1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "simulateinputevent_fuzzer.h"
17 
18 #include "securec.h"
19 
20 #include "define_multimodal.h"
21 #include "input_manager.h"
22 #include "mmi_log.h"
23 
24 #undef MMI_LOG_TAG
25 #define MMI_LOG_TAG "SimulateInputEventFuzzTest"
26 
27 namespace OHOS {
28 namespace MMI {
29 template<class T>
GetObject(T & object,const uint8_t * data,size_t size)30 size_t GetObject(T &object, const uint8_t *data, size_t size)
31 {
32     size_t objectNum = sizeof(object);
33     if (objectNum > size) {
34         return 0;
35     }
36     errno_t ret = memcpy_s(&object, objectNum, data, objectNum);
37     if (ret != EOK) {
38         return 0;
39     }
40     return objectNum;
41 }
42 
SimulateInjectEvent(const uint8_t * data,const size_t size,size_t & startPos)43 bool SimulateInjectEvent(const uint8_t* data, const size_t size, size_t &startPos)
44 {
45     auto injectDownEvent = KeyEvent::Create();
46     CHKPF(injectDownEvent);
47     int32_t keyCode;
48     CHECKSIZE(startPos, size);
49     startPos += GetObject<int32_t>(keyCode, data + startPos, size - startPos);
50     injectDownEvent->SetKeyCode(keyCode);
51     injectDownEvent->SetKeyAction(KeyEvent::KEY_ACTION_DOWN);
52     int64_t downTime;
53     CHECKSIZE(startPos, size);
54     startPos += GetObject<int64_t>(downTime, data + startPos, size - startPos);
55     KeyEvent::KeyItem kitDown;
56     kitDown.SetDownTime(downTime);
57     int32_t keyCodePressed;
58     CHECKSIZE(startPos, size);
59     startPos += GetObject<int32_t>(keyCodePressed, data + startPos, size - startPos);
60     kitDown.SetKeyCode(keyCodePressed);
61     kitDown.SetPressed(true);
62     injectDownEvent->AddPressedKeyItems(kitDown);
63     InputManager::GetInstance()->SimulateInputEvent(injectDownEvent);
64 
65     auto injectUpEvent = KeyEvent::Create();
66     CHKPF(injectUpEvent);
67     CHECKSIZE(startPos, size);
68     startPos += GetObject<int64_t>(downTime, data + startPos, size - startPos);
69     KeyEvent::KeyItem kitUp;
70     kitUp.SetDownTime(downTime);
71     kitUp.SetKeyCode(keyCodePressed);
72     kitUp.SetPressed(false);
73     injectUpEvent->SetKeyCode(keyCode);
74     injectUpEvent->SetKeyAction(KeyEvent::KEY_ACTION_UP);
75     injectUpEvent->RemoveReleasedKeyItems(kitUp);
76     InputManager::GetInstance()->SimulateInputEvent(injectUpEvent);
77     return true;
78 }
79 
SimulatePointerEvent(const uint8_t * data,const size_t size,size_t & startPos)80 bool SimulatePointerEvent(const uint8_t* data, const size_t size, size_t &startPos)
81 {
82     auto pointerDownEvent = PointerEvent::Create();
83     CHKPF(pointerDownEvent);
84     PointerEvent::PointerItem downitem;
85     downitem.SetPointerId(0);
86     int32_t physicalX;
87     CHECKSIZE(startPos, size);
88     startPos += GetObject<int32_t>(physicalX, data + startPos, size - startPos);
89     downitem.SetDisplayX(physicalX);
90     int32_t physicalY;
91     CHECKSIZE(startPos, size);
92     startPos += GetObject<int32_t>(physicalY, data + startPos, size - startPos);
93     downitem.SetDisplayY(physicalY);
94     int32_t pressure;
95     CHECKSIZE(startPos, size);
96     startPos += GetObject<int32_t>(pressure, data + startPos, size - startPos);
97     downitem.SetPressure(pressure);
98     downitem.SetDeviceId(1);
99     pointerDownEvent->AddPointerItem(downitem);
100     pointerDownEvent->SetId(std::numeric_limits<int32_t>::max());
101     pointerDownEvent->SetPointerAction(PointerEvent::POINTER_ACTION_DOWN);
102     pointerDownEvent->SetPointerId(0);
103     pointerDownEvent->SetSourceType(PointerEvent::SOURCE_TYPE_TOUCHSCREEN);
104     MMI_HILOGD("Call InputManager::SimulatePointerEvent");
105     InputManager::GetInstance()->SimulateInputEvent(pointerDownEvent);
106 
107     auto pointerUpEvent = PointerEvent::Create();
108     CHKPF(pointerUpEvent);
109     PointerEvent::PointerItem upitem;
110     upitem.SetPointerId(0);
111     upitem.SetDisplayX(physicalX);
112     upitem.SetDisplayY(physicalY);
113     upitem.SetPressure(pressure);
114     upitem.SetDeviceId(1);
115     pointerUpEvent->AddPointerItem(upitem);
116     pointerUpEvent->SetId(std::numeric_limits<int32_t>::max());
117     pointerUpEvent->SetPointerAction(PointerEvent::POINTER_ACTION_UP);
118     pointerUpEvent->SetPointerId(0);
119     pointerUpEvent->SetSourceType(PointerEvent::SOURCE_TYPE_TOUCHSCREEN);
120     MMI_HILOGD("Call InputManager::SimulatePointerEvent");
121     InputManager::GetInstance()->SimulateInputEvent(pointerUpEvent);
122     return true;
123 }
124 
SimulateInputEventFuzzTest(const uint8_t * data,const size_t size)125 bool SimulateInputEventFuzzTest(const uint8_t* data, const size_t size)
126 {
127     size_t startPos = 0;
128     if (SimulateInjectEvent(data, size, startPos) && SimulatePointerEvent(data, size, startPos)) {
129         return true;
130     }
131     return false;
132 }
133 } // MMI
134 } // OHOS
135 
136 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)137 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
138 {
139     /* Run your code on data */
140     OHOS::MMI::SimulateInputEventFuzzTest(data, size);
141     return 0;
142 }