1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef CONTAINERSVECTORCOMMON_FUZZER_H 17 #define CONTAINERSVECTORCOMMON_FUZZER_H 18 19 #include "ecmascript/containers/containers_vector.h" 20 #include "ecmascript/containers/containers_private.h" 21 #include "ecmascript/ecma_string-inl.h" 22 #include "ecmascript/ecma_vm.h" 23 #include "ecmascript/global_env.h" 24 #include "ecmascript/js_api/js_api_vector.h" 25 #include "ecmascript/js_api/js_api_vector_iterator.h" 26 #include "ecmascript/js_handle.h" 27 #include "ecmascript/napi/include/jsnapi.h" 28 #include "ecmascript/ecma_runtime_call_info.h" 29 #include "ecmascript/js_thread.h" 30 #include "ecmascript/object_factory.h" 31 #include "ecmascript/js_array.h" 32 33 #define MAXBYTELEN sizeof(unsigned int) 34 35 namespace panda::ecmascript { 36 using namespace panda::ecmascript::containers; 37 class ContainersVectorFuzzTestHelper { 38 public: JSObjectCreate(JSThread * thread)39 static JSFunction *JSObjectCreate(JSThread *thread) 40 { 41 EcmaVM *ecmaVM = thread->GetEcmaVM(); 42 JSHandle<GlobalEnv> globalEnv = ecmaVM->GetGlobalEnv(); 43 return globalEnv->GetObjectFunction().GetObject<JSFunction>(); 44 } 45 CreateEcmaRuntimeCallInfo(JSThread * thread,uint32_t numArgs)46 static EcmaRuntimeCallInfo *CreateEcmaRuntimeCallInfo(JSThread *thread, uint32_t numArgs) 47 { 48 auto factory = thread->GetEcmaVM()->GetFactory(); 49 JSHandle<JSTaggedValue> hclass(thread, JSObjectCreate(thread)); 50 JSHandle<JSTaggedValue> callee(factory->NewJSObjectByConstructor(JSHandle<JSFunction>::Cast(hclass), hclass)); 51 JSHandle<JSTaggedValue> undefined = thread->GlobalConstants()->GetHandledUndefined(); 52 EcmaRuntimeCallInfo *objCallInfo = 53 EcmaInterpreter::NewRuntimeCallInfo(thread, undefined, callee, undefined, numArgs); 54 return objCallInfo; 55 } 56 CreateJSAPIVector(JSThread * thread)57 static JSHandle<JSAPIVector> CreateJSAPIVector(JSThread *thread) 58 { 59 auto factory = thread->GetEcmaVM()->GetFactory(); 60 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv(); 61 JSHandle<JSTaggedValue> globalObject = env->GetJSGlobalObject(); 62 JSHandle<JSTaggedValue> key(factory->NewFromASCII("ArkPrivate")); 63 JSHandle<JSTaggedValue> value = 64 JSObject::GetProperty(thread, JSHandle<JSTaggedValue>(globalObject), key).GetValue(); 65 66 auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 67 objCallInfo->SetFunction(JSTaggedValue::Undefined()); 68 objCallInfo->SetThis(value.GetTaggedValue()); 69 // 0 means the argument 70 objCallInfo->SetCallArg(0, JSTaggedValue(static_cast<int>(containers::ContainerTag::Vector))); 71 JSTaggedValue result = containers::ContainersPrivate::Load(objCallInfo); 72 73 JSHandle<JSFunction> newTarget(thread, result); 74 auto objCallInfo2 = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 75 objCallInfo2->SetFunction(newTarget.GetTaggedValue()); 76 objCallInfo2->SetNewTarget(newTarget.GetTaggedValue()); 77 objCallInfo2->SetThis(JSTaggedValue::Undefined()); 78 objCallInfo2->SetCallArg(0, JSTaggedValue::Undefined()); 79 80 JSTaggedValue list = containers::ContainersVector::VectorConstructor(objCallInfo2); 81 JSHandle<JSAPIVector> vector(thread, list); 82 return vector; 83 } 84 GetVectorWithData(JSThread * thread,const uint8_t * data,size_t size)85 static JSHandle<JSAPIVector> GetVectorWithData(JSThread *thread, const uint8_t* data, size_t size) 86 { 87 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 88 89 constexpr int32_t ELEMENT_NUMS = 8; 90 91 uint32_t input = 0; 