14514f5e3Sopenharmony_ci/* 24514f5e3Sopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 34514f5e3Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 44514f5e3Sopenharmony_ci * you may not use this file except in compliance with the License. 54514f5e3Sopenharmony_ci * You may obtain a copy of the License at 64514f5e3Sopenharmony_ci * 74514f5e3Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 84514f5e3Sopenharmony_ci * 94514f5e3Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 104514f5e3Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 114514f5e3Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 124514f5e3Sopenharmony_ci * See the License for the specific language governing permissions and 134514f5e3Sopenharmony_ci * limitations under the License. 144514f5e3Sopenharmony_ci */ 154514f5e3Sopenharmony_ci 164514f5e3Sopenharmony_ci#include "jsvaluereffoundationvalue_fuzzer.h" 174514f5e3Sopenharmony_ci#include "ecmascript/base/string_helper.h" 184514f5e3Sopenharmony_ci#include "ecmascript/ecma_string-inl.h" 194514f5e3Sopenharmony_ci#include "ecmascript/napi/include/jsnapi.h" 204514f5e3Sopenharmony_ci 214514f5e3Sopenharmony_ciusing namespace panda; 224514f5e3Sopenharmony_ciusing namespace panda::ecmascript; 234514f5e3Sopenharmony_ci 244514f5e3Sopenharmony_ci#define MAXBYTELEN sizeof(int32_t) 254514f5e3Sopenharmony_ci 264514f5e3Sopenharmony_cinamespace OHOS { 274514f5e3Sopenharmony_civoid JSValueRefIsNumberValueFuzzTest(const uint8_t *data, size_t size) 284514f5e3Sopenharmony_ci{ 294514f5e3Sopenharmony_ci RuntimeOption option; 304514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 314514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 324514f5e3Sopenharmony_ci int key = 0; 334514f5e3Sopenharmony_ci uint32_t inputUnit32 = 32; 344514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 354514f5e3Sopenharmony_ci std::cout << "illegal input!"; 364514f5e3Sopenharmony_ci return; 374514f5e3Sopenharmony_ci } 384514f5e3Sopenharmony_ci if (size > MAXBYTELEN) { 394514f5e3Sopenharmony_ci size = MAXBYTELEN; 404514f5e3Sopenharmony_ci } 414514f5e3Sopenharmony_ci if (memcpy_s(&key, MAXBYTELEN, data, size) != EOK) { 424514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 434514f5e3Sopenharmony_ci UNREACHABLE(); 444514f5e3Sopenharmony_ci } 454514f5e3Sopenharmony_ci Local<IntegerRef> intValue = IntegerRef::New(vm, key); 464514f5e3Sopenharmony_ci if (memcpy_s(&inputUnit32, MAXBYTELEN, data, size) != EOK) { 474514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 484514f5e3Sopenharmony_ci UNREACHABLE(); 494514f5e3Sopenharmony_ci } 504514f5e3Sopenharmony_ci Local<NumberRef> resUnit32 = NumberRef::New(vm, inputUnit32); 514514f5e3Sopenharmony_ci bool inputBool = true; 524514f5e3Sopenharmony_ci if (size == 0 || data == nullptr) { 534514f5e3Sopenharmony_ci inputBool = false; 544514f5e3Sopenharmony_ci } 554514f5e3Sopenharmony_ci Local<BooleanRef> resBool = BooleanRef::New(vm, inputBool); 564514f5e3Sopenharmony_ci Local<StringRef> stringUtf8 = StringRef::NewFromUtf8(vm, (char *)data, (int)size); 574514f5e3Sopenharmony_ci intValue->IsNumber(); 584514f5e3Sopenharmony_ci resUnit32->IsNumber(); 594514f5e3Sopenharmony_ci resBool->IsNumber(); 604514f5e3Sopenharmony_ci stringUtf8->IsNumber(); 614514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 624514f5e3Sopenharmony_ci} 634514f5e3Sopenharmony_ci 644514f5e3Sopenharmony_civoid JSValueRefIsStringValueFuzzTest(const uint8_t *data, size_t size) 654514f5e3Sopenharmony_ci{ 664514f5e3Sopenharmony_ci RuntimeOption option; 674514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 684514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 694514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 704514f5e3Sopenharmony_ci std::cout << "illegal input!"; 714514f5e3Sopenharmony_ci return; 724514f5e3Sopenharmony_ci } 734514f5e3Sopenharmony_ci