1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "injectevent_fuzzer.h"
17 #include "input_manager.h"
18 #include "define_multimodal.h"
19 #include "mmi_service.h"
20 #include "mmi_log.h"
21 
22 namespace OHOS {
23 namespace MMI {
24 
25 template<class T>
GetObject(T & object,const uint8_t * data,size_t size)26 size_t GetObject(T &object, const uint8_t *data, size_t size)
27 {
28     size_t objectNum = sizeof(object);
29     if (objectNum > size) {
30         return 0;
31     }
32     errno_t ret = memcpy_s(&object, objectNum, data, objectNum);
33     if (ret != EOK) {
34         return 0;
35     }
36     return objectNum;
37 }
38 
InjectKeyEvent(const uint8_t * data,const size_t size,size_t & startPos)39 bool InjectKeyEvent(const uint8_t* data, const size_t size, size_t &startPos)
40 {
41     auto injectDownEvent = KeyEvent::Create();
42     CHKPF(injectDownEvent);
43     int32_t keyCode;
44     CHECKSIZE(startPos, size);
45     startPos += GetObject<int32_t>(keyCode, data + startPos, size - startPos);
46     injectDownEvent->SetKeyCode(keyCode);
47     injectDownEvent->SetKeyAction(KeyEvent::KEY_ACTION_DOWN);
48     int64_t downTime;
49     CHECKSIZE(startPos, size);
50     startPos += GetObject<int64_t>(downTime, data + startPos, size - startPos);
51     KeyEvent::KeyItem kitDown;
52     kitDown.SetDownTime(downTime);
53     int32_t keyCodePressed;
54     CHECKSIZE(startPos, size);
55     startPos += GetObject<int32_t>(keyCodePressed, data + startPos, size - startPos);
56     kitDown.SetKeyCode(keyCodePressed);
57     kitDown.SetPressed(true);
58     injectDownEvent->AddPressedKeyItems(kitDown);
59     InputManager::GetInstance()->SimulateInputEvent(injectDownEvent);
60 
61     auto injectUpEvent = KeyEvent::Create();
62     CHKPF(injectUpEvent);
63     CHECKSIZE(startPos, size);
64     startPos += GetObject<int64_t>(downTime, data + startPos, size - startPos);
65     KeyEvent::KeyItem kitUp;
66     kitUp.SetDownTime(downTime);
67     kitUp.SetKeyCode(keyCodePressed);
68     kitUp.SetPressed(false);
69     injectUpEvent->SetKeyCode(keyCode);
70     injectUpEvent->SetKeyAction(KeyEvent::KEY_ACTION_UP);
71     injectUpEvent->RemoveReleasedKeyItems(kitUp);
72     InputManager::GetInstance()->SimulateInputEvent(injectUpEvent);
73     return true;
74 }
75 
InjectTouchEvent(const uint8_t * data,const size_t size,size_t & startPos)76 bool InjectTouchEvent(const uint8_t* data, const size_t size, size_t &startPos)
77 {
78     auto pointerDownEvent = PointerEvent::Create();
79     CHKPF(pointerDownEvent);
80     PointerEvent::PointerItem downitem;
81     downitem.SetPointerId(0);
82     int32_t physicalX;
83     CHECKSIZE(startPos, size);
84     startPos += GetObject<int32_t>(physicalX, data + startPos, size - startPos);
85     downitem.SetDisplayX(physicalX);
86     int32_t physicalY;
87     CHECKSIZE(startPos, size);
88     startPos += GetObject<int32_t>(physicalY, data + startPos, size - startPos);
89     downitem.SetDisplayY(physicalY);
90     int32_t pressure;
91     CHECKSIZE(startPos, size);
92     startPos += GetObject<int32_t>(pressure, data + startPos, size - startPos);
93     downitem.SetPressure(pressure);
94     downitem.SetDeviceId(1);
95     pointerDownEvent->AddPointerItem(downitem);
96     pointerDownEvent->SetId(std::numeric_limits<int32_t>::max());
97     pointerDownEvent->SetPointerAction(PointerEvent::POINTER_ACTION_DOWN);
98     pointerDownEvent->SetPointerId(0);
99     pointerDownEvent->SetSourceType(PointerEvent::SOURCE_TYPE_TOUCHSCREEN);
100     MMI_HILOGD("Call InputManager::InjectTouchEvent");
