• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024-2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "bufferqueueproducer_fuzzer.h"
17 #include <iremote_proxy.h>
18 #include <iremote_object.h>
19 #include <securec.h>
20 #include "buffer_queue.h"
21 #include "buffer_queue_producer.h"
22 #include "data_generate.h"
23 #include "surface.h"
24 #include "surface_buffer.h"
25 #include "surface_buffer_impl.h"
26 #include "buffer_extra_data.h"
27 #include "buffer_extra_data_impl.h"
28 #include "sync_fence.h"
29 #include <buffer_producer_listener.h>
30 
31 using namespace g_fuzzCommon;
32 namespace OHOS {
GetBufferExtraDataFromData()33     sptr<BufferExtraData> GetBufferExtraDataFromData()
34     {
35         // get data
36         std::string keyInt32 = GetStringFromData(STR_LEN);
37         int32_t valueInt32 = GetData<int32_t>();
38         std::string keyInt64 = GetStringFromData(STR_LEN);
39         int64_t valueInt64 = GetData<int64_t>();
40         std::string keyDouble = GetStringFromData(STR_LEN);
41         double valueDouble = GetData<double>();
42         std::string keyStr = GetStringFromData(STR_LEN);
43         std::string valueStr = GetStringFromData(STR_LEN);
44 
45         // test
46         sptr<BufferExtraData> bedata = new BufferExtraDataImpl();
47         bedata->ExtraSet(keyInt32, valueInt32);
48         bedata->ExtraSet(keyInt64, valueInt64);
49         bedata->ExtraSet(keyDouble, valueDouble);
50         bedata->ExtraSet(keyStr, valueStr);
51 
52         bedata->ExtraGet(keyInt32, valueInt32);
53         bedata->ExtraGet(keyInt64, valueInt64);
54         bedata->ExtraGet(keyDouble, valueDouble);
55         bedata->ExtraGet(keyStr, valueStr);
56         return bedata;
57     }
BufferQueueProducerFuzzTest(const sptr<BufferQueueProducer> & bqp)58     void BufferQueueProducerFuzzTest(const sptr<BufferQueueProducer> &bqp)
59     {
60         // get data
61         std::string name = GetStringFromData(STR_LEN);
62         uint32_t queueSize = GetData<uint32_t>();
63         uint64_t usage = GetData<uint64_t>();
64         GraphicTransformType transform = GetData<GraphicTransformType >();
65         uint32_t sequence = GetData<uint32_t>();
66         std::vector<GraphicHDRMetaData> metaData;
67         for (int i = 0; i < 10; i++) { // add 10 elements to the vector
68             GraphicHDRMetaData hDRMetaData = GetData<GraphicHDRMetaData>();
69             metaData.push_back(hDRMetaData);
70         }
71         GraphicHDRMetadataKey key = GetData<GraphicHDRMetadataKey>();
72         std::vector<uint8_t> metaDataSet;
73         for (int i = 0; i < 10; i++) { // add 10 elements to the vector
74             uint8_t metaDataElement = GetData<uint8_t>();
75             metaDataSet.push_back(metaDataElement);
76         }
77         std::string result = GetStringFromData(STR_LEN);
78         bool status = GetData<bool>();
79         uint32_t reserveInts = GetData<uint32_t>() % 0x100000; // no more than 0x100000
80         OHSurfaceSource sourceType = GetData<OHSurfaceSource>();
81         std::string appFrameworkType = GetStringFromData(STR_LEN);
82 
83         // test
84         bqp->SetQueueSize(queueSize);
85         bqp->SetDefaultUsage(usage);
86         bqp->SetTransform(transform);
87         bqp->SetMetaData(sequence, metaData);
88         bqp->SetMetaDataSet(sequence, key, metaDataSet);
89         bqp->SetStatus(status);
90         GraphicExtDataHandle *handle = AllocExtDataHandle(reserveInts);
91         sptr<SurfaceTunnelHandle> tunnelHandle = new SurfaceTunnelHandle();
92         tunnelHandle->SetHandle(handle);
93         FreeExtDataHandle(handle);
94         bqp->SetSurfaceSourceType(sourceType);
95         bqp->GetSurfaceSourceType(sourceType);
96         bqp->SetSurfaceAppFrameworkType(appFrameworkType);
97         ScalingMode mode = GetData<ScalingMode>();
98         bqp->SetScalingMode(mode);
99         bool bufferHold = GetData<bool>();
100         bqp->SetBufferHold(bufferHold);
101         bool noBlock = GetData<bool>();
102         bqp->SetRequestBufferNoblockMode(noBlock);
103         int64_t time = 0;
104         GraphicPresentTimestampType timestampType = GetData<GraphicPresentTimestampType>();
105         bqp->GetPresentTimestamp(sequence, timestampType, time);
106     }
107 
BufferQueueProducerFuzzTest1(const sptr<BufferQueueProducer> & bqp)108     void BufferQueueProducerFuzzTest1(const sptr<BufferQueueProducer> &bqp)
109     {
110         bqp->GetNativeSurface();
