1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "displaymanager_fuzzer.h"
17 
18 #include <securec.h>
19 #include <ui/rs_surface_node.h>
20 #include "display_manager.h"
21 
22 namespace OHOS ::Rosen {
23 namespace {
24 constexpr size_t DATA_MIN_SIZE = 4;
25 }
26 
27 class DisplayListener : public DisplayManager::IDisplayListener {
28 public:
OnCreate(DisplayId)29     virtual void OnCreate(DisplayId) override
30     {
31     }
OnDestroy(DisplayId)32     virtual void OnDestroy(DisplayId) override
33     {
34     }
OnChange(DisplayId)35     virtual void OnChange(DisplayId) override
36     {
37     }
38 };
39 
40 class ScreenshotListener : public DisplayManager::IScreenshotListener {
41 public:
OnScreenshot(const ScreenshotInfo info)42     void OnScreenshot(const ScreenshotInfo info) override
43     {
44     }
45 };
46 
47 class PrivateWindowListener : public DisplayManager::IPrivateWindowListener {
48 public:
OnPrivateWindow(bool hasPrivate)49     void OnPrivateWindow(bool hasPrivate) override
50     {
51     }
52 };
53 
54 class DisplayPowerEventListener : public IDisplayPowerEventListener {
55 public:
OnDisplayPowerEvent(DisplayPowerEvent event,EventStatus status)56     virtual void OnDisplayPowerEvent(DisplayPowerEvent event, EventStatus status) override
57     {
58     }
59 };
60 
61 template<class T>
GetObject(T & object,const uint8_t * data,size_t size)62 size_t GetObject(T &object, const uint8_t *data, size_t size)
63 {
64     size_t objectSize = sizeof(object);
65     if (objectSize > size) {
66         return 0;
67     }
68     return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0;
69 }
70 
DisplayFuzzTest(const uint8_t * data,size_t size)71 bool DisplayFuzzTest(const uint8_t* data, size_t size)
72 {
73     DisplayId displayId;
74     ScreenId screenId;
75     if (data == nullptr || size < sizeof(displayId) + sizeof(screenId)) {
76         return false;
77     }
78     size_t startPos = 0;
79     DisplayManager& displayManager = DisplayManager::GetInstance();
80     sptr<DisplayListener> displayListener = new DisplayListener();
81     displayManager.GetAllDisplays();
82     displayManager.GetAllDisplayIds();
83     displayManager.GetDefaultDisplayId();
84     displayManager.GetDefaultDisplay();
85 
86     startPos += GetObject<DisplayId>(displayId, data + startPos, size - startPos);
87     displayManager.GetDisplayById(displayId);
88     startPos += GetObject<ScreenId>(screenId, data + startPos, size - startPos);
89     displayManager.GetDisplayByScreen(screenId);
90     bool flag = true;
91     startPos += GetObject<bool>(flag, data + startPos, size - startPos);
92     displayManager.HasPrivateWindow(displayId, flag);
93     displayManager.RegisterDisplayListener(displayListener);
94     displayManager.UnregisterDisplayListener(displayListener);
95     sptr<ScreenshotListener> screenshotListener = new ScreenshotListener();
96     displayManager.RegisterScreenshotListener(screenshotListener);
97     displayManager.UnregisterScreenshotListener(screenshotListener);
98     sptr<PrivateWindowListener> privateWindowListener = new PrivateWindowListener();
99     displayManager.RegisterPrivateWindowListener(privateWindowListener);
100     displayManager.UnregisterPrivateWindowListener(privateWindowListener);
101     RSSurfaceNodeConfig config;
102     config.SurfaceNodeName = "AddSurfaceNodeToDisplay";
103     auto surfaceNode = RSSurfaceNode::Create(config, false);
104     displayManager.AddSurfaceNodeToDisplay(displayId, surfaceNode);
105     displayManager.RemoveSurfaceNodeFromDisplay(displayId, surfaceNode);
106     return true;
107 }
108 
GetScreenshotFuzzTest(const uint8_t * data,size_t size)109 bool GetScreenshotFuzzTest(const uint8_t* data, size_t size)
110 {
111     DisplayId displayId;
112     Media::Rect rect;
113     Media::Size mediaSize;
114     int rotation;
115     if (data == nullptr || size < DATA_MIN_SIZE) {
116         return false;
117     }
118     size_t startPos = 0;
119     DisplayManager& displayManager = DisplayManager::GetInstance();
120     startPos += GetObject<DisplayId>(displayId, data + startPos, size - startPos);
121     displayManager.GetScreenshot(displayId);
