1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "surfacebuffer_fuzzer.h"
17 
18 #include <securec.h>
19 
20 #include "surface_buffer.h"
21 #include "surface_buffer_impl.h"
22 #include "buffer_extra_data.h"
23 #include "buffer_extra_data_impl.h"
24 #include <message_parcel.h>
25 #include <iostream>
26 
27 namespace OHOS {
28     namespace {
29         const uint8_t* g_data = nullptr;
30         size_t g_size = 0;
31         size_t g_pos;
32         constexpr size_t STR_LEN = 10;
33         constexpr int32_t MAX_SIZE = 1024;
34     }
35 
36     /*
37     * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
38     * tips: only support basic type
39     */
40     template<class T>
GetData()41     T GetData()
42     {
43         T object {};
44         size_t objectSize = sizeof(object);
45         if (g_data == nullptr || objectSize > g_size - g_pos) {
46             return object;
47         }
48         errno_t ret = memcpy_s(&object, objectSize, g_data + g_pos, objectSize);
49         if (ret != EOK) {
50             return {};
51         }
52         g_pos += objectSize;
53         return object;
54     }
55 
56     /*
57     * get a string from g_data
58     */
GetStringFromData(int strlen)59     std::string GetStringFromData(int strlen)
60     {
61         char cstr[strlen];
62         cstr[strlen - 1] = '\0';
63         for (int i = 0; i < strlen - 1; i++) {
64             char tmp = GetData<char>();
65             if (tmp == '\0') {
66                 tmp = '1';
67             }
68             cstr[i] = tmp;
69         }
70         std::string str(cstr);
71         return str;
72     }
73 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)74     bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
75     {
76         if (data == nullptr) {
77             return false;
78         }
79 
80         // initialize
81         g_data = data;
82         g_size = size;
83         g_pos = 0;
84 
85         // get data
86         uint32_t seqNum = GetData<uint32_t>();
87         GraphicColorGamut colorGamut = GetData<GraphicColorGamut>();
88         GraphicTransformType transform = GetData<GraphicTransformType>();
89         ScalingMode scalingMode = GetData<ScalingMode>();
90         int32_t width = GetData<int32_t>();
91         int32_t height = GetData<int32_t>();
92         width = width > MAX_SIZE ? MAX_SIZE : width;
93         width = width < 0 ? 0 : width;
94         height = height > MAX_SIZE ? MAX_SIZE : height;
95         height = height < 0 ? 0 : height;
96         BufferRequestConfig config = GetData<BufferRequestConfig>();
97         std::string keyInt32 = GetStringFromData(STR_LEN);
98         int32_t valueInt32 = GetData<int32_t>();
99         std::string keyInt64 = GetStringFromData(STR_LEN);
100         int64_t valueInt64 = GetData<int64_t>();
101         std::string keyDouble = GetStringFromData(STR_LEN);
102         double valueDouble = GetData<double>();
103         std::string keyStr = GetStringFromData(STR_LEN);
104         std::string valueStr = GetStringFromData(STR_LEN);
105 
106         // test
107         sptr<SurfaceBuffer> surfaceBuffer = new SurfaceBufferImpl(seqNum);
108         surfaceBuffer->SetSurfaceBufferColorGamut(colorGamut);
109         surfaceBuffer->SetSurfaceBufferTransform(transform);
110         surfaceBuffer->SetSurfaceBufferWidth(width);
111         surfaceBuffer->SetSurfaceBufferHeight(height);
112         surfaceBuffer->Alloc(config);
113         sptr<BufferExtraData> bedata = new BufferExtraDataImpl();
114         bedata->ExtraSet(keyInt32, valueInt32);
115         bedata->ExtraSet(keyInt64, valueInt64);
116         bedata->ExtraSet(keyDouble, valueDouble);
117         bedata->ExtraSet(keyStr, valueStr);
118         surfaceBuffer->SetExtraData(bedata);
119         MessageParcel parcel;
120         surfaceBuffer->WriteToMessageParcel(parcel);
121         surfaceBuffer->ReadFromMessageParcel(parcel);
122         surfaceBuffer->SetSurfaceBufferScalingMode(scalingMode);
123         surfaceBuffer->GetSurfaceBufferScalingMode();
124 
125         return true;
126     }
127 }
128 
129 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)130 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
131 {
132     /* Run your code on data */
133     OHOS::DoSomethingInterestingWithMyAPI(data, size);
134     return 0;
135 }
136 
137