1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bufferqueueproducer_fuzzer.h"
17 #include <iremote_proxy.h>
18 #include <iremote_object.h>
19 #include <securec.h>
20 #include "buffer_queue.h"
21 #include "buffer_queue_producer.h"
22 #include "data_generate.h"
23 #include "surface.h"
24 #include "surface_buffer.h"
25 #include "surface_buffer_impl.h"
26 #include "buffer_extra_data.h"
27 #include "buffer_extra_data_impl.h"
28 #include "sync_fence.h"
29
30 using namespace g_fuzzCommon;
31 namespace OHOS {
GetBufferExtraDataFromData()32 sptr<BufferExtraData> GetBufferExtraDataFromData()
33 {
34 // get data
35 std::string keyInt32 = GetStringFromData(STR_LEN);
36 int32_t valueInt32 = GetData<int32_t>();
37 std::string keyInt64 = GetStringFromData(STR_LEN);
38 int64_t valueInt64 = GetData<int64_t>();
39 std::string keyDouble = GetStringFromData(STR_LEN);
40 double valueDouble = GetData<double>();
41 std::string keyStr = GetStringFromData(STR_LEN);
42 std::string valueStr = GetStringFromData(STR_LEN);
43
44 // test
45 sptr<BufferExtraData> bedata = new BufferExtraDataImpl();
46 bedata->ExtraSet(keyInt32, valueInt32);
47 bedata->ExtraSet(keyInt64, valueInt64);
48 bedata->ExtraSet(keyDouble, valueDouble);
49 bedata->ExtraSet(keyStr, valueStr);
50
51 bedata->ExtraGet(keyInt32, valueInt32);
52 bedata->ExtraGet(keyInt64, valueInt64);
53 bedata->ExtraGet(keyDouble, valueDouble);
54 bedata->ExtraGet(keyStr, valueStr);
55 return bedata;
56 }
BufferQueueProducerFuzzTest(const sptr<BufferQueueProducer> &bqp)57 void BufferQueueProducerFuzzTest(const sptr<BufferQueueProducer> &bqp)
58 {
59 // get data
60 std::string name = GetStringFromData(STR_LEN);
61 uint32_t queueSize = GetData<uint32_t>();
62 uint64_t usage = GetData<uint64_t>();
63 GraphicTransformType transform = GetData<GraphicTransformType >();
64 uint32_t sequence = GetData<uint32_t>();
65 std::vector<GraphicHDRMetaData> metaData;
66 for (int i = 0; i < 10; i++) { // add 10 elements to the vector
67 GraphicHDRMetaData hDRMetaData = GetData<GraphicHDRMetaData>();
68 metaData.push_back(hDRMetaData);
69 }
70 GraphicHDRMetadataKey key = GetData<GraphicHDRMetadataKey>();
71 std::vector<uint8_t> metaDataSet;
72 for (int i = 0; i < 10; i++) { // add 10 elements to the vector
73 uint8_t metaDataElement = GetData<uint8_t>();
74 metaDataSet.push_back(metaDataElement);
75 }
76 std::string result = GetStringFromData(STR_LEN);
77 bool status = GetData<bool>();
78 uint32_t reserveInts = GetData<uint32_t>() % 0x100000; // no more than 0x100000
79 OHSurfaceSource sourceType = GetData<OHSurfaceSource>();
80 std::string appFrameworkType = GetStringFromData(STR_LEN);
81
82 // test
83 bqp->SetQueueSize(queueSize);
84 bqp->SetDefaultUsage(usage);
85 bqp->SetTransform(transform);
86 bqp->SetMetaData(sequence, metaData);
87 bqp->SetMetaDataSet(sequence, key, metaDataSet);
88 bqp->SetStatus(status);
89 GraphicExtDataHandle *handle = AllocExtDataHandle(reserveInts);
90 sptr<SurfaceTunnelHandle> tunnelHandle = new SurfaceTunnelHandle();
91 tunnelHandle->SetHandle(handle);
92 FreeExtDataHandle(handle);
93 bqp->SetSurfaceSourceType(sourceType);
94 bqp->GetSurfaceSourceType(sourceType);
95 bqp->SetSurfaceAppFrameworkType(appFrameworkType);
96 ScalingMode mode = GetData<ScalingMode>();
97 bqp->SetScalingMode(mode);
98 bool bufferHold = GetData<bool>();
99 bqp->SetBufferHold(bufferHold);
100 int64_t time = 0;
101 GraphicPresentTimestampType timestampType = GetData<GraphicPresentTimestampType>();
102 bqp->GetPresentTimestamp(sequence, timestampType, time);
103 }
104
BufferQueueProducerFuzzTest1(const sptr<BufferQueueProducer> &bqp)105 void BufferQueueProducerFuzzTest1(const sptr<BufferQueueProducer> &bqp)
106 {
