1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bufferqueueproducer_fuzzer.h"
17 #include <iremote_proxy.h>
18 #include <iremote_object.h>
19 #include <securec.h>
20 #include "buffer_queue.h"
21 #include "buffer_queue_producer.h"
22 #include "data_generate.h"
23 #include "surface.h"
24 #include "surface_buffer.h"
25 #include "surface_buffer_impl.h"
26 #include "buffer_extra_data.h"
27 #include "buffer_extra_data_impl.h"
28 #include "sync_fence.h"
29 #include <buffer_producer_listener.h>
30
31 using namespace g_fuzzCommon;
32 namespace OHOS {
GetBufferExtraDataFromData()33 sptr<BufferExtraData> GetBufferExtraDataFromData()
34 {
35 // get data
36 std::string keyInt32 = GetStringFromData(STR_LEN);
37 int32_t valueInt32 = GetData<int32_t>();
38 std::string keyInt64 = GetStringFromData(STR_LEN);
39 int64_t valueInt64 = GetData<int64_t>();
40 std::string keyDouble = GetStringFromData(STR_LEN);
41 double valueDouble = GetData<double>();
42 std::string keyStr = GetStringFromData(STR_LEN);
43 std::string valueStr = GetStringFromData(STR_LEN);
44
45 // test
46 sptr<BufferExtraData> bedata = new BufferExtraDataImpl();
47 bedata->ExtraSet(keyInt32, valueInt32);
48 bedata->ExtraSet(keyInt64, valueInt64);
49 bedata->ExtraSet(keyDouble, valueDouble);
50 bedata->ExtraSet(keyStr, valueStr);
51
52 bedata->ExtraGet(keyInt32, valueInt32);
53 bedata->ExtraGet(keyInt64, valueInt64);
54 bedata->ExtraGet(keyDouble, valueDouble);
55 bedata->ExtraGet(keyStr, valueStr);
56 return bedata;
57 }
BufferQueueProducerFuzzTest(const sptr<BufferQueueProducer> & bqp)58 void BufferQueueProducerFuzzTest(const sptr<BufferQueueProducer> &bqp)
59 {
60 // get data
61 std::string name = GetStringFromData(STR_LEN);
62 uint32_t queueSize = GetData<uint32_t>();
63 uint64_t usage = GetData<uint64_t>();
64 GraphicTransformType transform = GetData<GraphicTransformType >();
65 uint32_t sequence = GetData<uint32_t>();
66 std::vector<GraphicHDRMetaData> metaData;
67 for (int i = 0; i < 10; i++) { // add 10 elements to the vector
68 GraphicHDRMetaData hDRMetaData = GetData<GraphicHDRMetaData>();
69 metaData.push_back(hDRMetaData);
70 }
71 GraphicHDRMetadataKey key = GetData<GraphicHDRMetadataKey>();
72 std::vector<uint8_t> metaDataSet;
73 for (int i = 0; i < 10; i++) { // add 10 elements to the vector
74 uint8_t metaDataElement = GetData<uint8_t>();
75 metaDataSet.push_back(metaDataElement);
76 }
77 std::string result = GetStringFromData(STR_LEN);
78 bool status = GetData<bool>();
79 uint32_t reserveInts = GetData<uint32_t>() % 0x100000; // no more than 0x100000
80 OHSurfaceSource sourceType = GetData<OHSurfaceSource>();
81 std::string appFrameworkType = GetStringFromData(STR_LEN);
82
83 // test
84 bqp->SetQueueSize(queueSize);
85 bqp->SetDefaultUsage(usage);
86 bqp->SetTransform(transform);
87 bqp->SetMetaData(sequence, metaData);
88 bqp->SetMetaDataSet(sequence, key, metaDataSet);
89 bqp->SetStatus(status);
90 GraphicExtDataHandle *handle = AllocExtDataHandle(reserveInts);
91 sptr<SurfaceTunnelHandle> tunnelHandle = new SurfaceTunnelHandle();
92 tunnelHandle->SetHandle(handle);
93 FreeExtDataHandle(handle);
94 bqp->SetSurfaceSourceType(sourceType);
95 bqp->GetSurfaceSourceType(sourceType);
96 bqp->SetSurfaceAppFrameworkType(appFrameworkType);
97 ScalingMode mode = GetData<ScalingMode>();
98 bqp->SetScalingMode(mode);
99 bool bufferHold = GetData<bool>();
100 bqp->SetBufferHold(bufferHold);
101 int64_t time = 0;
102 GraphicPresentTimestampType timestampType = GetData<GraphicPresentTimestampType>();
103 bqp->GetPresentTimestamp(sequence, timestampType, time);
104 }
105
BufferQueueProducerFuzzTest1(const sptr<BufferQueueProducer> & bqp)106 void BufferQueueProducerFuzzTest1(const sptr<BufferQueueProducer> &bqp)
