14514f5e3Sopenharmony_ci/* 24514f5e3Sopenharmony_ci * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 34514f5e3Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 44514f5e3Sopenharmony_ci * you may not use this file except in compliance with the License. 54514f5e3Sopenharmony_ci * You may obtain a copy of the License at 64514f5e3Sopenharmony_ci * 74514f5e3Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 84514f5e3Sopenharmony_ci * 94514f5e3Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 104514f5e3Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 114514f5e3Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 124514f5e3Sopenharmony_ci * See the License for the specific language governing permissions and 134514f5e3Sopenharmony_ci * limitations under the License. 144514f5e3Sopenharmony_ci */ 154514f5e3Sopenharmony_ci 164514f5e3Sopenharmony_ci#include "jsvaluerefobject_fuzzer.h" 174514f5e3Sopenharmony_ci#include "ecmascript/base/string_helper.h" 184514f5e3Sopenharmony_ci#include "ecmascript/js_function.h" 194514f5e3Sopenharmony_ci#include "ecmascript/napi/include/dfx_jsnapi.h" 204514f5e3Sopenharmony_ci#include "ecmascript/napi/include/jsnapi.h" 214514f5e3Sopenharmony_ci#include "ecmascript/napi/jsnapi_helper.h" 224514f5e3Sopenharmony_ci#include "ecmascript/object_factory.h" 234514f5e3Sopenharmony_ci 244514f5e3Sopenharmony_ciusing namespace panda; 254514f5e3Sopenharmony_ciusing namespace panda::ecmascript; 264514f5e3Sopenharmony_ci 274514f5e3Sopenharmony_cinamespace OHOS { 284514f5e3Sopenharmony_ci void JSValueRefIsSymbolFuzzTest(const uint8_t* data, size_t size) 294514f5e3Sopenharmony_ci { 304514f5e3Sopenharmony_ci RuntimeOption option; 314514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 324514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 334514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 344514f5e3Sopenharmony_ci LOG_ECMA(ERROR) << "illegal input!"; 354514f5e3Sopenharmony_ci return; 364514f5e3Sopenharmony_ci } 374514f5e3Sopenharmony_ci Local<StringRef> description = StringRef::NewFromUtf8(vm, (char*)data, size); 384514f5e3Sopenharmony_ci Local<SymbolRef> symbol = SymbolRef::New(vm, description); 394514f5e3Sopenharmony_ci symbol->IsSymbol(vm); 404514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 414514f5e3Sopenharmony_ci } 424514f5e3Sopenharmony_ci 434514f5e3Sopenharmony_ci void JSValueRefIsBigIntFuzzTest([[maybe_unused]]const uint8_t* data, size_t size) 444514f5e3Sopenharmony_ci { 454514f5e3Sopenharmony_ci RuntimeOption option; 464514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 474514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 484514f5e3Sopenharmony_ci if (size <= 0) { 494514f5e3Sopenharmony_ci LOG_ECMA(ERROR) << "illegal input!"; 504514f5e3Sopenharmony_ci return; 514514f5e3Sopenharmony_ci } 524514f5e3Sopenharmony_ci constexpr int input = 2147483646; 534514f5e3Sopenharmony_ci Local<IntegerRef> intValue = IntegerRef::New(vm, input); 544514f5e3Sopenharmony_ci [[maybe_unused]]bool res = intValue->IsBigInt(vm); 554514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 564514f5e3Sopenharmony_ci } 574514f5e3Sopenharmony_ci 584514f5e3Sopenharmony_ci void JSValueRefIsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size) 594514f5e3Sopenharmony_ci { 604514f5e3Sopenharmony_ci RuntimeOption option; 614514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 624514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 634514f5e3Sopenharmony_ci if (size <= 0) { 644514f5e3Sopenharmony_ci LOG_ECMA(ERROR) << "illegal input!"; 654514f5e3Sopenharmony_ci return; 664514f5e3Sopenharmony_ci } 674514f5e3Sopenharmony_ci Local<JSValueRef> res = IntegerRef::New(vm, (int)size); 684514f5e3Sopenharmony_ci [[maybe_unused]]bool result = res->IsObject(vm); 694514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 704514f5e3Sopenharmony_ci } 714514f5e3Sopenharmony_ci 724514f5e3Sopenharmony_ci void IsArgumentsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size) 734514f5e3Sopenharmony_ci { 744514f5e3Sopenharmony_ci RuntimeOption option; 754514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 764514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 774514f5e3Sopenharmony_ci { 784514f5e3Sopenharmony_ci JsiFastNativeScope scope(vm); 794514f5e3Sopenharmony_ci if (size <= 0) { 804514f5e3Sopenharmony_ci LOG_ECMA(ERROR) << "illegal input!"; 814514f5e3Sopenharmony_ci return; 824514f5e3Sopenharmony_ci } 834514f5e3Sopenharmony_ci ObjectFactory *factory = vm->GetFactory(); 844514f5e3Sopenharmony_ci JSHandle<JSArguments> obj = factory->NewJSArguments(); 854514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(obj); 864514f5e3Sopenharmony_ci JSNApiHelper::ToLocal<ObjectRef>(argumentTag)->IsArgumentsObject(vm); 874514f5e3Sopenharmony_ci } 884514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 894514f5e3Sopenharmony_ci } 904514f5e3Sopenharmony_ci 914514f5e3Sopenharmony_ci void IsJSPrimitiveBooleanFuzzTest(const uint8_t* data, size_t size) 924514f5e3Sopenharmony_ci { 934514f5e3Sopenharmony_ci RuntimeOption option; 944514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 954514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 964514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 974514f5e3Sopenharmony_ci LOG_ECMA(ERROR) << "illegal input!"; 984514f5e3Sopenharmony_ci return; 994514f5e3Sopenharmony_ci } 1004514f5e3Sopenharmony_ci int length = size / sizeof(char16_t); 1014514f5e3Sopenharmony_ci Local<StringRef> obj = StringRef::NewFromUtf16(vm, (char16_t*)data, length); 1024514f5e3Sopenharmony_ci obj->IsJSPrimitiveBoolean(vm); 1034514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1044514f5e3Sopenharmony_ci } 1054514f5e3Sopenharmony_ci 1064514f5e3Sopenharmony_ci void IsGeneratorFunctionFuzzTest(const uint8_t* data, size_t size) 1074514f5e3Sopenharmony_ci { 1084514f5e3Sopenharmony_ci RuntimeOption option; 1094514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 1104514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 1114514f5e3Sopenharmony_ci if (data == nullptr || size <= 0) { 1124514f5e3Sopenharmony_ci LOG_ECMA(ERROR) << "illegal input!"; 1134514f5e3Sopenharmony_ci return; 1144514f5e3Sopenharmony_ci } 1154514f5e3Sopenharmony_ci int length = size / sizeof(char16_t); 1164514f5e3Sopenharmony_ci Local<StringRef> obj = StringRef::NewFromUtf16(vm, (char16_t*)data, length); 1174514f5e3Sopenharmony_ci obj->IsGeneratorFunction(vm); 1184514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1194514f5e3Sopenharmony_ci } 1204514f5e3Sopenharmony_ci 1214514f5e3Sopenharmony_ci void IsMapIteratorFuzzTest([[maybe_unused]]const uint8_t* data, size_t size) 1224514f5e3Sopenharmony_ci { 1234514f5e3Sopenharmony_ci JSRuntimeOptions option; 1244514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateEcmaVM(option); 1254514f5e3Sopenharmony_ci if (size <= 0) { 1264514f5e3Sopenharmony_ci LOG_ECMA(ERROR) << "illegal input!"; 1274514f5e3Sopenharmony_ci return; 1284514f5e3Sopenharmony_ci } 1294514f5e3Sopenharmony_ci Local<JSValueRef> object = IntegerRef::New(vm, (int)size); 1304514f5e3Sopenharmony_ci object->IsMapIterator(vm); 1314514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1324514f5e3Sopenharmony_ci } 1334514f5e3Sopenharmony_ci} 1344514f5e3Sopenharmony_ci 1354514f5e3Sopenharmony_ci// Fuzzer entry point. 1364514f5e3Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 1374514f5e3Sopenharmony_ci{ 1384514f5e3Sopenharmony_ci // Run your code on data. 1394514f5e3Sopenharmony_ci OHOS::JSValueRefIsSymbolFuzzTest(data, size); 1404514f5e3Sopenharmony_ci OHOS::JSValueRefIsBigIntFuzzTest(data, size); 1414514f5e3Sopenharmony_ci OHOS::JSValueRefIsObjectFuzzTest(data, size); 1424514f5e3Sopenharmony_ci OHOS::IsArgumentsObjectFuzzTest(data, size); 1434514f5e3Sopenharmony_ci OHOS::IsJSPrimitiveBooleanFuzzTest(data, size); 1444514f5e3Sopenharmony_ci OHOS::IsGeneratorFunctionFuzzTest(data, size); 1454514f5e3Sopenharmony_ci OHOS::IsMapIteratorFuzzTest(data, size); 1464514f5e3Sopenharmony_ci return 0; 1474514f5e3Sopenharmony_ci}