107 bqp->GetNativeSurface();
108 bqp->GetStatus();
109 bool cleanAll = GetData<bool>();
110 bqp->CleanCache(cleanAll);
111 sptr<OHOS::SurfaceBuffer> buffer1 = SurfaceBuffer::Create();
112 sptr<OHOS::SurfaceBuffer> buffer = SurfaceBuffer::Create();
113 int32_t timeOut = 0;
114 bqp->AttachBuffer(buffer1, timeOut);
115 bqp->DetachBuffer(buffer1);
116 bqp->GetUniqueId();
117 float matrix[16] = {0};
118 bool isUseNewMatrix = GetData<bool>();
119 sptr<SyncFence> syncFence = new SyncFence(-1);
120 bqp->GetLastFlushedBuffer(buffer, syncFence, matrix, isUseNewMatrix);
121 bqp->AttachBufferToQueue(buffer);
122 bqp->DetachBufferFromQueue(buffer);
123 bqp->UnRegisterReleaseListener();
124 GraphicTransformType transformType = GetData<GraphicTransformType>();
125 bqp->SetTransform(transformType);
126 bqp->GetTransform(transformType);
127 bqp->SetTransformHint(transformType);
128 bqp->GetTransformHint(transformType);
129 uint64_t uniqueId = 0;
130 std::string name = "";
131 bqp->GetNameAndUniqueId(name, uniqueId);
132 float brightness = GetData<float>();
133 bqp->SetHdrWhitePointBrightness(brightness);
134 BufferQueueProducerFuzzTest(bqp);
135 uint32_t code = GetData<uint32_t>();
136 MessageParcel arguments;
137 MessageParcel reply;
138 MessageOption option;
139 bqp->OnRemoteRequest(code, arguments, reply, option);
140 for (auto iter : bqp->memberFuncMap_) {
141 iter.second(reinterpret_cast<BufferQueueProducer*>(bqp.GetRefPtr()), arguments, reply, option);
142 }
143 }
144
DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)145 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
146 {
147 if (data == nullptr) {
148 return false;
149 }
150
151 // initialize
152 g_data = data;
153 g_size = size;
154 g_pos = 0;
155 // get data
156 bool isShared = GetData<bool>();
157 uint32_t seqNum = GetData<uint32_t>();
158 BufferRequestConfig requestConfig = GetData<BufferRequestConfig>();
159 OHOS::Rect rect = GetData<OHOS::Rect>();
160 int64_t timestamp = GetData<int64_t>();
161 BufferFlushConfigWithDamages flushConfig = {.damages = { rect }, .timestamp = timestamp};
162 uint32_t sequence = GetData<uint32_t>();
163
164 // test
165 std::string name = GetStringFromData(STR_LEN);
166 sptr<BufferQueue> bq = new BufferQueue(name, isShared);
167 sptr<BufferQueueProducer> bqp = new BufferQueueProducer(bq);
168 sptr<OHOS::SurfaceBuffer> buffer = new SurfaceBufferImpl(seqNum);
169 sptr<BufferExtraData> bedata = GetBufferExtraDataFromData();
170 IBufferProducer::RequestBufferReturnValue retval;
171 retval.buffer = buffer;
172 OnReleaseFunc onBufferRelease = nullptr;
173 sptr<IProducerListener> listener = new BufferReleaseProducerListener(onBufferRelease);
174 bqp->RegisterReleaseListener(listener);
175 OnDeleteBufferFunc deleteBufferFunc;
176 bqp->RequestBuffer(requestConfig, bedata, retval);
177 bqp->GoBackground();
178 bqp->CancelBuffer(sequence, bedata);
179 sptr<SyncFence> syncFence = SyncFence::INVALID_FENCE;
180 bqp->FlushBuffer(sequence, bedata, syncFence, flushConfig);
181 std::vector<uint32_t> sequences;
182 std::vector<sptr<BufferExtraData>> bedataimpls;
183 std::vector<sptr<SyncFence>> fences;
184 std::vector<BufferFlushConfigWithDamages> flushConfigs;
185 for (size_t i = 0; i < sequences.size(); i++) {
186 flushConfigs.emplace_back(flushConfig);
187 fences.emplace_back(new SyncFence(-1));
188 }
189 bqp->FlushBuffers(sequences, bedataimpls, fences, flushConfigs);
190 BufferQueueProducerFuzzTest1(bqp);
191 return true;
192 }
193 }
194 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)195 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
196 {
197 /* Run your code on data */
198 OHOS::DoSomethingInterestingWithMyAPI(data, size);
199 return 0;
200 }