1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "windowcontroller_fuzzer.h"
17
18 #include <securec.h>
19 #include <parcel.h>
20
21 #include "window.h"
22 #include "window_controller.h"
23 #include "window_manager_service.h"
24 #include "window_transition_info.h"
25
26 using namespace OHOS::Rosen;
27
28 namespace OHOS {
29 namespace {
30 constexpr size_t DATA_MIN_SIZE = 2;
31 constexpr char END_CHAR = '\0';
32 constexpr size_t LEN = 10;
33 }
34
35 template<class T>
GetObject(T & object,const uint8_t * data,size_t size)36 size_t GetObject(T &object, const uint8_t *data, size_t size)
37 {
38 size_t objectSize = sizeof(object);
39 if (objectSize > size) {
40 return 0;
41 }
42 return memcpy_s(&object, objectSize, data, objectSize) == EOK ? objectSize : 0;
43 }
44
MakeWindowTransitionInfo(const uint8_t * data,size_t size)45 sptr<WindowTransitionInfo> MakeWindowTransitionInfo(const uint8_t* data, size_t size)
46 {
47 sptr<WindowTransitionInfo> info = new (std::nothrow)WindowTransitionInfo;
48 if (info == nullptr) {
49 return nullptr;
50 }
51 size_t startPos = 0;
52 char name1[LEN + 1];
53 char name2[LEN + 1];
54 name1[LEN] = END_CHAR;
55 name2[LEN] = END_CHAR;
56 for (size_t i = 0; i < LEN; i++) {
57 startPos += GetObject<char>(name1[i], data + startPos, size - startPos);
58 startPos += GetObject<char>(name2[i], data + startPos, size - startPos);
59 }
60 std::string bundleName(name1);
61 std::string abilityName(name2);
62 info->SetBundleName(bundleName);
63 info->SetAbilityName(abilityName);
64
65 OHOS::Rosen::WindowMode mode;
66 startPos += GetObject<WindowMode>(mode, data + startPos, size - startPos);
67 info->SetWindowMode(mode);
68
69 OHOS::Rosen::Rect rect;
70 startPos += GetObject<OHOS::Rosen::Rect>(rect, data + startPos, size - startPos);
71 info->SetWindowRect(rect);
72
73 OHOS::Rosen::DisplayId displayId;
74 startPos += GetObject<OHOS::Rosen::DisplayId>(displayId, data + startPos, size - startPos);
75 info->SetDisplayId(displayId);
76
77 OHOS::Rosen::WindowType windowType;
78 startPos += GetObject<WindowType>(windowType, data + startPos, size - startPos);
79 info->SetWindowType(windowType);
80
81 bool boolVal;
82 startPos += GetObject<bool>(boolVal, data + startPos, size - startPos);
83 info->SetShowFlagWhenLocked(boolVal);
84 startPos += GetObject<bool>(boolVal, data + startPos, size - startPos);
85 info->SetIsRecent(boolVal);
86
87 OHOS::Rosen::TransitionReason reson;
88 startPos += GetObject<OHOS::Rosen::TransitionReason>(reson, data + startPos, size - startPos);
89 info->SetTransitionReason(reson);
90
91 startPos += GetObject<OHOS::Rosen::WindowSizeLimits>(info->sizeLimits_, data + startPos, size - startPos);
92
93 int32_t missionId;
94 GetObject<int32_t>(missionId, data + startPos, size - startPos);
95 info->SetMissionId(missionId);
96 return info;
97 }
98
WindowControllerFuzzTestPart1(sptr<WindowController> windowController,const uint8_t * data,size_t size)99 void WindowControllerFuzzTestPart1(sptr<WindowController> windowController,
100 const uint8_t* data, size_t size)
101 {
102 if (data == nullptr || size < DATA_MIN_SIZE) {
103 return;
104 }
105 size_t startPos = 0;
106 auto fromInfo = MakeWindowTransitionInfo(data, size);
107 auto toInfo = MakeWindowTransitionInfo(data, size);
108 windowController->NotifyWindowTransition(fromInfo, toInfo);
109
110 uint32_t windowId;
111 startPos += GetObject<uint32_t>(windowId, data + startPos, size - startPos);
112 windowController->RequestFocus(windowId);
113
114 AvoidAreaType avoidAreaType;
115 startPos += GetObject<AvoidAreaType>(avoidAreaType, data + startPos, size - startPos);
116 windowController->GetAvoidAreaByType(windowId, avoidAreaType);
117
118 uint32_t mainWindowId;
119 startPos += GetObject<uint32_t>(mainWindowId, data + startPos, size - startPos);
120 windowController->GetTopWindowId(mainWindowId, windowId);
121
122 Parcel percel;
123 if (percel.WriteBuffer(data, size)) {
124 sptr<MoveDragProperty> moveDragProperty = nullptr;
125 moveDragProperty = MoveDragProperty::Unmarshalling(percel);
126 windowController->NotifyServerReadyToMoveOrDrag(mainWindowId, moveDragProperty);
127 }
128
129 startPos += GetObject<uint32_t>(mainWindowId, data + startPos, size - startPos);
130 windowController->ProcessPointUp(mainWindowId);
131 windowController->ProcessPointDown(mainWindowId, true);
132
133 DisplayId displayId;
134 startPos += GetObject<DisplayId>(displayId, data + startPos, size - startPos);
135 windowController->MinimizeAllAppWindows(displayId);
136
137 windowController->ToggleShownStateForAllAppWindows();
138
139 WindowLayoutMode mode;
140 GetObject<WindowLayoutMode>(mode, data + startPos, size - startPos);
141 windowController->SetWindowLayoutMode(mode);
142 }
143
WindowControllerFuzzTestPart2(sptr<WindowController> windowController,const uint8_t * data,size_t size)144 void WindowControllerFuzzTestPart2(sptr<WindowController> windowController,
