1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <fuzzer/FuzzedDataProvider.h>
17 #include "jsvaluereffoundationvalue_fuzzer.h"
18 #include "ecmascript/base/string_helper.h"
19 #include "ecmascript/ecma_string-inl.h"
20 #include "ecmascript/napi/include/jsnapi.h"
21
22 using namespace panda;
23 using namespace panda::ecmascript;
24
25 namespace OHOS {
FunCallback(JsiRuntimeCallInfo * info)26 Local<JSValueRef> FunCallback(JsiRuntimeCallInfo *info)
27 {
28 EscapeLocalScope scope(info->GetVM());
29 return scope.Escape(ArrayRef::New(info->GetVM(), info->GetArgsNumber()));
30 }
31
JSValueRefFoundationValueFuzzTest(const uint8_t * data,size_t size)32 void JSValueRefFoundationValueFuzzTest(const uint8_t *data, size_t size)
33 {
34 RuntimeOption option;
35 option.SetLogLevel(common::LOG_LEVEL::ERROR);
36 EcmaVM *vm = JSNApi::CreateJSVM(option);
37 if (data == nullptr || size <= 0) {
38 std::cout << "illegal input!";
39 return;
40 }
41
42 FuzzedDataProvider fdp(data, size);
43 int key = fdp.ConsumeIntegral<int>();
44 uint32_t inputUnit32 = fdp.ConsumeIntegral<uint32_t>();
45 bool inputBool = fdp.ConsumeBool();
46 std::string inputStr = fdp.ConsumeRandomLengthString(1024);
47 const int32_t bufferSize = fdp.ConsumeIntegralInRange<int32_t>(0, 1024);
48 const int32_t byteOffset = fdp.ConsumeIntegral<int32_t>();
49 const int32_t length = fdp.ConsumeIntegral<int32_t>();
50 NativePointerCallback deleter = nullptr;
51 FunctionCallback nativeFunc = FunCallback;
52 void *ptr = static_cast<void *>(const_cast<char *>(inputStr.data()));
53 double timeRef = fdp.ConsumeFloatingPoint<double>();
54
55 Local<IntegerRef> intValue = IntegerRef::New(vm, key);
56 Local<NumberRef> resUnit32 = NumberRef::New(vm, inputUnit32);
57 Local<BooleanRef> resBool = BooleanRef::New(vm, inputBool);
58 Local<StringRef> stringUtf8 = StringRef::NewFromUtf8(vm, inputStr.data());
59 Local<JSValueRef> tag = IntegerRef::New(vm, key);
60 Local<ArrayBufferRef> ref = ArrayBufferRef::New(vm, bufferSize);
61 Local<Uint32ArrayRef> typedArray = Uint32ArrayRef::New(vm, ref, byteOffset, length);
62 Local<FunctionRef> obj(FunctionRef::NewClassFunction(vm, nativeFunc, deleter, ptr));
63 Local<DateRef> dateRef = DateRef::New(vm, timeRef);
64 Local<JSValueRef> error = Exception::Error(vm, stringUtf8);
65 Local<JSValueRef> toTarget(stringUtf8);
66
67 intValue->IsNumber();
68 resUnit32->IsNumber();
69 resBool->IsNumber();
70 stringUtf8->IsNumber();
71 tag->IsNumber();
72 ref->IsNumber();
73 typedArray->IsNumber();
74 obj->IsNumber();
75 dateRef->IsNumber();
76 error->IsNumber();
77 toTarget->IsNumber();
78
79 intValue->IsString(vm);
80 resUnit32->IsString(vm);
81 resBool->IsString(vm);
82 stringUtf8->IsString(vm);
83 tag->IsString(vm);
84 ref->IsString(vm);
85 typedArray->IsString(vm);
86 obj->IsString(vm);
87 dateRef->IsString(vm);
88 error->IsString(vm);
89 toTarget->IsString(vm);
90
91 intValue->WithinInt32();
92 resUnit32->WithinInt32();
93 resBool->WithinInt32();
94 stringUtf8->WithinInt32();
95 tag->WithinInt32();
96 ref->WithinInt32();
97 typedArray->WithinInt32();
98 obj->WithinInt32();
99 dateRef->WithinInt32();
100 error->WithinInt32();
101 toTarget->WithinInt32();
102
103 intValue->IsFunction(vm);
104 resUnit32->IsFunction(vm);
105 resBool->IsFunction(vm);
106 stringUtf8->IsFunction(vm);
107 tag->IsFunction(vm);
108 ref->IsFunction(vm);
109 typedArray->IsFunction(vm);
110 obj->IsFunction(vm);
111 dateRef->IsFunction(vm);
112 error->IsFunction(vm);
113 toTarget->IsFunction(vm);
114
115 intValue->IsArrayBuffer(vm);
116 resUnit32->IsArrayBuffer(vm);
117 resBool->IsArrayBuffer(vm);
118 stringUtf8->IsArrayBuffer(vm);
119 tag->IsArrayBuffer(vm);
120 ref->IsArrayBuffer(vm);
121 typedArray->IsArrayBuffer(vm);
122 obj->IsArrayBuffer(vm);
123 dateRef->IsArrayBuffer(vm);
124 error->IsArrayBuffer(vm);
125 toTarget->IsArrayBuffer(vm);
126
127 intValue->IsTypedArray(vm);
128 resUnit32->IsTypedArray(vm);
129 resBool->IsTypedArray(vm);
130 stringUtf8->IsTypedArray(vm);
131 tag->IsTypedArray(vm);
132 ref->IsTypedArray(vm);
133 typedArray->IsTypedArray(vm);
134 obj->IsTypedArray(vm);
135 dateRef->IsTypedArray(vm);
136 error->IsTypedArray(vm);
137 toTarget->IsTypedArray(vm);
138
139 intValue->IsDate(vm);
140 resUnit32->IsDate(vm);
141 resBool->IsDate(vm);
142 stringUtf8->IsDate(vm);
143 tag->IsDate(vm);
144 ref->IsDate(vm);
145 typedArray->IsDate(vm);
146 obj->IsDate(vm);
147 dateRef->IsDate(vm);
148 error->IsDate(vm);
149 toTarget->IsDate(vm);
150
151 intValue->IsError(vm);
152 resUnit32->IsError(vm);
153 resBool->IsError(vm);
154 stringUtf8->IsError(vm);
155 tag->IsError(vm);
156 ref->IsError(vm);
157 typedArray->IsError(vm);
158 obj->IsError(vm);
159 dateRef->IsError(vm);
160 error->IsError(vm);
161 toTarget->IsError(vm);
162
163 intValue->ToString(vm);
164 resUnit32->ToString(vm);
165 resBool->ToString(vm);
166 stringUtf8->ToString(vm);
167 tag->ToString(vm);
168 ref->ToString(vm);
169 typedArray->ToString(vm);
170 obj->ToString(vm);
171 dateRef->ToString(vm);
172 error->ToString(vm);
173 toTarget->ToString(vm);
174
175 JSNApi::DestroyJSVM(vm);
176 }
177 }
178
179
180 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)181 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
182 {
183 // Run your code on data.
184 OHOS::JSValueRefFoundationValueFuzzTest(data, size);
185 return 0;
186 }
187