1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "video_encoder_fuzzer.h"
17 #include "message_parcel.h"
18 #include "securec.h"
19 #include "camera_log.h"
20
21 namespace OHOS {
22 namespace CameraStandard {
23 static constexpr int32_t MIN_SIZE_NUM = 220;
24
25 std::shared_ptr<VideoEncoder> VideoEncoderFuzzer::fuzz_{nullptr};
26 static const uint8_t* RAW_DATA __attribute__((used)) = nullptr;
27 static size_t g_dataSize __attribute__((used)) = 0;
28 static size_t g_pos __attribute__((used));
29
30 /*
31 * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
32 * tips: only support basic type
33 */
34 template<class T>
GetData()35 T GetData()
36 {
37 T object {};
38 size_t objectSize = sizeof(object);
39 if (RAW_DATA == nullptr || objectSize > g_dataSize - g_pos) {
40 return object;
41 }
42 errno_t ret = memcpy_s(&object, objectSize, RAW_DATA + g_pos, objectSize);
43 if (ret != EOK) {
44 return {};
45 }
46 g_pos += objectSize;
47 return object;
48 }
49
VideoEncoderFuzzTest(FuzzedDataProvider & fdp)50 void VideoEncoderFuzzer::VideoEncoderFuzzTest(FuzzedDataProvider& fdp)
51 {
52 fuzz_ = std::make_shared<VideoEncoder>();
53 CHECK_RETURN_ELOG(!fuzz_, "Create fuzz_ Error");
54 uint8_t randomNum = fdp.ConsumeIntegral<uint8_t>();
55 std::vector<std::string> testStrings = {fdp.ConsumeRandomLengthString(100), fdp.ConsumeRandomLengthString(100)};
56 std::string codecMime(testStrings[randomNum % testStrings.size()]);
57 fuzz_->Create(codecMime);
58 fuzz_->Config();
59 fuzz_->Start();
60 fuzz_->GetSurface();
61 int64_t timestamp = fdp.ConsumeIntegral<int64_t>();
62 std::vector<GraphicTransformType> graphicType = {
63 GRAPHIC_ROTATE_NONE,
64 GRAPHIC_ROTATE_90,
65 GRAPHIC_ROTATE_180,
66 GRAPHIC_ROTATE_270,
67 GRAPHIC_FLIP_H,
68 GRAPHIC_FLIP_V,
69 GRAPHIC_FLIP_H_ROT90,
70 GRAPHIC_FLIP_V_ROT90,
71 GRAPHIC_FLIP_H_ROT180,
72 GRAPHIC_FLIP_V_ROT180,
73 GRAPHIC_FLIP_H_ROT270,
74 GRAPHIC_FLIP_V_ROT270,
75 GRAPHIC_ROTATE_BUTT,
76 };
77
78 GraphicTransformType type_ = graphicType[fdp.ConsumeIntegral<uint16_t>() % graphicType.size()];
79 sptr<SurfaceBuffer> videoBuffer = SurfaceBuffer::Create();
80 sptr<FrameRecord> frameRecord =
81 new(std::nothrow) FrameRecord(videoBuffer, timestamp, type_);
82 fuzz_->ReleaseSurfaceBuffer(frameRecord);
83 fuzz_->NotifyEndOfStream();
84 fuzz_->Stop();
85 }
86
Test(uint8_t * data,size_t size)87 void Test(uint8_t* data, size_t size)
88 {
89 auto videoEncoder = std::make_unique<VideoEncoderFuzzer>();
90 if (videoEncoder == nullptr) {
91 MEDIA_INFO_LOG("videoEncoder is null");
92 return;
93 }
94 FuzzedDataProvider fdp(data, size);
95 if (fdp.remaining_bytes() < MIN_SIZE_NUM) {
96 return;
97 }
98 videoEncoder->VideoEncoderFuzzTest(fdp);
99 }
100 } // namespace CameraStandard
101 } // namespace OHOS
102
103 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)104 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size)
105 {
106 OHOS::CameraStandard::Test(data, size);
107 return 0;
108 }