92 if (size > MAXBYTELEN) { 93 size = MAXBYTELEN; 94 } 95 if (memcpy_s(&input, MAXBYTELEN, data, size) != 0) { 96 std::cout << "memcpy_s failed!"; 97 UNREACHABLE(); 98 } 99 100 for (int32_t i = 0; i < ELEMENT_NUMS; i++) { 101 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 102 callInfo->SetFunction(JSTaggedValue::Undefined()); 103 callInfo->SetThis(vector.GetTaggedValue()); 104 callInfo->SetCallArg(0, JSTaggedValue(i + input)); 105 106 ContainersVector::Add(callInfo); 107 } 108 109 return vector; 110 } 111 ContainersVectorAddFuzzTest(const uint8_t * data,size_t size)112 static void ContainersVectorAddFuzzTest(const uint8_t* data, size_t size) 113 { 114 RuntimeOption option; 115 option.SetLogLevel(common::LOG_LEVEL::ERROR); 116 EcmaVM *vm = JSNApi::CreateJSVM(option); 117 { 118 JsiFastNativeScope scope(vm); 119 auto thread = vm->GetAssociatedJSThread(); 120 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 121 122 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 123 callInfo->SetFunction(JSTaggedValue::Undefined()); 124 callInfo->SetThis(vector.GetTaggedValue()); 125 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 126 std::string str(data, data + size); 127 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 128 callInfo->SetCallArg(0, value); 129 130 ContainersVector::Add(callInfo); 131 } 132 JSNApi::DestroyJSVM(vm); 133 } 134 ContainersVectorGetIndexOfFuzzTest(const uint8_t * data,size_t size)135 static void ContainersVectorGetIndexOfFuzzTest(const uint8_t* data, size_t size) 136 { 137 RuntimeOption option; 138 option.SetLogLevel(common::LOG_LEVEL::ERROR); 139 EcmaVM *vm = JSNApi::CreateJSVM(option); 140 { 141 JsiFastNativeScope scope(vm); 142 auto thread = vm->GetAssociatedJSThread(); 143 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 144 145 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 146 callInfo->SetFunction(JSTaggedValue::Undefined()); 147 callInfo->SetThis(vector.GetTaggedValue()); 148 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 149 std::string str(data, data + size); 150 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 151 callInfo->SetCallArg(0, value); 152 153 ContainersVector::Add(callInfo); 154 155 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 156 callInfo1->SetFunction(JSTaggedValue::Undefined()); 157 callInfo1->SetThis(vector.GetTaggedValue()); 158 callInfo1->SetCallArg(0, value); 159 160 ContainersVector::GetIndexOf(callInfo1); 161 } 162 JSNApi::DestroyJSVM(vm); 163 } 164 ContainersVectorHasFuzzTest(const uint8_t * data,size_t size)165 static void ContainersVectorHasFuzzTest(const uint8_t* data, size_t size) 166 { 167 RuntimeOption option; 168 option.SetLogLevel(common::LOG_LEVEL::ERROR); 169 EcmaVM *vm = JSNApi::CreateJSVM(option); 170 { 171 JsiFastNativeScope scope(vm); 172 auto thread = vm->GetAssociatedJSThread(); 173 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 174 175 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 176 callInfo->SetFunction(JSTaggedValue::Undefined()); 177 callInfo->SetThis(vector.GetTaggedValue()); 178 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 179 std::string str(data, data + size); 180 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 181 callInfo->SetCallArg(0, value); 182 183 ContainersVector::Add(callInfo); 184 185 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 186 callInfo1->SetFunction(JSTaggedValue::Undefined()); 187 callInfo1->SetThis(vector.GetTaggedValue()); 188 