Local<JSValueRef> tag = StringRef::NewFromUtf8(vm, (char *)data, (int)size); 744514f5e3Sopenharmony_ci tag->IsString(vm); 754514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 764514f5e3Sopenharmony_ci} 774514f5e3Sopenharmony_ci 784514f5e3Sopenharmony_civoid JSValueRefWithinInt32ValueFuzzTest(const uint8_t *data, size_t size) 794514f5e3Sopenharmony_ci{ 804514f5e3Sopenharmony_ci RuntimeOption option; 814514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 824514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 834514f5e3Sopenharmony_ci int number = 0; 844514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 854514f5e3Sopenharmony_ci std::cout << "illegal input!"; 864514f5e3Sopenharmony_ci return; 874514f5e3Sopenharmony_ci } 884514f5e3Sopenharmony_ci if (size > MAXBYTELEN) { 894514f5e3Sopenharmony_ci size = MAXBYTELEN; 904514f5e3Sopenharmony_ci } 914514f5e3Sopenharmony_ci if (memcpy_s(&number, MAXBYTELEN, data, size) != 0) { 924514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 934514f5e3Sopenharmony_ci UNREACHABLE(); 944514f5e3Sopenharmony_ci } 954514f5e3Sopenharmony_ci Local<JSValueRef> tag = IntegerRef::New(vm, number); 964514f5e3Sopenharmony_ci tag->WithinInt32(); 974514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 984514f5e3Sopenharmony_ci} 994514f5e3Sopenharmony_ci 1004514f5e3Sopenharmony_ciLocal<JSValueRef> FunCallback(JsiRuntimeCallInfo *info) 1014514f5e3Sopenharmony_ci{ 1024514f5e3Sopenharmony_ci EscapeLocalScope scope(info->GetVM()); 1034514f5e3Sopenharmony_ci return scope.Escape(ArrayRef::New(info->GetVM(), info->GetArgsNumber())); 1044514f5e3Sopenharmony_ci} 1054514f5e3Sopenharmony_ci 1064514f5e3Sopenharmony_civoid JSValueRefIsFunctionValueFuzzTest(const uint8_t *data, size_t size) 1074514f5e3Sopenharmony_ci{ 1084514f5e3Sopenharmony_ci RuntimeOption option; 1094514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 1104514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 1114514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 1124514f5e3Sopenharmony_ci std::cout << "illegal input!"; 1134514f5e3Sopenharmony_ci return; 1144514f5e3Sopenharmony_ci } 1154514f5e3Sopenharmony_ci NativePointerCallback deleter = nullptr; 1164514f5e3Sopenharmony_ci FunctionCallback nativeFunc = FunCallback; 1174514f5e3Sopenharmony_ci Local<FunctionRef> obj(FunctionRef::NewClassFunction(vm, nativeFunc, deleter, (void *)(data + size))); 1184514f5e3Sopenharmony_ci (void)obj->IsFunction(vm); 1194514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1204514f5e3Sopenharmony_ci} 1214514f5e3Sopenharmony_ci 1224514f5e3Sopenharmony_civoid JSValueRefIsTypedArrayValueFuzzTest(const uint8_t *data, size_t size) 1234514f5e3Sopenharmony_ci{ 1244514f5e3Sopenharmony_ci RuntimeOption option; 1254514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 1264514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 1274514f5e3Sopenharmony_ci int number = 123; 1284514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 1294514f5e3Sopenharmony_ci std::cout << "illegal input!"; 1304514f5e3Sopenharmony_ci return; 1314514f5e3Sopenharmony_ci } 1324514f5e3Sopenharmony_ci if (size > MAXBYTELEN) { 1334514f5e3Sopenharmony_ci size = MAXBYTELEN; 1344514f5e3Sopenharmony_ci } 1354514f5e3Sopenharmony_ci if (memcpy_s(&number, MAXBYTELEN, data, size) != 0) { 1364514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 1374514f5e3Sopenharmony_ci UNREACHABLE(); 1384514f5e3Sopenharmony_ci } 1394514f5e3Sopenharmony_ci Local<JSValueRef> targetUInt = IntegerRef::New(vm, number); 1404514f5e3Sopenharmony_ci targetUInt->IsTypedArray(vm); 1414514f5e3Sopenharmony_ci int32_t input; 1424514f5e3Sopenharmony_ci if (memcpy_s(&input, MAXBYTELEN, data, size) != 0) { 1434514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 1444514f5e3Sopenharmony_ci UNREACHABLE(); 1454514f5e3Sopenharmony_ci } 1464514f5e3Sopenharmony_ci