107 {
108 bqp->GetNativeSurface();
109 bqp->GetStatus();
110 bool cleanAll = GetData<bool>();
111 bqp->CleanCache(cleanAll);
112 sptr<OHOS::SurfaceBuffer> buffer1 = SurfaceBuffer::Create();
113 sptr<OHOS::SurfaceBuffer> buffer = SurfaceBuffer::Create();
114 int32_t timeOut = 0;
115 bqp->AttachBuffer(buffer1, timeOut);
116 bqp->DetachBuffer(buffer1);
117 bqp->GetUniqueId();
118 float matrix[16] = {0};
119 bool isUseNewMatrix = GetData<bool>();
120 sptr<SyncFence> syncFence = new SyncFence(-1);
121 bqp->GetLastFlushedBuffer(buffer, syncFence, matrix, isUseNewMatrix);
122 bqp->AttachBufferToQueue(buffer);
123 bqp->DetachBufferFromQueue(buffer);
124 bqp->UnRegisterReleaseListener();
125 GraphicTransformType transformType = GetData<GraphicTransformType>();
126 bqp->SetTransform(transformType);
127 bqp->GetTransform(transformType);
128 bqp->SetTransformHint(transformType);
129 bqp->GetTransformHint(transformType);
130 uint64_t uniqueId = 0;
131 std::string name = "";
132 bqp->GetNameAndUniqueId(name, uniqueId);
133 float brightness = GetData<float>();
134 bqp->SetHdrWhitePointBrightness(brightness);
135 BufferQueueProducerFuzzTest(bqp);
136 uint32_t code = GetData<uint32_t>();
137 MessageParcel arguments;
138 MessageParcel reply;
139 MessageOption option;
140 bqp->OnRemoteRequest(code, arguments, reply, option);
141 for (auto iter : bqp->memberFuncMap_) {
142 iter.second(reinterpret_cast<BufferQueueProducer*>(bqp.GetRefPtr()), arguments, reply, option);
143 }
144 }
145
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)146 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
147 {
148 if (data == nullptr) {
149 return false;
150 }
151
152 // initialize
153 g_data = data;
154 g_size = size;
155 g_pos = 0;
156 // get data
157 bool isShared = GetData<bool>();
158 uint32_t seqNum = GetData<uint32_t>();
159 BufferRequestConfig requestConfig = GetData<BufferRequestConfig>();
160 OHOS::Rect rect = GetData<OHOS::Rect>();
161 int64_t timestamp = GetData<int64_t>();
162 BufferFlushConfigWithDamages flushConfig = {.damages = { rect }, .timestamp = timestamp};
163 uint32_t sequence = GetData<uint32_t>();
164
165 // test
166 std::string name = GetStringFromData(STR_LEN);
167 sptr<BufferQueue> bq = new BufferQueue(name, isShared);
168 sptr<BufferQueueProducer> bqp = new BufferQueueProducer(bq);
169 sptr<OHOS::SurfaceBuffer> buffer = new SurfaceBufferImpl(seqNum);
170 sptr<BufferExtraData> bedata = GetBufferExtraDataFromData();
171 IBufferProducer::RequestBufferReturnValue retval;
172 retval.buffer = buffer;
173 OnReleaseFunc onBufferRelease = nullptr;
174 sptr<IProducerListener> listener = new BufferReleaseProducerListener(onBufferRelease);
175 bqp->RegisterReleaseListener(listener);
176 OnDeleteBufferFunc deleteBufferFunc;
177 bqp->RequestBuffer(requestConfig, bedata, retval);
178 bqp->GoBackground();
179 bqp->CancelBuffer(sequence, bedata);
180 sptr<SyncFence> syncFence = SyncFence::INVALID_FENCE;
181 bqp->FlushBuffer(sequence, bedata, syncFence, flushConfig);
182 std::vector<uint32_t> sequences;
183 std::vector<sptr<BufferExtraData>> bedataimpls;
184 std::vector<sptr<SyncFence>> fences;
185 std::vector<BufferFlushConfigWithDamages> flushConfigs;
186 for (size_t i = 0; i < sequences.size(); i++) {
187 flushConfigs.emplace_back(flushConfig);
188 fences.emplace_back(new SyncFence(-1));
189 }
190 bqp->FlushBuffers(sequences, bedataimpls, fences, flushConfigs);
191 BufferQueueProducerFuzzTest1(bqp);
192 return true;
193 }
194 }
195 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)196 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
197 {
198 /* Run your code on data */
199 OHOS::DoSomethingInterestingWithMyAPI(data, size);
200 return 0;
201 }