1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "audio_capturer_session_fuzzer.h"
17 #include "camera_log.h"
18 #include "camera_dynamic_loader.h"
19 #include "capture_scene_const.h"
20 #include "ipc_skeleton.h"
21
22 namespace OHOS {
23 namespace CameraStandard {
24 using namespace DeferredProcessing;
25
26 static constexpr int32_t MAX_CODE_LEN = 512;
27 static constexpr int32_t MIN_SIZE_NUM = 4;
28 static const uint8_t* RAW_DATA = nullptr;
29 const size_t THRESHOLD = 10;
30 static size_t g_dataSize = 0;
31 static size_t g_pos;
32
33 /*
34 * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
35 * tips: only support basic type
36 */
37 template<class T>
GetData()38 T GetData()
39 {
40 T object {};
41 size_t objectSize = sizeof(object);
42 if (RAW_DATA == nullptr || objectSize > g_dataSize - g_pos) {
43 return object;
44 }
45 errno_t ret = memcpy_s(&object, objectSize, RAW_DATA + g_pos, objectSize);
46 if (ret != EOK) {
47 return {};
48 }
49 g_pos += objectSize;
50 return object;
51 }
52
53 template<class T>
GetArrLength(T & arr)54 uint32_t GetArrLength(T& arr)
55 {
56 if (arr == nullptr) {
57 MEDIA_INFO_LOG("%{public}s: The array length is equal to 0", __func__);
58 return 0;
59 }
60 return sizeof(arr) / sizeof(arr[0]);
61 }
62
AudioCapturerSessionFuzzerTest()63 void AudioCapturerSessionFuzzer::AudioCapturerSessionFuzzerTest()
64 {
65 if ((RAW_DATA == nullptr) || (g_dataSize > MAX_CODE_LEN) || (g_dataSize < MIN_SIZE_NUM)) {
66 return;
67 }
68 audioCapturerSession_ = std::make_shared<AudioCapturerSession>();
69 CHECK_RETURN_ELOG(!audioCapturerSession_, "Create audioCapturerSession_ Error");
70 audioCapturerSession_->ProcessAudioBuffer();
71
72 int64_t startTime = GetData<int64_t>();
73 int64_t endTime = GetData<int64_t>();
74 std::vector<sptr<AudioRecord>> audioRecords{};
75 audioCapturerSession_->GetAudioRecords(startTime, endTime, audioRecords);
76 audioCapturerSession_->getMicNum();
77 audioCapturerSession_->Release();
78 audioCapturerSession_->Stop();
79 audioCapturerSession_->StartAudioCapture();
80 }
81
Test()82 void Test()
83 {
84 auto audioCapturerSessionFuzzer = std::make_shared<AudioCapturerSessionFuzzer>();
85 if (audioCapturerSessionFuzzer == nullptr) {
86 MEDIA_INFO_LOG("audioCapturerSessionFuzzer is null");
87 return;
88 }
89 audioCapturerSessionFuzzer->AudioCapturerSessionFuzzerTest();
90 }
91
92 typedef void (*TestFuncs[1])();
93
94 TestFuncs g_testFuncs = {
95 Test,
96 };
97
FuzzTest(const uint8_t * rawData,size_t size)98 bool FuzzTest(const uint8_t* rawData, size_t size)
99 {
100 // initialize data
101 RAW_DATA = rawData;
102 g_dataSize = size;
103 g_pos = 0;
104
105 uint32_t code = GetData<uint32_t>();
106 uint32_t len = GetArrLength(g_testFuncs);
107 if (len > 0) {
108 g_testFuncs[code % len]();
109 } else {
110 MEDIA_INFO_LOG("%{public}s: The len length is equal to 0", __func__);
111 }
112
113 return true;
114 }
115 } // namespace CameraStandard
116 } // namespace OHOS
117
118 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)119 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size)
120 {
121 if (size < OHOS::CameraStandard::THRESHOLD) {
122 return 0;
123 }
124
125 OHOS::CameraStandard::FuzzTest(data, size);
126 return 0;
127 }