--- /dev/null
+# msg-service
+
+Target functions for msg-service project (platform/core/messaging/msg-service)
+
+Fuzzed functions:
+ int SmsPluginParamCodec::decodeAddress(const unsigned char*, SMS_ADDRESS_S*)
+ int SmsPluginParamCodec::encodeAddress(const SMS_ADDRESS_S*, char**)
+ int SmsPluginUDCodec::encodeUserData(const SMS_USERDATA_S*, SMS_CODING_SCHEME_T, char*)
+ int SmsPluginUDCodec::decodeUserData(const unsigned char*, const int, bool, SMS_CODING_SCHEME_T, SMS_USERDATA_S*)
+ char* vmsg_encode(VTree*)
+ VTree* vmsg_decode(char*)
+ int SmsPluginTpduCodec::decodeTpdu(const unsigned char*, int, SMS_TPDU_S*)
+ int MsgTextConvert::convertUTF8ToGSM7bit(OUT unsigned char*, IN int, IN const unsigned char*, IN int, OUT MSG_LANGUAGE_ID_T*, OUT bool*)
+ int MsgTextConvert::convertUTF8ToUCS2(OUT unsigned char*, IN int, IN const unsigned char*, IN int)
+ int MsgTextConvert::convertUTF8ToAuto(OUT unsigned char*, IN int, IN const unsigned char*, IN int, OUT msg_encode_type_t*)
+ int MsgTextConvert::convertGSM7bitToUTF8(OUT unsigned char*, IN int, IN const unsigned char*, IN int, IN MSG_LANG_INFO_S*)
+ int MsgTextConvert::convertUCS2ToUTF8(OUT unsigned char*, IN int, IN const unsigned char*, IN int)
+ int MsgTextConvert::convertEUCKRToUTF8(OUT unsigned char*, IN int, IN const unsigned char*, IN int)
+ int MsgTextConvert::convertSHIFTJISToUTF8(OUT unsigned char*, IN int, IN const unsigned char*, IN int)
--- /dev/null
+#!/bin/bash -e
+
+TARGET_TYPES_DECLARATION="${PROJECT_DIR}/include/utils/"
+
+CXX=g++
+CXXFLAGS="$COMMON_CXXFLAGS $(pkg-config --cflags msg-service) -I$TARGET_TYPES_DECLARATION"
+LDFLAGS="$COMMON_LDFLAGS -lmsg_vobject -lmsg_sms_plugin -lmsg_utils -pthread $(pkg-config --libs msg-service)"
+
+cd ${TARGET_DIR}
+for file in fuzz-*.cpp; do
+ ${CXX} ${CXXFLAGS} "$file" ${LIBFUZZER} ${LDFLAGS} -o "${OUTPUT_DIR}/${file/.cpp/.out}";
+done
--- /dev/null
+#include "msg_types.h"
+#include "MsgTextConvert.h"
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern "C" {
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ if (size == 0)
+ return 0;
+ MSG_LANG_INFO_S langInfo = {
+ 0,
+ };
+ langInfo.bSingleShift = false;
+ langInfo.bLockingShift = false;
+
+ unsigned char *str = (unsigned char *)malloc(size + 1);
+ unsigned char *out = (unsigned char *)malloc(size + 1);
+ unsigned char *outUTF8 = (unsigned char *)malloc(4*(size + 1));
+ if (str != NULL) {
+ memcpy(str, data, size);
+ str[size] = '\0';
+ }
+ bool b = false;
+ unsigned char encodeType = 3;
+ MsgTextConvert *textCvt = MsgTextConvert::instance();
+ textCvt->convertEUCKRToUTF8(outUTF8, size, str, size);