callInfo1->SetCallArg(0, value); 189 190 ContainersVector::Has(callInfo1); 191 } 192 JSNApi::DestroyJSVM(vm); 193 } 194 ContainersVectorInsertFuzzTest(const uint8_t * data,size_t size)195 static void ContainersVectorInsertFuzzTest(const uint8_t* data, size_t size) 196 { 197 RuntimeOption option; 198 option.SetLogLevel(common::LOG_LEVEL::ERROR); 199 EcmaVM *vm = JSNApi::CreateJSVM(option); 200 { 201 JsiFastNativeScope scope(vm); 202 auto thread = vm->GetAssociatedJSThread(); 203 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 204 205 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 206 callInfo->SetFunction(JSTaggedValue::Undefined()); 207 callInfo->SetThis(vector.GetTaggedValue()); 208 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 209 std::string str(data, data + size); 210 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 211 callInfo->SetCallArg(0, value); 212 callInfo->SetCallArg(1, JSTaggedValue(0)); 213 214 ContainersVector::Insert(callInfo); 215 } 216 JSNApi::DestroyJSVM(vm); 217 } 218 ContainersVectorRemoveFuzzTest(const uint8_t * data,size_t size)219 static void ContainersVectorRemoveFuzzTest(const uint8_t* data, size_t size) 220 { 221 RuntimeOption option; 222 option.SetLogLevel(common::LOG_LEVEL::ERROR); 223 EcmaVM *vm = JSNApi::CreateJSVM(option); 224 { 225 JsiFastNativeScope scope(vm); 226 auto thread = vm->GetAssociatedJSThread(); 227 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 228 229 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 230 callInfo->SetFunction(JSTaggedValue::Undefined()); 231 callInfo->SetThis(vector.GetTaggedValue()); 232 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 233 std::string str(data, data + size); 234 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 235 callInfo->SetCallArg(0, value); 236 callInfo->SetCallArg(1, JSTaggedValue(0)); 237 238 ContainersVector::Insert(callInfo); 239 240 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 241 callInfo1->SetFunction(JSTaggedValue::Undefined()); 242 callInfo1->SetThis(vector.GetTaggedValue()); 243 callInfo1->SetCallArg(0, value); 244 ContainersVector::Remove(callInfo1); 245 } 246 JSNApi::DestroyJSVM(vm); 247 } 248 ContainersVectorSetFuzzTest(const uint8_t * data,size_t size)249 static void ContainersVectorSetFuzzTest(const uint8_t* data, size_t size) 250 { 251 RuntimeOption option; 252 option.SetLogLevel(common::LOG_LEVEL::ERROR); 253 EcmaVM *vm = JSNApi::CreateJSVM(option); 254 { 255 JsiFastNativeScope scope(vm); 256 auto thread = vm->GetAssociatedJSThread(); 257 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 258 259 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 260 callInfo->SetFunction(JSTaggedValue::Undefined()); 261 callInfo->SetThis(vector.GetTaggedValue()); 262 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 263 std::string str(data, data + size); 264 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 265 callInfo->SetCallArg(0, value); 266 callInfo->SetCallArg(1, JSTaggedValue(0)); 267 268 ContainersVector::Insert(callInfo); 269 270 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 271 callInfo1->SetFunction(JSTaggedValue::Undefined()); 272 callInfo1->SetThis(vector.GetTaggedValue()); 273 callInfo1->SetCallArg(0, JSTaggedValue(0)); 274 callInfo1->SetCallArg(1, value); 275 ContainersVector::Set(callInfo1); 276 } 277 JSNApi::DestroyJSVM(vm); 278 } 279 ContainersVectorGetLastIndexOfFuzzTest(const uint8_t * data,size_t size)280 static void ContainersVectorGetLastIndexOfFuzzTest(const