const int32_t MaxMenory = 1024; 1474514f5e3Sopenharmony_ci if (input > MaxMenory) { 1484514f5e3Sopenharmony_ci input = MaxMenory; 1494514f5e3Sopenharmony_ci } 1504514f5e3Sopenharmony_ci Local<ArrayBufferRef> ref = ArrayBufferRef::New(vm, input); 1514514f5e3Sopenharmony_ci ref->IsArrayBuffer(vm); 1524514f5e3Sopenharmony_ci Local<Uint32ArrayRef> typedArray = Uint32ArrayRef::New(vm, ref, (int32_t)size, (int32_t)size); 1534514f5e3Sopenharmony_ci typedArray->IsTypedArray(vm); 1544514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1554514f5e3Sopenharmony_ci} 1564514f5e3Sopenharmony_ci 1574514f5e3Sopenharmony_civoid JSValueRefIsDateValueFuzzTest(const uint8_t *data, size_t size) 1584514f5e3Sopenharmony_ci{ 1594514f5e3Sopenharmony_ci RuntimeOption option; 1604514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 1614514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 1624514f5e3Sopenharmony_ci int key = 0; 1634514f5e3Sopenharmony_ci uint32_t inputUnit32 = 32; 1644514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 1654514f5e3Sopenharmony_ci std::cout << "illegal input!"; 1664514f5e3Sopenharmony_ci return; 1674514f5e3Sopenharmony_ci } 1684514f5e3Sopenharmony_ci if (size > MAXBYTELEN) { 1694514f5e3Sopenharmony_ci size = MAXBYTELEN; 1704514f5e3Sopenharmony_ci } 1714514f5e3Sopenharmony_ci if (memcpy_s(&key, MAXBYTELEN, data, size) != EOK) { 1724514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 1734514f5e3Sopenharmony_ci UNREACHABLE(); 1744514f5e3Sopenharmony_ci } 1754514f5e3Sopenharmony_ci Local<IntegerRef> intValue = IntegerRef::New(vm, key); 1764514f5e3Sopenharmony_ci if (memcpy_s(&inputUnit32, MAXBYTELEN, data, size) != EOK) { 1774514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 1784514f5e3Sopenharmony_ci UNREACHABLE(); 1794514f5e3Sopenharmony_ci } 1804514f5e3Sopenharmony_ci Local<NumberRef> resUnit32 = NumberRef::New(vm, inputUnit32); 1814514f5e3Sopenharmony_ci Local<StringRef> stringUtf8 = StringRef::NewFromUtf8(vm, (char *)data, (int)size); 1824514f5e3Sopenharmony_ci 1834514f5e3Sopenharmony_ci double timeRef = 1.1; 1844514f5e3Sopenharmony_ci size_t maxByteLen = 8; 1854514f5e3Sopenharmony_ci if (size > maxByteLen) { 1864514f5e3Sopenharmony_ci size = maxByteLen; 1874514f5e3Sopenharmony_ci } 1884514f5e3Sopenharmony_ci if (memcpy_s(&timeRef, maxByteLen, data, size) != EOK) { 1894514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 1904514f5e3Sopenharmony_ci UNREACHABLE(); 1914514f5e3Sopenharmony_ci } 1924514f5e3Sopenharmony_ci Local<DateRef> dateRef = DateRef::New(vm, timeRef); 1934514f5e3Sopenharmony_ci resUnit32->IsDate(vm); 1944514f5e3Sopenharmony_ci intValue->IsDate(vm); 1954514f5e3Sopenharmony_ci stringUtf8->IsDate(vm); 1964514f5e3Sopenharmony_ci dateRef->IsDate(vm); 1974514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1984514f5e3Sopenharmony_ci} 1994514f5e3Sopenharmony_ci 2004514f5e3Sopenharmony_civoid JSValueRefIsErrorValueFuzzTest(const uint8_t *data, size_t size) 2014514f5e3Sopenharmony_ci{ 2024514f5e3Sopenharmony_ci RuntimeOption option; 2034514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 2044514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 2054514f5e3Sopenharmony_ci int key = 0; 2064514f5e3Sopenharmony_ci uint32_t inputUnit32 = 32; 2074514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 2084514f5e3Sopenharmony_ci std::cout << "illegal input!"; 2094514f5e3Sopenharmony_ci return; 2104514f5e3Sopenharmony_ci } 2114514f5e3Sopenharmony_ci if (size > MAXBYTELEN) { 2124514f5e3Sopenharmony_ci size = MAXBYTELEN; 2134514f5e3Sopenharmony_ci } 2144514f5e3Sopenharmony_ci if (memcpy_s(&key, MAXBYTELEN, data, size) != EOK) { 2154514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 2164514f5e3Sopenharmony_ci UNREACHABLE(); 2174514f5e3Sopenharmony_ci } 2184514f5e3Sopenharmony_ci Local<IntegerRef> intValue = IntegerRef::New(vm, key); 