122     startPos += GetObject<Media::Rect>(rect, data + startPos, size - startPos);
123     startPos += GetObject<Media::Size>(mediaSize, data + startPos, size - startPos);
124     GetObject<int>(rotation, data + startPos, size - startPos);
125     displayManager.GetScreenshot(displayId, rect, mediaSize, rotation);
126     return true;
127 }
128 
DisplayPowerFuzzTest(const uint8_t * data,size_t size)129 bool DisplayPowerFuzzTest(const uint8_t* data, size_t size)
130 {
131     uint32_t reason;
132     DisplayId displayId;
133     uint32_t state;
134     if (data == nullptr || size < sizeof(reason) + sizeof(displayId) + sizeof(state)) {
135         return false;
136     }
137     size_t startPos = 0;
138     DisplayManager& displayManager = DisplayManager::GetInstance();
139     sptr<IDisplayPowerEventListener> listener = new DisplayPowerEventListener();
140     displayManager.RegisterDisplayPowerEventListener(listener);
141 
142     startPos += GetObject<uint32_t>(reason, data + startPos, size - startPos);
143     displayManager.WakeUpBegin(static_cast<PowerStateChangeReason>(reason));
144     displayManager.WakeUpEnd();
145     displayManager.SuspendBegin(static_cast<PowerStateChangeReason>(reason));
146     displayManager.SuspendEnd();
147 
148     startPos += GetObject<uint32_t>(state, data + startPos, size - startPos);
149     DisplayStateCallback callback = [](DisplayState state) {
150     };
151     displayManager.SetDisplayState(static_cast<DisplayState>(state), callback);
152     startPos += GetObject<DisplayId>(displayId, data + startPos, size - startPos);
153     displayManager.GetDisplayState(displayId);
154 
155     displayManager.UnregisterDisplayPowerEventListener(listener);
156     return true;
157 }
158 
ScreenBrightnessFuzzTest(const uint8_t * data,size_t size)159 bool ScreenBrightnessFuzzTest(const uint8_t* data, size_t size)
160 {
161     uint64_t screenId;
162     uint32_t level;
163     if (data == nullptr || size < sizeof(screenId) + sizeof(level)) {
164         return false;
165     }
166     size_t startPos = 0;
167     DisplayManager& displayManager = DisplayManager::GetInstance();
168 
169     startPos += GetObject<uint64_t>(screenId, data + startPos, size - startPos);
170     GetObject<uint32_t>(level, data + startPos, size - startPos);
171     displayManager.SetScreenBrightness(screenId, level);
172     displayManager.GetScreenBrightness(screenId);
173     return true;
174 }
175 
FreezeFuzzTest(const uint8_t * data,size_t size)176 bool FreezeFuzzTest(const uint8_t* data, size_t size)
177 {
178     if (data == nullptr || size < DATA_MIN_SIZE) {
179         return false;
180     }
181     size_t startPos = 0;
182     DisplayManager& displayManager = DisplayManager::GetInstance();
183     //2 displays
184     std::vector<DisplayId> displays(2);
185     for (DisplayId& id : displays) {
186         startPos += GetObject<DisplayId>(id, data + startPos, size - startPos);
187     }
188     displayManager.Freeze(displays);
189     displayManager.Unfreeze(displays);
190     return true;
191 }
192 
NotifyDisplayEventFuzzTest(const uint8_t * data,size_t size)193 bool NotifyDisplayEventFuzzTest(const uint8_t* data, size_t size)
194 {
195     // 10 displays
196     if (data == nullptr || size < sizeof(DisplayEvent)) {
197         return false;
198     }
199     size_t startPos = 0;
200     DisplayManager& displayManager = DisplayManager::GetInstance();
201     uint32_t event;
202     GetObject<uint32_t>(event, data + startPos, size - startPos);
203     displayManager.NotifyDisplayEvent(static_cast<DisplayEvent>(event));
204     return true;
205 }
206 } // namespace.OHOS::Rosen
207 
208 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)209 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
210 {
211     /* Run your code on data */
212     OHOS::Rosen::DisplayFuzzTest(data, size);
213     OHOS::Rosen::GetScreenshotFuzzTest(data, size);
214     OHOS::Rosen::DisplayPowerFuzzTest(data, size);
215     OHOS::Rosen::ScreenBrightnessFuzzTest(data, size);
216     OHOS::Rosen::FreezeFuzzTest(data, size);
217     OHOS::Rosen::NotifyDisplayEventFuzzTest(data, size);
218     return 0;
219 }
220 
221