uint8_t* data, size_t size) 281 { 282 RuntimeOption option; 283 option.SetLogLevel(common::LOG_LEVEL::ERROR); 284 EcmaVM *vm = JSNApi::CreateJSVM(option); 285 { 286 JsiFastNativeScope scope(vm); 287 auto thread = vm->GetAssociatedJSThread(); 288 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 289 290 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 291 callInfo->SetFunction(JSTaggedValue::Undefined()); 292 callInfo->SetThis(vector.GetTaggedValue()); 293 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 294 std::string str(data, data + size); 295 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 296 callInfo->SetCallArg(0, value); 297 298 ContainersVector::Add(callInfo); 299 300 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 301 callInfo1->SetFunction(JSTaggedValue::Undefined()); 302 callInfo1->SetThis(vector.GetTaggedValue()); 303 callInfo1->SetCallArg(0, value); 304 ContainersVector::GetLastIndexOf(callInfo1); 305 } 306 JSNApi::DestroyJSVM(vm); 307 } 308 ContainersVectorGetLastIndexFromFuzzTest(const uint8_t * data,size_t size)309 static void ContainersVectorGetLastIndexFromFuzzTest(const uint8_t* data, size_t size) 310 { 311 RuntimeOption option; 312 option.SetLogLevel(common::LOG_LEVEL::ERROR); 313 EcmaVM *vm = JSNApi::CreateJSVM(option); 314 { 315 JsiFastNativeScope scope(vm); 316 auto thread = vm->GetAssociatedJSThread(); 317 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 318 319 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 320 callInfo->SetFunction(JSTaggedValue::Undefined()); 321 callInfo->SetThis(vector.GetTaggedValue()); 322 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 323 std::string str(data, data + size); 324 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 325 callInfo->SetCallArg(0, value); 326 327 ContainersVector::Add(callInfo); 328 329 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 330 callInfo1->SetFunction(JSTaggedValue::Undefined()); 331 callInfo1->SetThis(vector.GetTaggedValue()); 332 callInfo1->SetCallArg(0, value); 333 callInfo1->SetCallArg(1, JSTaggedValue(0)); 334 ContainersVector::GetLastIndexFrom(callInfo1); 335 } 336 JSNApi::DestroyJSVM(vm); 337 } 338 ContainersVectorGetIndexFromFuzzTest(const uint8_t * data,size_t size)339 static void ContainersVectorGetIndexFromFuzzTest(const uint8_t* data, size_t size) 340 { 341 RuntimeOption option; 342 option.SetLogLevel(common::LOG_LEVEL::ERROR); 343 EcmaVM *vm = JSNApi::CreateJSVM(option); 344 { 345 JsiFastNativeScope scope(vm); 346 auto thread = vm->GetAssociatedJSThread(); 347 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 348 349 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 350 callInfo->SetFunction(JSTaggedValue::Undefined()); 351 callInfo->SetThis(vector.GetTaggedValue()); 352 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 353 std::string str(data, data + size); 354 JSTaggedValue value = factory->NewFromStdString(str).GetTaggedValue(); 355 callInfo->SetCallArg(0, value); 356 357 ContainersVector::Add(callInfo); 358 359 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 360 callInfo1->SetFunction(JSTaggedValue::Undefined()); 361 callInfo1->SetThis(vector.GetTaggedValue()); 362 callInfo1->SetCallArg(0, value); 363 callInfo1->SetCallArg(1, JSTaggedValue(0)); 364 ContainersVector::GetIndexFrom(callInfo1); 365 } 366 JSNApi::DestroyJSVM(vm); 367 } 368 ContainersVectorRemoveByRangeFuzzTest(const uint8_t * data,size_t size)369 static void