1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "simulateinputevent_fuzzer.h"
17
18 #include "securec.h"
19
20 #include "define_multimodal.h"
21 #include "input_manager.h"
22 #include "mmi_log.h"
23
24 namespace OHOS {
25 namespace MMI {
26 namespace {
27 constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { LOG_CORE, MMI_LOG_DOMAIN, "SimulateInputEventFuzzTest" };
28 } // namespace
29
30 template<class T>
GetObject(T & object,const uint8_t * data,size_t size)31 size_t GetObject(T &object, const uint8_t *data, size_t size)
32 {
33 size_t objectNum = sizeof(object);
34 if (objectNum > size) {
35 return 0;
36 }
37 errno_t ret = memcpy_s(&object, objectNum, data, objectNum);
38 if (ret != EOK) {
39 return 0;
40 }
41 return objectNum;
42 }
43
SimulateInjectEvent(const uint8_t * data,const size_t size,size_t & startPos)44 bool SimulateInjectEvent(const uint8_t* data, const size_t size, size_t &startPos)
45 {
46 auto injectDownEvent = KeyEvent::Create();
47 CHKPF(injectDownEvent);
48 int32_t keyCode;
49 CHECKSIZE(startPos, size);
50 startPos += GetObject<int32_t>(keyCode, data + startPos, size - startPos);
51 injectDownEvent->SetKeyCode(keyCode);
52 injectDownEvent->SetKeyAction(KeyEvent::KEY_ACTION_DOWN);
53 int64_t downTime;
54 CHECKSIZE(startPos, size);
55 startPos += GetObject<int64_t>(downTime, data + startPos, size - startPos);
56 KeyEvent::KeyItem kitDown;
57 kitDown.SetDownTime(downTime);
58 int32_t keyCodePressed;
59 CHECKSIZE(startPos, size);
60 startPos += GetObject<int32_t>(keyCodePressed, data + startPos, size - startPos);
61 kitDown.SetKeyCode(keyCodePressed);
62 kitDown.SetPressed(true);
63 injectDownEvent->AddPressedKeyItems(kitDown);
64 InputManager::GetInstance()->SimulateInputEvent(injectDownEvent);
65
66 auto injectUpEvent = KeyEvent::Create();
67 CHKPF(injectUpEvent);
68 CHECKSIZE(startPos, size);
69 startPos += GetObject<int64_t>(downTime, data + startPos, size - startPos);
70 KeyEvent::KeyItem kitUp;
71 kitUp.SetDownTime(downTime);
72 kitUp.SetKeyCode(keyCodePressed);
73 kitUp.SetPressed(false);
74 injectUpEvent->SetKeyCode(keyCode);
75 injectUpEvent->SetKeyAction(KeyEvent::KEY_ACTION_UP);
76 injectUpEvent->RemoveReleasedKeyItems(kitUp);
77 InputManager::GetInstance()->SimulateInputEvent(injectUpEvent);
78 return true;
79 }
80
SimulatePointerEvent(const uint8_t * data,const size_t size,size_t & startPos)81 bool SimulatePointerEvent(const uint8_t* data, const size_t size, size_t &startPos)
82 {
83 auto pointerDownEvent = PointerEvent::Create();
84 CHKPF(pointerDownEvent);
85 PointerEvent::PointerItem downitem;
86 downitem.SetPointerId(0);
87 int32_t physicalX;
88 CHECKSIZE(startPos, size);
89 startPos += GetObject<int32_t>(physicalX, data + startPos, size - startPos);
90 downitem.SetDisplayX(physicalX);
91 int32_t physicalY;
92 CHECKSIZE(startPos, size);
93 startPos += GetObject<int32_t>(physicalY, data + startPos, size - startPos);
94 downitem.SetDisplayY(physicalY);
95 int32_t pressure;
96 CHECKSIZE(startPos, size);
97 startPos += GetObject<int32_t>(pressure, data + startPos, size - startPos);
98 downitem.SetPressure(pressure);
99 downitem.SetDeviceId(1);
100 pointerDownEvent->AddPointerItem(downitem);
101 pointerDownEvent->SetId(std::numeric_limits<int32_t>::max());
102 pointerDownEvent->SetPointerAction(PointerEvent::POINTER_ACTION_DOWN);
103 pointerDownEvent->SetPointerId(0);
104 pointerDownEvent->SetSourceType(PointerEvent::SOURCE_TYPE_TOUCHSCREEN);
105 MMI_HILOGD("Call InputManager::SimulatePointerEvent");
106 InputManager::GetInstance()->SimulateInputEvent(pointerDownEvent);
107
108 auto pointerUpEvent = PointerEvent::Create();
109 CHKPF(pointerUpEvent);
110 PointerEvent::PointerItem upitem;
111 upitem.SetPointerId(0);
112 upitem.SetDisplayX(physicalX);
113 upitem.SetDisplayY(physicalY);
114 upitem.SetPressure(pressure);
115 upitem.SetDeviceId(1);
116 pointerUpEvent->AddPointerItem(upitem);
117 pointerUpEvent->SetId(std::numeric_limits<int32_t>::max());
118 pointerUpEvent->SetPointerAction(PointerEvent::POINTER_ACTION_UP);
119 pointerUpEvent->SetPointerId(0);
120 pointerUpEvent->SetSourceType(PointerEvent::SOURCE_TYPE_TOUCHSCREEN);
121 MMI_HILOGD("Call InputManager::SimulatePointerEvent");
122 InputManager::GetInstance()->SimulateInputEvent(pointerUpEvent);
123 return true;
124 }
125
SimulateInputEventFuzzTest(const uint8_t * data,const size_t size)126 bool SimulateInputEventFuzzTest(const uint8_t* data, const size_t size)
127 {
128 size_t startPos = 0;
129 if (SimulateInjectEvent(data, size, startPos) && SimulatePointerEvent(data, size, startPos)) {
130 return true;
131 }
132 return false;
133 }
134 } // MMI
135 } // OHOS
136
137 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)138 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
139 {
140 /* Run your code on data */
141 OHOS::MMI::SimulateInputEventFuzzTest(data, size);
142 return 0;
143 }