111         bqp->GetStatus();
112         bool cleanAll = GetData<bool>();
113         bqp->CleanCache(cleanAll, nullptr);
114         sptr<OHOS::SurfaceBuffer> buffer1 = SurfaceBuffer::Create();
115         sptr<OHOS::SurfaceBuffer> buffer = SurfaceBuffer::Create();
116         int32_t timeOut = 0;
117         bqp->AttachBuffer(buffer1, timeOut);
118         bqp->DetachBuffer(buffer1);
119         bqp->GetUniqueId();
120         float matrix[16] = {0};
121         bool isUseNewMatrix = GetData<bool>();
122         sptr<SyncFence> syncFence = new SyncFence(-1);
123         bqp->GetLastFlushedBuffer(buffer, syncFence, matrix, isUseNewMatrix);
124         bqp->AttachBufferToQueue(buffer);
125         bqp->DetachBufferFromQueue(buffer);
126         bqp->UnRegisterReleaseListener();
127         GraphicTransformType transformType = GetData<GraphicTransformType>();
128         bqp->SetTransform(transformType);
129         bqp->GetTransform(transformType);
130         uint64_t fromId = GetData<uint64_t>();
131         bqp->SetTransformHint(transformType, fromId);
132         bqp->GetTransformHint(transformType);
133         uint64_t uniqueId = 0;
134         std::string name = "";
135         bqp->GetNameAndUniqueId(name, uniqueId);
136         float brightness = GetData<float>();
137         bqp->SetHdrWhitePointBrightness(brightness);
138         BufferQueueProducerFuzzTest(bqp);
139         uint32_t code = GetData<uint32_t>();
140         MessageParcel arguments;
141         MessageParcel reply;
142         MessageOption option;
143         bqp->OnRemoteRequest(code, arguments, reply, option);
144         for (auto iter : bqp->memberFuncMap_) {
145             iter.second(reinterpret_cast<BufferQueueProducer*>(bqp.GetRefPtr()), arguments, reply, option);
146         }
147     }
148 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)149     bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
150     {
151         if (data == nullptr) {
152             return false;
153         }
154 
155         // initialize
156         g_data = data;
157         g_size = size;
158         g_pos = 0;
159         // get data
160         uint32_t seqNum = GetData<uint32_t>();
161         BufferRequestConfig requestConfig = GetData<BufferRequestConfig>();
162         OHOS::Rect rect = GetData<OHOS::Rect>();
163         int64_t timestamp = GetData<int64_t>();
164         BufferFlushConfigWithDamages flushConfig = {.damages =  { rect }, .timestamp = timestamp};
165         uint32_t sequence = GetData<uint32_t>();
166 
167         // test
168         std::string name = GetStringFromData(STR_LEN);
169         sptr<BufferQueue> bq = new BufferQueue(name);
170         sptr<BufferQueueProducer> bqp = new BufferQueueProducer(bq);
171         sptr<OHOS::SurfaceBuffer> buffer = new SurfaceBufferImpl(seqNum);
172         sptr<BufferExtraData> bedata = GetBufferExtraDataFromData();
173         IBufferProducer::RequestBufferReturnValue retval;
174         retval.buffer = buffer;
175         OnReleaseFunc onBufferRelease = nullptr;
176         sptr<IProducerListener> listener = new BufferReleaseProducerListener(onBufferRelease);
177         bqp->RegisterReleaseListener(listener);
178         OnDeleteBufferFunc deleteBufferFunc;
179         bqp->RequestBuffer(requestConfig, bedata, retval);
180         bqp->GoBackground();
181         bqp->CancelBuffer(sequence, bedata);
182         sptr<SyncFence> syncFence = SyncFence::INVALID_FENCE;
183         bqp->FlushBuffer(sequence, bedata, syncFence, flushConfig);
184         std::vector<uint32_t> sequences;
185         std::vector<sptr<BufferExtraData>> bedataimpls;
186         std::vector<sptr<SyncFence>> fences;
187         std::vector<BufferFlushConfigWithDamages> flushConfigs;
188         for (size_t i = 0; i < sequences.size(); i++) {
189             flushConfigs.emplace_back(flushConfig);
190             fences.emplace_back(new SyncFence(-1));
191         }
192         bqp->FlushBuffers(sequences, bedataimpls, fences, flushConfigs);
193         BufferQueueProducerFuzzTest1(bqp);
194         listener = nullptr;
195         buffer = nullptr;
196         bqp = nullptr;
197         bq = nullptr;
198         return true;
199     }
200 }
201 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)202 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
203 {
204     /* Run your code on data */
205     OHOS::DoSomethingInterestingWithMyAPI(data, size);
206     return 0;
207 }