ContainersVectorRemoveByRangeFuzzTest(const uint8_t* data, size_t size) 370 { 371 if (size <= 0) { 372 return; 373 } 374 RuntimeOption option; 375 option.SetLogLevel(common::LOG_LEVEL::ERROR); 376 EcmaVM *vm = JSNApi::CreateJSVM(option); 377 { 378 JsiFastNativeScope scope(vm); 379 auto thread = vm->GetAssociatedJSThread(); 380 381 JSHandle<JSAPIVector> vector = CreateJSAPIVector(thread); 382 383 constexpr int32_t ELEMENT_NUMS = 8; 384 385 uint32_t input = 0; 386 if (size > MAXBYTELEN) { 387 size = MAXBYTELEN; 388 } 389 if (memcpy_s(&input, MAXBYTELEN, data, size) != 0) { 390 std::cout << "memcpy_s failed!"; 391 UNREACHABLE(); 392 } 393 394 for (int32_t i = 0; i < ELEMENT_NUMS; i++) { 395 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 396 callInfo->SetFunction(JSTaggedValue::Undefined()); 397 callInfo->SetThis(vector.GetTaggedValue()); 398 callInfo->SetCallArg(0, JSTaggedValue(i + input)); 399 400 ContainersVector::Add(callInfo); 401 } 402 403 auto callInfo1 = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 404 callInfo1->SetFunction(JSTaggedValue::Undefined()); 405 callInfo1->SetThis(vector.GetTaggedValue()); 406 callInfo1->SetCallArg(0, JSTaggedValue(input % ELEMENT_NUMS)); 407 callInfo1->SetCallArg(1, JSTaggedValue((input + 1) % ELEMENT_NUMS)); 408 ContainersVector::RemoveByRange(callInfo1); 409 } 410 JSNApi::DestroyJSVM(vm); 411 } 412 413 class TestClass : public base::BuiltinsBase { 414 public: TestForEachFunc(EcmaRuntimeCallInfo * argv)415 static JSTaggedValue TestForEachFunc(EcmaRuntimeCallInfo *argv) 416 { 417 JSThread *thread = argv->GetThread(); 418 JSHandle<JSTaggedValue> value = GetCallArg(argv, 0); 419 JSHandle<JSTaggedValue> key = GetCallArg(argv, 1); 420 JSHandle<JSTaggedValue> vector = GetCallArg(argv, 2); // 2 means the secode arg 421 if (!vector->IsUndefined()) { 422 if (value->IsNumber()) { 423 TaggedArray *elements = TaggedArray::Cast(JSAPIVector::Cast(vector.GetTaggedValue(). 424 GetTaggedObject())->GetElements(thread).GetTaggedObject()); 425 elements->Get(thread, key->GetInt()); 426 } 427 } 428 return JSTaggedValue::Undefined(); 429 } 430 TestReplaceAllElementsFunc(EcmaRuntimeCallInfo * argv)431 static JSTaggedValue TestReplaceAllElementsFunc(EcmaRuntimeCallInfo *argv) 432 { 433 JSThread *thread = argv->GetThread(); 434 JSHandle<JSTaggedValue> value = GetCallArg(argv, 0); 435 JSHandle<JSTaggedValue> index = GetCallArg(argv, 1); 436 JSHandle<JSTaggedValue> vector = GetCallArg(argv, 2); // 2 means the secode arg 437 if (!vector->IsUndefined()) { 438 if (value->IsNumber()) { 439 JSHandle<JSTaggedValue> newValue(thread, JSTaggedValue(value->GetInt() * 2)); // 2 means mul by 2 440 JSHandle<JSAPIVector>::Cast(vector)->Set(thread, index->GetNumber(), newValue.GetTaggedValue()); 441 return newValue.GetTaggedValue(); 442 } 443 } 444 return JSTaggedValue::Undefined(); 445 } 446 }; 447 ContainersVectorSubVectorFuzzTest(const uint8_t * data,size_t size)448 static void ContainersVectorSubVectorFuzzTest(const uint8_t* data, size_t size) 449 { 450 if (size <= 0) { 451 return; 452 } 453 RuntimeOption option; 454 option.SetLogLevel(common::LOG_LEVEL::ERROR); 455 EcmaVM *vm = JSNApi::CreateJSVM(option); 456 { 457 JsiFastNativeScope scope(vm); 458 auto thread = vm->GetAssociatedJSThread(); 459 460 JSHandle<JSAPIVector> vector = GetVectorWithData(thread, data, size); 461 462 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 8); // 8 : means the argv length 463 callInfo->SetFunction(JSTaggedValue::Undefined()); 464 