1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "surfacebuffer_fuzzer.h"
17 
18 #include <securec.h>
19 
20 #include "surface_buffer.h"
21 #include "surface_buffer_impl.h"
22 #include "buffer_extra_data.h"
23 #include "buffer_extra_data_impl.h"
24 #include <message_parcel.h>
25 #include <iostream>
26 
27 namespace OHOS {
28     namespace {
29         const uint8_t* g_data = nullptr;
30         size_t g_size = 0;
31         size_t g_pos;
32         constexpr size_t STR_LEN = 10;
33         constexpr int32_t MAX_SIZE = 1024;
34     }
35 
36     /*
37     * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
38     * tips: only support basic type
39     */
40     template<class T>
GetData()41     T GetData()
42     {
43         T object {};
44         size_t objectSize = sizeof(object);
45         if (g_data == nullptr || objectSize > g_size - g_pos) {
46             return object;
47         }
48         errno_t ret = memcpy_s(&object, objectSize, g_data + g_pos, objectSize);
49         if (ret != EOK) {
50             return {};
51         }
52         g_pos += objectSize;
53         return object;
54     }
55 
56     /*
57     * get a string from g_data
58     */
GetStringFromData(int strlen)59     std::string GetStringFromData(int strlen)
60     {
61         char cstr[strlen];
62         cstr[strlen - 1] = '\0';
63         for (int i = 0; i < strlen - 1; i++) {
64             char tmp = GetData<char>();
65             if (tmp == '\0') {
66                 tmp = '1';
67             }
68             cstr[i] = tmp;
69         }
70         std::string str(cstr);
71         return str;
72     }
73 
DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)74     bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
75     {
76         if (data == nullptr) {
77             return false;
78         }
79 
80         // initialize
81         g_data = data;
82         g_size = size;
83         g_pos = 0;
84 
85         // get data
86         uint32_t seqNum = GetData<uint32_t>();
87         GraphicColorGamut colorGamut = GetData<GraphicColorGamut>();
88         GraphicTransformType transform = GetData<GraphicTransformType>();
89         int32_t width = GetData<int32_t>();
90         int32_t height = GetData<int32_t>();
91         width = width > MAX_SIZE ? MAX_SIZE : width;
92         width = width < 0 ? 0 : width;
93         height = height > MAX_SIZE ? MAX_SIZE : height;
94         height = height < 0 ? 0 : height;
95         BufferRequestConfig config = GetData<BufferRequestConfig>();
96         std::string keyInt32 = GetStringFromData(STR_LEN);
97         int32_t valueInt32 = GetData<int32_t>();
98         std::string keyInt64 = GetStringFromData(STR_LEN);
99         int64_t valueInt64 = GetData<int64_t>();
100         std::string keyDouble = GetStringFromData(STR_LEN);
101         double valueDouble = GetData<double>();
102         std::string keyStr = GetStringFromData(STR_LEN);
103         std::string valueStr = GetStringFromData(STR_LEN);
104 
105         // test
106         sptr<SurfaceBuffer> surfaceBuffer = new SurfaceBufferImpl(seqNum);
107         surfaceBuffer->SetSurfaceBufferColorGamut(colorGamut);
108         surfaceBuffer->SetSurfaceBufferTransform(transform);
109         surfaceBuffer->SetSurfaceBufferWidth(width);
110         surfaceBuffer->SetSurfaceBufferHeight(height);
111         surfaceBuffer->Alloc(config);
112         sptr<BufferExtraData> bedata = new BufferExtraDataImpl();
113         bedata->ExtraSet(keyInt32, valueInt32);
114         bedata->ExtraSet(keyInt64, valueInt64);
115         bedata->ExtraSet(keyDouble, valueDouble);
116         bedata->ExtraSet(keyStr, valueStr);
117         surfaceBuffer->SetExtraData(bedata);
118         MessageParcel parcel;
119         surfaceBuffer->WriteToMessageParcel(parcel);
120         surfaceBuffer->ReadFromMessageParcel(parcel);
121 
122         return true;
123     }
124 }
125 
126 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)127 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
128 {
129     /* Run your code on data */
130     OHOS::DoSomethingInterestingWithMyAPI(data, size);
131     return 0;
132 }
133 
134