101     InputManager::GetInstance()->SimulateInputEvent(pointerDownEvent);
102 
103     auto pointerUpEvent = PointerEvent::Create();
104     CHKPF(pointerUpEvent);
105     PointerEvent::PointerItem upitem;
106     upitem.SetPointerId(0);
107     upitem.SetDisplayX(physicalX);
108     upitem.SetDisplayY(physicalY);
109     upitem.SetPressure(pressure);
110     upitem.SetDeviceId(1);
111     pointerUpEvent->AddPointerItem(upitem);
112     pointerUpEvent->SetId(std::numeric_limits<int32_t>::max());
113     pointerUpEvent->SetPointerAction(PointerEvent::POINTER_ACTION_UP);
114     pointerUpEvent->SetPointerId(0);
115     pointerUpEvent->SetSourceType(PointerEvent::SOURCE_TYPE_TOUCHSCREEN);
116     MMI_HILOGD("Call InputManager::InjectTouchEvent");
117     InputManager::GetInstance()->SimulateInputEvent(pointerUpEvent);
118     return true;
119 }
120 
InjectMouseEvent(const uint8_t * data,const size_t size,size_t & startPos)121 bool InjectMouseEvent(const uint8_t* data, const size_t size, size_t &startPos)
122 {
123     auto pointerDownEvent = PointerEvent::Create();
124     CHKPF(pointerDownEvent);
125     PointerEvent::PointerItem downitem;
126     downitem.SetPointerId(0);
127     int32_t physicalX;
128     CHECKSIZE(startPos, size);
129     startPos += GetObject<int32_t>(physicalX, data + startPos, size - startPos);
130     downitem.SetDisplayX(physicalX);
131     int32_t physicalY;
132     CHECKSIZE(startPos, size);
133     startPos += GetObject<int32_t>(physicalY, data + startPos, size - startPos);
134     downitem.SetDisplayY(physicalY);
135     int32_t pressure;
136     CHECKSIZE(startPos, size);
137     startPos += GetObject<int32_t>(pressure, data + startPos, size - startPos);
138     downitem.SetPressure(pressure);
139     downitem.SetDeviceId(1);
140     pointerDownEvent->AddPointerItem(downitem);
141     pointerDownEvent->SetId(std::numeric_limits<int32_t>::max());
142     pointerDownEvent->SetPointerAction(PointerEvent::POINTER_ACTION_DOWN);
143     pointerDownEvent->SetPointerId(0);
144     pointerDownEvent->SetSourceType(PointerEvent::SOURCE_TYPE_MOUSE);
145     MMI_HILOGD("Call InputManager::InjectMouseEvent");
146     InputManager::GetInstance()->SimulateInputEvent(pointerDownEvent);
147 
148     auto pointerUpEvent = PointerEvent::Create();
149     CHKPF(pointerUpEvent);
150     PointerEvent::PointerItem upitem;
151     upitem.SetPointerId(0);
152     upitem.SetDisplayX(physicalX);
153     upitem.SetDisplayY(physicalY);
154     upitem.SetPressure(pressure);
155     upitem.SetDeviceId(1);
156     pointerUpEvent->AddPointerItem(upitem);
157     pointerUpEvent->SetId(std::numeric_limits<int32_t>::max());
158     pointerUpEvent->SetPointerAction(PointerEvent::POINTER_ACTION_UP);
159     pointerUpEvent->SetPointerId(0);
160     pointerUpEvent->SetSourceType(PointerEvent::SOURCE_TYPE_MOUSE);
161     MMI_HILOGD("Call InputManager::InjectMouseEvent");
162     InputManager::GetInstance()->SimulateInputEvent(pointerUpEvent);
163     return true;
164 }
165 
InjectEventFuzzTest(const uint8_t * data,const size_t size)166 bool InjectEventFuzzTest(const uint8_t* data, const size_t size)
167 {
168     size_t startPos = 0;
169     if (InjectKeyEvent(data, size, startPos) && InjectTouchEvent(data, size, startPos) &&
170         InjectMouseEvent(data, size, startPos)) {
171         return true;
172     }
173     return false;
174 }
175 } // MMI
176 } // OHOS
177 
178 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)179 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
180 {
181     /* Run your code on data */
182     OHOS::MMI::InjectEventFuzzTest(data, size);
183     return 0;
184 }