1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <fuzzer/FuzzedDataProvider.h>
17 #include "jsvaluerefiscorrect_fuzzer.h"
18 #include "common_components/base/utf_helper.h"
19 #include "ecmascript/ecma_string-inl.h"
20 #include "ecmascript/napi/include/jsnapi.h"
21
22 using namespace panda;
23 using namespace panda::ecmascript;
24
25 namespace OHOS {
JSValueRefIsFalseFuzzTest(const uint8_t * data,size_t size)26 void JSValueRefIsFalseFuzzTest(const uint8_t *data, size_t size)
27 {
28 FuzzedDataProvider fdp(data, size);
29 RuntimeOption option;
30 option.SetLogLevel(common::LOG_LEVEL::ERROR);
31 EcmaVM *vm = JSNApi::CreateJSVM(option);
32 bool input = fdp.ConsumeBool();
33 Local<BooleanRef> ref = BooleanRef::New(vm, input);
34 ref->IsFalse();
35 JSNApi::DestroyJSVM(vm);
36 return;
37 }
38
JSValueRefIsTrueFuzzTest(const uint8_t * data,size_t size)39 void JSValueRefIsTrueFuzzTest(const uint8_t *data, size_t size)
40 {
41 RuntimeOption option;
42 option.SetLogLevel(common::LOG_LEVEL::ERROR);
43 EcmaVM *vm = JSNApi::CreateJSVM(option);
44 if (data == nullptr || size <= 0) {
45 LOG_ECMA(ERROR) << "illegal input!";
46 return;
47 }
48 int value;
49 size = size > sizeof(int) ? sizeof(int) : size;
50 if (memcpy_s(&value, sizeof(int), data, size) != EOK) {
51 LOG_ECMA(ERROR) << "memcpy_s failed !";
52 UNREACHABLE();
53 }
54 Local<JSValueRef> object = IntegerRef::New(vm, value);
55 object->IsTrue();
56 JSNApi::DestroyJSVM(vm);
57 return;
58 }
59
JSValueRefIsHoleFuzzTest(const uint8_t * data,size_t size)60 void JSValueRefIsHoleFuzzTest(const uint8_t *data, size_t size)
61 {
62 RuntimeOption option;
63 option.SetLogLevel(common::LOG_LEVEL::ERROR);
64 EcmaVM *vm = JSNApi::CreateJSVM(option);
65 if (data == nullptr || size <= 0) {
66 LOG_ECMA(ERROR) << "illegal input!";
67 return;
68 }
69 int value;
70 size = size > sizeof(int) ? sizeof(int) : size;
71 if (memcpy_s(&value, sizeof(int), data, size) != EOK) {
72 LOG_ECMA(ERROR) << "memcpy_s failed!";
73 UNREACHABLE();
74 }
75 Local<JSValueRef> object = IntegerRef::New(vm, value);
76 object->IsHole();
77 JSNApi::DestroyJSVM(vm);
78 return;
79 }
80
JSValueRefIsUndefinedFuzzTest(const uint8_t * data,size_t size)81 void JSValueRefIsUndefinedFuzzTest(const uint8_t *data, size_t size)
82 {
83 RuntimeOption option;
84 option.SetLogLevel(common::LOG_LEVEL::ERROR);
85 EcmaVM *vm = JSNApi::CreateJSVM(option);
86 if (data == nullptr || size <= 0) {
87 LOG_ECMA(ERROR) << "illegal input!";
88 return;
89 }
90 Local<JSValueRef> tag = StringRef::NewFromUtf8(vm, (char *)data, (int)size);
91 tag->IsUndefined();
92 JSNApi::DestroyJSVM(vm);
93 return;
94 }
95 }
96
97 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)98 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
99 {
100 // Run your code on data.
101 OHOS::JSValueRefIsFalseFuzzTest(data, size);
102 OHOS::JSValueRefIsTrueFuzzTest(data, size);
103 OHOS::JSValueRefIsHoleFuzzTest(data, size);
104 OHOS::JSValueRefIsUndefinedFuzzTest(data, size);
105 return 0;
106 }