)63 static inline vector<int64_t> FuzzVectorInt64(const uint8_t *data, size_t size)
64 {
65 return {FuzzInt64(data, size)};
66 }
67
FuzzVectorDouble(const uint8_t * data,size_t size)68 static inline vector<double> FuzzVectorDouble(const uint8_t *data, size_t size)
69 {
70 return {FuzzDouble(data, size)};
71 }
72
FuzzVectorString(const uint8_t * data,size_t size)73 static inline vector<string> FuzzVectorString(const uint8_t *data, size_t size)
74 {
75 return {FuzzString(data, size)};
76 }
77
FuzzVectorSingleValueType(const uint8_t * data,size_t size)78 static inline vector<SingleValue::Type> FuzzVectorSingleValueType(const uint8_t *data, size_t size)
79 {
80 return {FuzzInt64(data, size)};
81 }
82
FuzzVectorMultiValueType(const uint8_t * data,size_t size)83 static inline vector<MutliValue::Type> FuzzVectorMultiValueType(const uint8_t *data, size_t size)
84 {
85 return {
86 FuzzVectorInt32(data, size),
87 FuzzVectorInt64(data, size),
88 FuzzVectorString(data, size),
89 FuzzVectorDouble(data, size)
90 };
91 }
92
FuzzOperationItem(const uint8_t * data,size_t size)93 static inline OperationItem FuzzOperationItem(const uint8_t *data, size_t size)
94 {
95 return {
96 .operation = FuzzInt32(data, size),
97 .singleParams = FuzzVectorSingleValueType(data, size),
98 .multiParams = FuzzVectorMultiValueType(data, size),
99 };
100 }
101
FuzzVectorOperationItem(const uint8_t * data,size_t size)102 static inline vector<OperationItem> FuzzVectorOperationItem(const uint8_t *data, size_t size)
103 {
104 return {FuzzOperationItem(data, size)};
105 }
106
FuzzUri(const uint8_t * data,size_t size)107 static inline Uri FuzzUri(const uint8_t *data, size_t size)
108 {
109 return Uri(FuzzString(data, size));
110 }
111
FuzzDataSharePredicates(const uint8_t * data,size_t size)112 static inline DataSharePredicates FuzzDataSharePredicates(const uint8_t *data, size_t size)
113 {
114 return DataSharePredicates(FuzzVectorOperationItem(data, size));
115 }
116
FuzzDataShareBusinessError(const uint8_t * data,size_t size)117 static inline DatashareBusinessError FuzzDataShareBusinessError(const uint8_t *data, size_t size)
118 {
119 DatashareBusinessError error;
120 error.SetCode(FuzzInt32(data, size));
121 error.SetMessage(FuzzString(data, size));
122 return error;
123 }
124
QueryFuzzer(MediaDataShareExtAbility & extension,const uint8_t * data,size_t size)125 static inline void QueryFuzzer(MediaDataShareExtAbility &extension, const uint8_t* data, size_t size)
126 {
127 auto columns = FuzzVectorString(data, size);
128 auto error = FuzzDataShareBusinessError(data, size);
129 extension.Query(FuzzUri(data, size), FuzzDataSharePredicates(data, size), columns, error);
130 }
131
Init()132 static inline MediaDataShareExtAbility Init()
133 {
134 const std::unique_ptr<AbilityRuntime::Runtime> runtime;
135 return {(*runtime)};
136 }
137
138 } // namespace OHOS
139
140 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)141 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
142 {
143 /* Run your code on data */
144 auto extension = OHOS::Init();
145 OHOS::QueryFuzzer(extension, data, size);
146 return 0;
147 }
148