+ textCvt->convertGSM7bitToUTF8(outUTF8, size, str, size, &langInfo);
+ textCvt->convertSHIFTJISToUTF8(outUTF8, size, str, size);
+ textCvt->convertUCS2ToUTF8(outUTF8, size, str, size);
+ textCvt->convertUTF8ToAuto(out, size, str, size, &encodeType);
+ textCvt->convertUTF8ToGSM7bit(out, size, str, size, 0, &b);
+ textCvt->convertUTF8ToUCS2(out, size, str, size);
+ free(str);
+ free(out);
+ return 0;
+}
+}
--- /dev/null
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct _VParam VParam;
+typedef struct _VObject VObject;
+typedef struct _VTree VTree;
+struct _VTree {
+ int treeType;
+ VObject *pTop;
+ VObject *pCur;
+ VTree *pNext;
+};
+struct _VParam {
+ int parameter;
+ int paramValue;
+ VParam *pNext;
+};
+
+struct _VObject {
+ int property;
+ VParam *pParam;
+ int valueCount;
+ int numOfBiData;
+ char *pszValue[2000 /*VDATA_VALUE_COUNT_MAX*/];
+ VObject *pSibling;
+ VObject *pParent;
+ VObject *pChild;
+
+ char *pszGroupName; /* VDATA_GROUPNAME_SUPPORTED */
+};
+
+extern "C" {
+VTree *vmsg_decode(char *pMsgRaw);
+char *vmsg_encode(VTree *pVMsgRaw);
+}
+
+extern "C" {
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ if (size == 0)
+ return 0;
+ char *str = (char *)malloc(size + 1);
+ if (str != NULL) {
+ memcpy(str, data, size);
+ str[size] = '\0';
+ }
+ VTree *tree = vmsg_decode(str);
+ vmsg_encode(tree);
+ free(str);
+ return 0;
+}
+}
--- /dev/null
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*----------------------include/mapi/msg_types.h--------------------*/
+
+#define MAX_SEGMENT_NUM 15
+
+/*-----------------utils/MsgTextConvert.h---------------------------*/
+
+typedef unsigned char MSG_LANGUAGE_ID_T;
+
+typedef struct _MSG_SINGLE_SHIFT_S {
+ MSG_LANGUAGE_ID_T langId;
+} MSG_SINGLE_SHIFT_S;
+
+typedef struct _MSG_LOCKING_SHIFT_S {
+ MSG_LANGUAGE_ID_T langId;
+} MSG_LOCKING_SHIFT_S;
+
+/*-----------------plugin/sms_plugin/include/SmsPluginTypes.----------*/
+
+#define MAX_UD_HEADER_NUM 7
+#define MAX_USER_DATA_LEN 160
+#define MAX_ADDRESS_LEN 21
+
+typedef unsigned char SMS_VPF_T;
+typedef unsigned char SMS_TON_T;
+typedef unsigned char SMS_NPI_T;
+typedef unsigned char SMS_PID_T;
+typedef unsigned char SMS_MSG_CLASS_T;
+typedef unsigned char SMS_CODING_SCHEME_T;
+typedef unsigned char SMS_CODING_GROUP_T;
+typedef unsigned char SMS_INDICATOR_TYPE_T;
+typedef unsigned char SMS_TIME_FORMAT_T;
+typedef unsigned char SMS_UDH_TYPE_T;
+typedef unsigned char SMS_REPORT_TYPE_T;
+typedef unsigned char SMS_FAIL_CAUSE_T;
+typedef unsigned char SMS_STATUS_T;
+typedef unsigned char SMS_TPDU_TYPE_T;
+