145 const uint8_t* data, size_t size)
146 {
147 if (data == nullptr || size < DATA_MIN_SIZE) {
148 return;
149 }
150 size_t startPos = 0;
151 uint32_t windowId;
152 startPos += GetObject<uint32_t>(windowId, data + startPos, size - startPos);
153 Parcel percel;
154 if (percel.WriteBuffer(data, size)) {
155 sptr<MoveDragProperty> moveDragProperty = MoveDragProperty::Unmarshalling(percel);
156 windowController->NotifyServerReadyToMoveOrDrag(windowId, moveDragProperty);
157
158 sptr<WindowProperty> property = WindowProperty::Unmarshalling(percel);
159 PropertyChangeAction action;
160 startPos += GetObject<PropertyChangeAction>(action, data + startPos, size - startPos);
161 windowController->UpdateProperty(property, action);
162 }
163
164 windowController->NotifySystemBarTints();
165
166 DisplayId displayId;
167 ModeChangeHotZones hotZones;
168 ModeChangeHotZonesConfig config;
169 startPos += GetObject<DisplayId>(displayId, data + startPos, size - startPos);
170 startPos += GetObject<ModeChangeHotZones>(hotZones, data + startPos, size - startPos);
171 startPos += GetObject<ModeChangeHotZonesConfig>(config, data + startPos, size - startPos);
172 windowController->GetModeChangeHotZones(displayId, hotZones, config);
173
174 windowController->OnScreenshot(displayId);
175
176 int32_t x;
177 int32_t y;
178 int32_t scale;
179 startPos += GetObject<int32_t>(x, data + startPos, size - startPos);
180 startPos += GetObject<int32_t>(y, data + startPos, size - startPos);
181 startPos += GetObject<int32_t>(scale, data + startPos, size - startPos);
182 windowController->SetAnchorAndScale(x, y, scale);
183
184 windowController->SetAnchorOffset(x, y);
185 windowController->OffWindowZoom();
186
187 GetObject<uint32_t>(windowId, data + startPos, size - startPos);
188 windowController->InterceptInputEventToServer(windowId);
189 windowController->RecoverInputEventToClient(windowId);
190 windowController->RecoverDefaultMouseStyle(windowId);
191 }
192
WindowControllerFuzzTestPart3(sptr<WindowController> windowController,const uint8_t * data,size_t size)193 void WindowControllerFuzzTestPart3(sptr<WindowController> windowController,
194 const uint8_t* data, size_t size)
195 {
196 if (data == nullptr || size < DATA_MIN_SIZE) {
197 return;
198 }
199 size_t startPos = 0;
200
201 uint32_t windowId;
202 startPos += GetObject<uint32_t>(windowId, data + startPos, size - startPos);
203 windowController->GenWindowId();
204 windowController->RecordBootAnimationEvent();
205
206 OHOS::Rosen::WindowType type;
207 startPos += GetObject<OHOS::Rosen::WindowType>(type, data + startPos, size - startPos);
208 windowController->SetWindowType(windowId, type);
209
210 uint32_t flags;
211 startPos += GetObject<uint32_t>(flags, data + startPos, size - startPos);
212 windowController->SetWindowFlags(windowId, flags);
213
214 OHOS::Rosen::SystemBarProperty property;
215 startPos += GetObject<OHOS::Rosen::SystemBarProperty>(property, data + startPos, size - startPos);
216 windowController->SetSystemBarProperty(windowId, type, property);
217
218 OHOS::Rosen::Rect rect;
219 OHOS::Rosen::WindowSizeChangeReason reason;
220 startPos += GetObject<OHOS::Rosen::Rect>(rect, data + startPos, size - startPos);
221 startPos += GetObject<OHOS::Rosen::WindowSizeChangeReason>(reason, data + startPos, size - startPos);
222 windowController->ResizeRect(windowId, rect, reason);
223 windowController->ResizeRectAndFlush(windowId, rect, reason);
224
225 OHOS::Rosen::WindowMode dstMode;
226 startPos += GetObject<OHOS::Rosen::WindowMode>(dstMode, data + startPos, size - startPos);
227 windowController->SetWindowMode(windowId, dstMode);
228 windowController->RestoreCallingWindowSizeIfNeed();
229
230 GetObject<uint32_t>(windowId, data + startPos, size - startPos);
231 windowController->UpdateTransform(windowId);
232 windowController->AsyncFlushInputInfo(windowId);
233 }
234
DoWindowControllerFuzzTest(const uint8_t * data,size_t size)235 bool DoWindowControllerFuzzTest(const uint8_t* data, size_t size)
236 {
237 if (data == nullptr || size < DATA_MIN_SIZE) {
238 return false;
239 }
240 auto windowController = WindowManagerService::GetInstance().windowController_;
241 if (windowController == nullptr) {
242 return false;
243 }
244 OHOS::WindowControllerFuzzTestPart1(windowController, data, size);
245 OHOS::WindowControllerFuzzTestPart2(windowController, data, size);
246 OHOS::WindowControllerFuzzTestPart3(windowController, data, size);
247
248 return true;
249 }
250 } // namespace.OHOS
251
252 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)253 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
254 {
255 /* Run your code on data */
256 OHOS::DoWindowControllerFuzzTest(data, size);
257 return 0;
258 }
259
260