• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "containerslistconstructor_fuzzer.h"
17 
18 #include "ecmascript/containers/containers_list.h"
19 #include "ecmascript/containers/containers_private.h"
20 #include "ecmascript/ecma_string-inl.h"
21 #include "ecmascript/ecma_vm.h"
22 #include "ecmascript/global_env.h"
23 #include "ecmascript/js_handle.h"
24 #include "ecmascript/napi/include/jsnapi.h"
25 
26 using namespace panda;
27 using namespace panda::test;
28 using namespace panda::ecmascript;
29 using namespace panda::ecmascript::containers;
30 
31 namespace OHOS {
JSObjectCreate(JSThread * thread)32     JSFunction *JSObjectCreate(JSThread *thread)
33     {
34         EcmaVM *ecmaVM = thread->GetEcmaVM();
35         JSHandle<GlobalEnv> globalEnv = ecmaVM->GetGlobalEnv();
36         return globalEnv->GetObjectFunction().GetObject<JSFunction>();
37     }
38 
CreateEcmaRuntimeCallInfo(JSThread * thread,uint32_t numArgs)39     EcmaRuntimeCallInfo *CreateEcmaRuntimeCallInfo(JSThread *thread, uint32_t numArgs)
40     {
41         auto factory = thread->GetEcmaVM()->GetFactory();
42         JSHandle<JSTaggedValue> hclass(thread, JSObjectCreate(thread));
43         JSHandle<JSTaggedValue> callee(factory->NewJSObjectByConstructor(JSHandle<JSFunction>::Cast(hclass), hclass));
44         JSHandle<JSTaggedValue> undefined = thread->GlobalConstants()->GetHandledUndefined();
45         EcmaRuntimeCallInfo *objCallInfo =
46             EcmaInterpreter::NewRuntimeCallInfo(thread, undefined, callee, undefined, numArgs);
47         return objCallInfo;
48     }
49 
InitializeContainersList(JSThread * thread)50     JSTaggedValue InitializeContainersList(JSThread *thread)
51     {
52         auto factory = thread->GetEcmaVM()->GetFactory();
53         JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
54         JSHandle<JSTaggedValue> globalObject = env->GetJSGlobalObject();
55         JSHandle<JSTaggedValue> key(factory->NewFromASCII("ArkPrivate"));
56         JSHandle<JSTaggedValue> value =
57             JSObject::GetProperty(thread, JSHandle<JSTaggedValue>(globalObject), key).GetValue();
58 
59         auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length
60         objCallInfo->SetFunction(JSTaggedValue::Undefined());
61         objCallInfo->SetThis(value.GetTaggedValue());
62         objCallInfo->SetCallArg(0, JSTaggedValue(static_cast<int>(ContainerTag::List))); // 0 means the argument
63         JSTaggedValue result = ContainersPrivate::Load(objCallInfo);
64 
65         return result;
66     }
67 
CreateJSAPIList(JSThread * thread)68     JSHandle<JSAPIList> CreateJSAPIList(JSThread *thread)
69     {
70         JSHandle<JSFunction> newTarget(thread, InitializeContainersList(thread));
71         auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 4); // 4 : means the argv length
72         objCallInfo->SetFunction(newTarget.GetTaggedValue());
73         objCallInfo->SetNewTarget(newTarget.GetTaggedValue());
74         objCallInfo->SetThis(JSTaggedValue::Undefined());
75         JSTaggedValue result = ContainersList::ListConstructor(objCallInfo);
76         JSHandle<JSAPIList> map(thread, result);
77         return map;
78     }
79 
ContainerslistConStructorFuzzTest(const uint8_t * data,size_t size)80     void ContainerslistConStructorFuzzTest(const uint8_t* data, size_t size)
81     {
82         RuntimeOption option;
83         option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
84         EcmaVM *vm = JSNApi::CreateJSVM(option);
85         {
86             JsiFastNativeScope scope(vm);
87             auto thread = vm->GetAssociatedJSThread();
88 
89             if (size <= 0) {
90                 return;
91             }
92             double input = 0;
93             const double maxByteLen = 8;
94             if (size > maxByteLen) {
95                 size = maxByteLen;
96             }
97             if (memcpy_s(&input, maxByteLen, data, size) != 0) {
98                 std::cout << "memcpy_s failed!";
99                 UNREACHABLE();
100             }
101             JSHandle<JSAPIList> lightWeightSet = CreateJSAPIList(thread);
102             EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length
103             callInfo->SetFunction(JSTaggedValue::Undefined());
104             callInfo->SetThis(lightWeightSet.GetTaggedValue());
105             callInfo->SetCallArg(0, JSTaggedValue(input));
106             ContainersList::ListConstructor(callInfo);
107         }
108         JSNApi::DestroyJSVM(vm);
109     }
110 }
111 
112 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)113 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
114 {
115     // Run your code on data.
116     OHOS::ContainerslistConStructorFuzzTest(data, size);
117     return 0;
118 }