1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "ffrtutils_fuzzer.h"
17 
18 #include <vector>
19 #include "ffrt_utils.h"
20 
21 namespace OHOS {
22 using namespace OHOS::MiscServices;
23 using namespace std;
24 
25 template<class T>
TypeCast(const uint8_t * data,int * pos=nullptr)26 T TypeCast(const uint8_t *data, int *pos = nullptr)
27 {
28     if (pos) {
29         *pos += sizeof(T);
30     }
31     return *(reinterpret_cast<const T*>(data));
32 }
33 
FuzzFfrtUtilsSubmitQueueTasks(const uint8_t * rawData,size_t size)34 bool FuzzFfrtUtilsSubmitQueueTasks(const uint8_t *rawData, size_t size)
35 {
36     if (rawData == nullptr || size < sizeof(int32_t) + sizeof(int32_t)) {
37         return true;
38     }
39     int pos = 0;
40     int x = TypeCast<int32_t>(rawData, &pos);
41     int y = TypeCast<int32_t>(rawData + pos);
42     FFRTTask task = [&] {
43         x /= 2;
44     };
45     FFRTTask task1 = [&] {
46         y /= 2;
47     };
48     static uint32_t thresHold = 1;
49     if (thresHold <= 1) {
50         std::vector<FFRTTask> tasks;
51         tasks.push_back(task);
52         tasks.push_back(task1);
53         FFRTQueue serialQueue("pasteboard_queue");
54         FFRTUtils::SubmitQueueTasks(tasks, serialQueue);
55         thresHold++;
56     }
57     return true;
58 }
59 
FuzzFfrtUtilsSubmitDelayTask(const uint8_t * rawData,size_t size)60 bool FuzzFfrtUtilsSubmitDelayTask(const uint8_t *rawData, size_t size)
61 {
62     if (rawData == nullptr || size < sizeof(int32_t)) {
63         return true;
64     }
65     static uint32_t thresHold = 1;
66     if (thresHold <= 1) {
67         int y = TypeCast<int32_t>(rawData);
68         FFRTTask task = [&] {
69             y /= 2;
70         };
71         uint32_t delayMs = 5; // delay 5Ms
72         FFRTQueue serQueue("delaytask_queue");
73         FFRTUtils::SubmitDelayTask(task, delayMs, serQueue);
74         thresHold++;
75     }
76     return true;
77 }
78 
FuzzUtilsSubmitDelayTask(const uint8_t * rawData,size_t size)79 bool FuzzUtilsSubmitDelayTask(const uint8_t *rawData, size_t size)
80 {
81     if (rawData == nullptr || size < sizeof(int32_t)) {
82         return true;
83     }
84     int z = TypeCast<int32_t>(rawData, nullptr);
85     FFRTTask task = [&] {
86         z /= 2;
87     };
88     uint32_t delayMs = 5; // delay 5Ms
89     static uint32_t thresHold = 1;
90     if (thresHold <= 1) {
91         shared_ptr<FFRTQueue> queue = make_shared<FFRTQueue>("delaytask_queue_ptr");
92         FFRTUtils::SubmitDelayTask(task, delayMs,  queue);
93         thresHold++;
94     }
95     return true;
96 }
97 
FuzzUtilsSubmitTimeoutTask(const uint8_t * rawData,size_t size)98 bool FuzzUtilsSubmitTimeoutTask(const uint8_t *rawData, size_t size)
99 {
100     if (rawData == nullptr || size < sizeof(int32_t)) {
101         return true;
102     }
103     int m = TypeCast<int32_t>(rawData, nullptr);
104     FFRTTask task = [&] {
105         m /= 2;
106     };
107     static uint32_t thresHold = 1;
108     if (thresHold <= 1) {
109         uint32_t timeout = 10; // timeout 10Ms
110         FFRTUtils::SubmitTimeoutTask(task, timeout);
111         thresHold++;
112     }
113     return true;
114 }
115 
FuzzFfRTTimerSingleSetAndCancel(const uint8_t * rawData,size_t size)116 bool FuzzFfRTTimerSingleSetAndCancel(const uint8_t *rawData, size_t size)
117 {
118     if (rawData == nullptr || size < sizeof(int32_t)) {
119         return true;
120     }
121     int pos = 0;
122     int m = TypeCast<int32_t>(rawData, &pos);
123     FFRTTask task = [&] {
124         m /= 2;
125     };
126     static uint32_t thresHold = 1;
127     if (thresHold <= 1) {
128         string timerId = "TimerSingleSetAndCancelId";
129         FFRTTimer ffrtTimer;
130         ffrtTimer.SetTimer(timerId, task);
131         ffrtTimer.CancelTimer(timerId);
132         thresHold++;
133     }
134     return true;
135 }
136 
FuzzFfRTTimerMultiSetAndCancel(const uint8_t * rawData,size_t size)137 bool FuzzFfRTTimerMultiSetAndCancel(const uint8_t *rawData, size_t size)
138 {
139     int n = 0;
140     FFRTTask task = [&] {
141         n = 2;
142     };
143     FFRTTask task1 = [&] {
144         n = 5;
145     };
146     int len = size >> 1;
147     string timerId1 = "TimerMultiSetAndCancel1";
148     string timerId2 = "TimerMultiSetAndCancel2";
149     static uint32_t thresHold = 1;
150     if (thresHold <= 1) {
151         FFRTTimer ffrtTimer("fuzz_test_timername");
152         uint32_t delayMs = 5; // delay 5Ms
153         ffrtTimer.SetTimer(timerId1, task, delayMs);
154         ffrtTimer.SetTimer(timerId2, task1, delayMs);
155         ffrtTimer.CancelAllTimer();
156         thresHold++;
157     }
158     return true;
159 }
160 } // namespace OHOS
161 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)162 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
163 {
164     /* Run your code on data */
165     OHOS::FuzzFfrtUtilsSubmitQueueTasks(data, size);
166     OHOS::FuzzFfrtUtilsSubmitDelayTask(data, size);
167     OHOS::FuzzUtilsSubmitDelayTask(data, size);
168     OHOS::FuzzUtilsSubmitTimeoutTask(data, size);
169     OHOS::FuzzFfRTTimerSingleSetAndCancel(data, size);
170     OHOS::FuzzFfRTTimerMultiSetAndCancel(data, size);
171     return 0;
172 }
173