+typedef struct _SMS_ADDRESS_S {
+ SMS_TON_T ton;
+ SMS_NPI_T npi;
+ char address[MAX_ADDRESS_LEN + 1]; /* < null terminated string */
+} SMS_ADDRESS_S;
+
+typedef struct _SMS_DCS_S {
+ bool bCompressed;
+ bool bMWI;
+ bool bIndActive;
+ SMS_MSG_CLASS_T msgClass;
+ SMS_CODING_SCHEME_T codingScheme;
+ SMS_CODING_GROUP_T codingGroup;
+ SMS_INDICATOR_TYPE_T indType;
+} SMS_DCS_S;
+
+typedef struct _SMS_TIME_REL_S { unsigned char time; } SMS_TIME_REL_S;
+
+typedef struct _SMS_TIME_ABS_S {
+ unsigned char year;
+ unsigned char month;
+ unsigned char day;
+ unsigned char hour;
+ unsigned char minute;
+ unsigned char second;
+ int timeZone;
+} SMS_TIME_ABS_S;
+
+typedef struct _SMS_TIMESTAMP_S {
+ SMS_TIME_FORMAT_T format;
+
+ union {
+ SMS_TIME_REL_S relative;
+ SMS_TIME_ABS_S absolute;
+ } time;
+} SMS_TIMESTAMP_S;
+
+typedef struct _SMS_CONCAT_8BIT_S {
+ unsigned char msgRef;
+ unsigned char totalSeg;
+ unsigned char seqNum;
+} SMS_CONCAT_8BIT_S;
+
+typedef struct _SMS_CONCAT_16BIT_S {
+ unsigned short msgRef;
+ unsigned char totalSeg;
+ unsigned char seqNum;
+} SMS_CONCAT_16BIT_S;
+
+typedef struct _SMS_APP_PORT_8BIT_S {
+ unsigned char destPort;
+ unsigned char originPort;
+} SMS_APP_PORT_8BIT_S;
+
+typedef struct _SMS_APP_PORT_16BIT_S {
+ unsigned short destPort;
+ unsigned short originPort;
+} SMS_APP_PORT_16BIT_S;
+
+typedef struct _SMS_SPECIAL_INDICATION_S {
+ bool bStore;
+ unsigned short msgInd;
+ unsigned short waitMsgNum;
+} SMS_SPECIAL_INDICATION_S;
+
+typedef struct _SMS_UDH_S {
+ SMS_UDH_TYPE_T udhType;
+
+ union {
+ SMS_CONCAT_8BIT_S concat8bit;
+ SMS_CONCAT_16BIT_S concat16bit;
+ SMS_APP_PORT_8BIT_S appPort8bit;
+ SMS_APP_PORT_16BIT_S appPort16bit;
+ SMS_SPECIAL_INDICATION_S specialInd;
+ MSG_SINGLE_SHIFT_S singleShift;
+ MSG_LOCKING_SHIFT_S lockingShift;
+ SMS_ADDRESS_S alternateAddress;
+ } udh;
+} SMS_UDH_S;
+
+typedef struct _SMS_USERDATA_S {
+ int headerCnt;
+ SMS_UDH_S header[MAX_UD_HEADER_NUM];
+ int length;
+ char data[MAX_USER_DATA_LEN + 1];
+} SMS_USERDATA_S;
+
+typedef struct _SMS_TPUD_S {
+ int udl;
+ char ud[MAX_USER_DATA_LEN + 1];
+} SMS_TPUD_S;
+
+typedef struct _SMS_SUBMIT_S {
+ bool bRejectDup;
+ bool bStatusReport;
+ bool bHeaderInd;
+ bool bReplyPath;
+ unsigned char msgRef;
+ SMS_VPF_T vpf;
+ SMS_ADDRESS_S destAddress;
+ SMS_PID_T pid;
+ SMS_DCS_S dcs;
+ SMS_TIMESTAMP_S validityPeriod;
+ SMS_USERDATA_S userData;
+} SMS_SUBMIT_S;
+
+typedef struct _SMS_SUBMIT_DATA_S {
+ SMS_ADDRESS_S destAddress;
+ unsigned int segCount;
+ SMS_USERDATA_S userData[MAX_SEGMENT_NUM];
+} SMS_SUBMIT_DATA_S;
+
+typedef struct _SMS_DELIVER_S {
