1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "jsvaluerefobject_fuzzer.h"
17 #include "ecmascript/base/string_helper.h"
18 #include "ecmascript/js_function.h"
19 #include "ecmascript/napi/include/dfx_jsnapi.h"
20 #include "ecmascript/napi/include/jsnapi.h"
21 #include "ecmascript/napi/jsnapi_helper.h"
22 #include "ecmascript/object_factory.h"
23
24 using namespace panda;
25 using namespace panda::ecmascript;
26
27 namespace OHOS {
JSValueRefIsSymbolFuzzTest(const uint8_t* data, size_t size)28 void JSValueRefIsSymbolFuzzTest(const uint8_t* data, size_t size)
29 {
30 RuntimeOption option;
31 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
32 EcmaVM *vm = JSNApi::CreateJSVM(option);
33 if (data == nullptr || size <= 0) {
34 LOG_ECMA(ERROR) << "illegal input!";
35 return;
36 }
37 Local<StringRef> description = StringRef::NewFromUtf8(vm, (char*)data, size);
38 Local<SymbolRef> symbol = SymbolRef::New(vm, description);
39 symbol->IsSymbol(vm);
40 JSNApi::DestroyJSVM(vm);
41 }
42
JSValueRefIsBigIntFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)43 void JSValueRefIsBigIntFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
44 {
45 RuntimeOption option;
46 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
47 EcmaVM *vm = JSNApi::CreateJSVM(option);
48 if (size <= 0) {
49 LOG_ECMA(ERROR) << "illegal input!";
50 return;
51 }
52 constexpr int input = 2147483646;
53 Local<IntegerRef> intValue = IntegerRef::New(vm, input);
54 [[maybe_unused]]bool res = intValue->IsBigInt(vm);
55 JSNApi::DestroyJSVM(vm);
56 }
57
JSValueRefIsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)58 void JSValueRefIsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
59 {
60 RuntimeOption option;
61 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
62 EcmaVM *vm = JSNApi::CreateJSVM(option);
63 if (size <= 0) {
64 LOG_ECMA(ERROR) << "illegal input!";
65 return;
66 }
67 Local<JSValueRef> res = IntegerRef::New(vm, (int)size);
68 [[maybe_unused]]bool result = res->IsObject(vm);
69 JSNApi::DestroyJSVM(vm);
70 }
71
IsArgumentsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)72 void IsArgumentsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
73 {
74 RuntimeOption option;
75 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
76 EcmaVM *vm = JSNApi::CreateJSVM(option);
77 {
78 JsiFastNativeScope scope(vm);
79 if (size <= 0) {
80 LOG_ECMA(ERROR) << "illegal input!";
81 return;
82 }
83 ObjectFactory *factory = vm->GetFactory();
84 JSHandle<JSArguments> obj = factory->NewJSArguments();
85 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(obj);
86 JSNApiHelper::ToLocal<ObjectRef>(argumentTag)->IsArgumentsObject(vm);
87 }
88 JSNApi::DestroyJSVM(vm);
89 }
90
IsJSPrimitiveBooleanFuzzTest(const uint8_t* data, size_t size)91 void IsJSPrimitiveBooleanFuzzTest(const uint8_t* data, size_t size)
92 {
93 RuntimeOption option;
94 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
95 EcmaVM *vm = JSNApi::CreateJSVM(option);
96 if (data == nullptr || size <= 0) {
97 LOG_ECMA(ERROR) << "illegal input!";
98 return;
99 }
100 int length = size / sizeof(char16_t);
101 Local<StringRef> obj = StringRef::NewFromUtf16(vm, (char16_t*)data, length);
102 obj->IsJSPrimitiveBoolean(vm);
103 JSNApi::DestroyJSVM(vm);
104 }
105
IsGeneratorFunctionFuzzTest(const uint8_t* data, size_t size)106 void IsGeneratorFunctionFuzzTest(const uint8_t* data, size_t size)
107 {
108 RuntimeOption option;
109 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
110 EcmaVM *vm = JSNApi::CreateJSVM(option);
111 if (data == nullptr || size <= 0) {
112 LOG_ECMA(ERROR) << "illegal input!";
113 return;
114 }
115 int length = size / sizeof(char16_t);
116 Local<StringRef> obj = StringRef::NewFromUtf16(vm, (char16_t*)data, length);
117 obj->IsGeneratorFunction(vm);
118 JSNApi::DestroyJSVM(vm);
119 }
120
IsMapIteratorFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)121 void IsMapIteratorFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
122 {
123 JSRuntimeOptions option;
124 EcmaVM *vm = JSNApi::CreateEcmaVM(option);
125 if (size <= 0) {
126 LOG_ECMA(ERROR) << "illegal input!";
127 return;
128 }
129 Local<JSValueRef> object = IntegerRef::New(vm, (int)size);
130 object->IsMapIterator(vm);
131 JSNApi::DestroyJSVM(vm);
132 }
133 }
134
135 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)136 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
137 {
138 // Run your code on data.
139 OHOS::JSValueRefIsSymbolFuzzTest(data, size);
140 OHOS::JSValueRefIsBigIntFuzzTest(data, size);
141 OHOS::JSValueRefIsObjectFuzzTest(data, size);
142 OHOS::IsArgumentsObjectFuzzTest(data, size);
143 OHOS::IsJSPrimitiveBooleanFuzzTest(data, size);
144 OHOS::IsGeneratorFunctionFuzzTest(data, size);
145 OHOS::IsMapIteratorFuzzTest(data, size);
146 return 0;
147 }