2194514f5e3Sopenharmony_ci if (memcpy_s(&inputUnit32, MAXBYTELEN, data, size) != EOK) { 2204514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 2214514f5e3Sopenharmony_ci UNREACHABLE(); 2224514f5e3Sopenharmony_ci } 2234514f5e3Sopenharmony_ci Local<NumberRef> resUnit32 = NumberRef::New(vm, inputUnit32); 2244514f5e3Sopenharmony_ci Local<StringRef> stringUtf8 = StringRef::NewFromUtf8(vm, (char *)data, (int)size); 2254514f5e3Sopenharmony_ci Local<JSValueRef> error = Exception::Error(vm, stringUtf8); 2264514f5e3Sopenharmony_ci resUnit32->IsError(vm); 2274514f5e3Sopenharmony_ci intValue->IsError(vm); 2284514f5e3Sopenharmony_ci stringUtf8->IsError(vm); 2294514f5e3Sopenharmony_ci error->IsError(vm); 2304514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 2314514f5e3Sopenharmony_ci} 2324514f5e3Sopenharmony_ci 2334514f5e3Sopenharmony_civoid JSValueRefToStringValueFuzzTest(const uint8_t *data, size_t size) 2344514f5e3Sopenharmony_ci{ 2354514f5e3Sopenharmony_ci RuntimeOption option; 2364514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 2374514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 2384514f5e3Sopenharmony_ci int key = 0; 2394514f5e3Sopenharmony_ci uint32_t inputUnit32 = 32; 2404514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 2414514f5e3Sopenharmony_ci std::cout << "illegal input!"; 2424514f5e3Sopenharmony_ci return; 2434514f5e3Sopenharmony_ci } 2444514f5e3Sopenharmony_ci if (size > MAXBYTELEN) { 2454514f5e3Sopenharmony_ci size = MAXBYTELEN; 2464514f5e3Sopenharmony_ci } 2474514f5e3Sopenharmony_ci if (memcpy_s(&key, MAXBYTELEN, data, size) != EOK) { 2484514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 2494514f5e3Sopenharmony_ci UNREACHABLE(); 2504514f5e3Sopenharmony_ci } 2514514f5e3Sopenharmony_ci Local<IntegerRef> intValue = IntegerRef::New(vm, key); 2524514f5e3Sopenharmony_ci if (memcpy_s(&inputUnit32, MAXBYTELEN, data, size) != EOK) { 2534514f5e3Sopenharmony_ci std::cout << "memcpy_s failed!"; 2544514f5e3Sopenharmony_ci UNREACHABLE(); 2554514f5e3Sopenharmony_ci } 2564514f5e3Sopenharmony_ci Local<NumberRef> resUnit32 = NumberRef::New(vm, inputUnit32); 2574514f5e3Sopenharmony_ci bool inputBool = true; 2584514f5e3Sopenharmony_ci if (size == 0 || data == nullptr) { 2594514f5e3Sopenharmony_ci inputBool = false; 2604514f5e3Sopenharmony_ci } 2614514f5e3Sopenharmony_ci Local<BooleanRef> resBool = BooleanRef::New(vm, inputBool); 2624514f5e3Sopenharmony_ci Local<StringRef> stringUtf8 = StringRef::NewFromUtf8(vm, (char *)data, (int)size); 2634514f5e3Sopenharmony_ci Local<JSValueRef> toTarget(stringUtf8); 2644514f5e3Sopenharmony_ci intValue->ToString(vm); 2654514f5e3Sopenharmony_ci resUnit32->ToString(vm); 2664514f5e3Sopenharmony_ci resBool->ToString(vm); 2674514f5e3Sopenharmony_ci toTarget->ToString(vm); 2684514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 2694514f5e3Sopenharmony_ci} 2704514f5e3Sopenharmony_ci} 2714514f5e3Sopenharmony_ci 2724514f5e3Sopenharmony_ci 2734514f5e3Sopenharmony_ci// Fuzzer entry point. 2744514f5e3Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 2754514f5e3Sopenharmony_ci{ 2764514f5e3Sopenharmony_ci // Run your code on data. 2774514f5e3Sopenharmony_ci OHOS::JSValueRefIsNumberValueFuzzTest(data, size); 2784514f5e3Sopenharmony_ci OHOS::JSValueRefIsStringValueFuzzTest(data, size); 2794514f5e3Sopenharmony_ci OHOS::JSValueRefWithinInt32ValueFuzzTest(data, size); 2804514f5e3Sopenharmony_ci OHOS::JSValueRefIsFunctionValueFuzzTest(data, size); 2814514f5e3Sopenharmony_ci OHOS::JSValueRefIsTypedArrayValueFuzzTest(data, size); 2824514f5e3Sopenharmony_ci OHOS::JSValueRefIsDateValueFuzzTest(data, size); 2834514f5e3Sopenharmony_ci OHOS::JSValueRefIsErrorValueFuzzTest(data, size); 2844514f5e3Sopenharmony_ci OHOS::JSValueRefToStringValueFuzzTest(data, size); 2854514f5e3Sopenharmony_ci return 0; 2864514f5e3Sopenharmony_ci} 287