+ bool bMoreMsg;
+ bool bStatusReport;
+ bool bHeaderInd;
+ bool bReplyPath;
+ SMS_ADDRESS_S originAddress;
+ SMS_PID_T pid;
+ SMS_DCS_S dcs;
+ SMS_TIMESTAMP_S timeStamp;
+ SMS_USERDATA_S userData;
+ SMS_TPUD_S udData;
+} SMS_DELIVER_S;
+
+typedef struct _SMS_DELIVER_REPORT_S {
+ SMS_REPORT_TYPE_T reportType;
+ bool bHeaderInd;
+ SMS_FAIL_CAUSE_T failCause;
+ unsigned char paramInd;
+ SMS_PID_T pid;
+ SMS_DCS_S dcs;
+ SMS_USERDATA_S userData;
+} SMS_DELIVER_REPORT_S;
+
+typedef struct _SMS_STATUS_REPORT_S {
+ bool bMoreMsg;
+ bool bStatusReport;
+ bool bHeaderInd;
+ unsigned char msgRef;
+ SMS_ADDRESS_S recipAddress;
+ SMS_TIMESTAMP_S timeStamp;
+ SMS_TIMESTAMP_S dischargeTime;
+ SMS_STATUS_T status;
+ unsigned char paramInd;
+ SMS_PID_T pid;
+ SMS_DCS_S dcs;
+ SMS_USERDATA_S userData;
+} SMS_STATUS_REPORT_S;
+
+typedef struct _SMS_TPDU_S {
+ SMS_TPDU_TYPE_T tpduType;
+
+ union {
+ SMS_SUBMIT_S submit;
+ SMS_DELIVER_S deliver;
+ SMS_DELIVER_REPORT_S deliverRep;
+ SMS_STATUS_REPORT_S statusRep;
+ } data;
+} SMS_TPDU_S;
+
+namespace SmsPluginTpduCodec {
+extern int decodeTpdu(const unsigned char *pTpdu, int TpduLen,
+ SMS_TPDU_S *pSmsTpdu);
+}
+
+extern "C" {
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ SMS_TPDU_S tpdu;
+ unsigned char *str = (unsigned char*)malloc(size+1);
+ if (str != NULL) {
+ memcpy(str, data, size);
+ str[size] = '\0';
+ }
+
+ SmsPluginTpduCodec::decodeTpdu(str, size+1, &tpdu);
+
+ free(str);
+ return 0;
+}
+}
--- /dev/null
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define MAX_UD_HEADER_NUM 7
+#define MAX_USER_DATA_LEN 160
+
+typedef unsigned char SMS_CODING_SCHEME_T;
+typedef unsigned char MSG_LANGUAGE_ID_T;
+typedef unsigned char SMS_UDH_TYPE_T;
+
+typedef struct _MSG_SINGLE_SHIFT_S {
+ MSG_LANGUAGE_ID_T langId;
+} MSG_SINGLE_SHIFT_S;
+typedef struct _MSG_LOCKING_SHIFT_S {
+ MSG_LANGUAGE_ID_T langId;
+} MSG_LOCKING_SHIFT_S;
+
+typedef unsigned char SMS_TON_T; /* _SMS_TON_E */
+typedef unsigned char SMS_NPI_T; /* _SMS_NPI_E */
+typedef struct _SMS_ADDRESS_S {
+ SMS_TON_T ton;
+ SMS_NPI_T npi;
+ char address[22]; /* < null terminated string */
+} SMS_ADDRESS_S;
+
+typedef struct _SMS_CONCAT_8BIT_S {
+ unsigned char msgRef;
+ unsigned char totalSeg;
+ unsigned char seqNum;
+} SMS_CONCAT_8BIT_S;
+
+typedef struct _SMS_CONCAT_16BIT_S {
+ unsigned short msgRef;
+ unsigned char totalSeg;
+ unsigned char seqNum;
+} SMS_CONCAT_16BIT_S;
+
+typedef struct _SMS_APP_PORT_8BIT_S {
+ unsigned char destPort;
+ unsigned char originPort;
+} SMS_APP_PORT_8BIT_S;
+
+typedef struct _SMS_APP_PORT_16BIT_S {