callInfo->SetThis(vector.GetTaggedValue()); 465 callInfo->SetCallArg(0, JSTaggedValue(0)); 466 callInfo->SetCallArg(1, JSTaggedValue(2)); // 2 : means the third value 467 ContainersVector::SubVector(callInfo); 468 } 469 JSNApi::DestroyJSVM(vm); 470 } 471 ContainersVectorSetLengthFuzzTest(const uint8_t * data,size_t size)472 static void ContainersVectorSetLengthFuzzTest(const uint8_t* data, size_t size) 473 { 474 if (size <= 0) { 475 return; 476 } 477 RuntimeOption option; 478 option.SetLogLevel(common::LOG_LEVEL::ERROR); 479 EcmaVM *vm = JSNApi::CreateJSVM(option); 480 { 481 JsiFastNativeScope scope(vm); 482 auto thread = vm->GetAssociatedJSThread(); 483 484 JSHandle<JSAPIVector> vector = GetVectorWithData(thread, data, size); 485 486 uint32_t length = 0; 487 if (size > MAXBYTELEN - 1) { 488 size = MAXBYTELEN - 1; 489 } 490 if (memcpy_s(&length, MAXBYTELEN - 1, data, size) != 0) { 491 std::cout << "memcpy_s failed!"; 492 UNREACHABLE(); 493 } 494 495 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 496 callInfo->SetFunction(JSTaggedValue::Undefined()); 497 callInfo->SetThis(vector.GetTaggedValue()); 498 callInfo->SetCallArg(0, JSTaggedValue(length)); 499 ContainersVector::SetLength(callInfo); 500 } 501 JSNApi::DestroyJSVM(vm); 502 } 503 ContainersVectorIncreaseCapacityToFuzzTest(const uint8_t * data,size_t size)504 static void ContainersVectorIncreaseCapacityToFuzzTest(const uint8_t* data, size_t size) 505 { 506 if (size <= 0) { 507 return; 508 } 509 RuntimeOption option; 510 option.SetLogLevel(common::LOG_LEVEL::ERROR); 511 EcmaVM *vm = JSNApi::CreateJSVM(option); 512 { 513 JsiFastNativeScope scope(vm); 514 auto thread = vm->GetAssociatedJSThread(); 515 516 JSHandle<JSAPIVector> vector = GetVectorWithData(thread, data, size); 517 518 uint32_t capacity = 0; 519 if (size > MAXBYTELEN - 1) { 520 size = MAXBYTELEN - 1; 521 } 522 if (memcpy_s(&capacity, MAXBYTELEN - 1, data, size) != 0) { 523 std::cout << "memcpy_s failed!"; 524 UNREACHABLE(); 525 } 526 527 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 528 callInfo->SetFunction(JSTaggedValue::Undefined()); 529 callInfo->SetThis(vector.GetTaggedValue()); 530 callInfo->SetCallArg(0, JSTaggedValue(capacity)); 531 ContainersVector::IncreaseCapacityTo(callInfo); 532 } 533 JSNApi::DestroyJSVM(vm); 534 } 535 ContainersVectorCopyToArrayFuzzTest(const uint8_t * data,size_t size)536 static void ContainersVectorCopyToArrayFuzzTest(const uint8_t* data, size_t size) 537 { 538 if (size <= 0) { 539 return; 540 } 541 RuntimeOption option; 542 option.SetLogLevel(common::LOG_LEVEL::ERROR); 543 EcmaVM *vm = JSNApi::CreateJSVM(option); 544 { 545 JsiFastNativeScope scope(vm); 546 auto thread = vm->GetAssociatedJSThread(); 547 548 JSHandle<JSAPIVector> vector = GetVectorWithData(thread, data, size); 549 550 constexpr int32_t ELEMENT_NUMS = 8; 551 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 552 JSHandle<JSArray> array = factory->NewJSArray(); 553 JSHandle<TaggedArray> arrayElement = factory->NewTaggedArray(ELEMENT_NUMS, JSTaggedValue::Hole()); 554 array->SetElements(thread, arrayElement); 555 array->SetArrayLength(thread, static_cast<uint32_t>(ELEMENT_NUMS)); 556 auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length 557 callInfo->SetFunction(JSTaggedValue::Undefined()); 558 callInfo->SetThis(vector.GetTaggedValue()); 559 callInfo->SetCallArg(0, array.GetTaggedValue()); 560 ContainersVector::CopyToArray(callInfo); 561 } 562 JSNApi::DestroyJSVM(vm); 563 } 564 }; 565 } 566 #endif