+ unsigned short destPort;
+ unsigned short originPort;
+} SMS_APP_PORT_16BIT_S;
+
+typedef struct _SMS_SPECIAL_INDICATION_S {
+ bool bStore;
+ unsigned short msgInd;
+ unsigned short waitMsgNum;
+} SMS_SPECIAL_INDICATION_S;
+
+typedef struct _SMS_UDH_S {
+ SMS_UDH_TYPE_T udhType;
+
+ union {
+ SMS_CONCAT_8BIT_S concat8bit;
+ SMS_CONCAT_16BIT_S concat16bit;
+ SMS_APP_PORT_8BIT_S appPort8bit;
+ SMS_APP_PORT_16BIT_S appPort16bit;
+ SMS_SPECIAL_INDICATION_S specialInd;
+ MSG_SINGLE_SHIFT_S singleShift;
+ MSG_LOCKING_SHIFT_S lockingShift;
+ SMS_ADDRESS_S alternateAddress;
+ } udh;
+} SMS_UDH_S;
+
+typedef struct _SMS_USERDATA_S {
+ int headerCnt;
+ SMS_UDH_S header[MAX_UD_HEADER_NUM];
+ int length;
+ char data[MAX_USER_DATA_LEN + 1];
+} SMS_USERDATA_S;
+
+namespace SmsPluginUDCodec {
+extern int decodeUserData(const unsigned char *pTpdu, const int tpduLen,
+ bool bHeaderInd, SMS_CODING_SCHEME_T CodingScheme,
+ SMS_USERDATA_S *pUserData);
+}
+
+extern "C" {
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ SMS_USERDATA_S *userData = (SMS_USERDATA_S *)malloc(sizeof(SMS_USERDATA_S));
+ for (unsigned char i = 0; i < 3; i++) {
+ SmsPluginUDCodec::decodeUserData(data, size, true, i, userData);
+ SmsPluginUDCodec::decodeUserData(data, size, false, i, userData);
+ }
+ free(userData);
+ return 0;
+}
+}
--- /dev/null
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef unsigned char SMS_TON_T; /* SmsPluginTypes.h#SMS_TON_T */
+typedef unsigned char SMS_NPI_T; /* SmsPluginTypes.h#SMS_NPI_T */
+typedef struct _SMS_ADDRESS_S {
+ SMS_TON_T ton;
+ SMS_NPI_T npi;
+ char address[22]; /* < null terminated string */
+} SMS_ADDRESS_S; /* SmsPluginTypes.h#SMS_ADDRESS_S */
+
+namespace SmsPluginParamCodec {
+extern int encodeSMSC(const char *pAddress, unsigned char *pEncodeAddr);
+extern int decodeAddress(const unsigned char *pTpdu, SMS_ADDRESS_S *pAddress);
+}
+
+extern "C" {
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ if (size < 18 || size > 22) // 18 chars required, 22 is set as maximal value.
+ return 0;
+ char *str = (char *)malloc(size + 1);
+ unsigned char *res = (unsigned char *)malloc(128);
+ if (str != NULL) {
+ memcpy(str, data, size);
+ str[size] = '\0';
+ }
+ SmsPluginParamCodec::encodeSMSC(str, res);
+ SMS_ADDRESS_S *decodedStr = (SMS_ADDRESS_S *)malloc(sizeof(SMS_ADDRESS_S));
+ SmsPluginParamCodec::decodeAddress(res, decodedStr);
+ SmsPluginParamCodec::decodeAddress(data, decodedStr);
+ free(str);
+ free(res);
+ free(decodedStr);
+ return 0;
+}
+}
--- /dev/null
+main='git://git.tizen.org/platform/core/messaging/msg-service/$tizen'