1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <fuzzer/FuzzedDataProvider.h>
17 #include "arraylist_fuzzer.h"
18
19 #include "ecmascript/containers/containers_arraylist.h"
20 #include "ecmascript/js_api/js_api_arraylist.h"
21 #include "ecmascript/ecma_vm.h"
22 #include "ecmascript/global_env.h"
23 #include "ecmascript/containers/containers_private.h"
24 #include "ecmascript/js_handle.h"
25 #include "ecmascript/object_factory.h"
26 #include "ecmascript/napi/include/jsnapi.h"
27 #include "ecmascript/napi/jsnapi_helper.h"
28
29
30 using namespace panda;
31 using namespace panda::ecmascript;
32 using namespace panda::ecmascript::containers;
33
34 #define MAXBYTELEN sizeof(uint32_t)
35 namespace OHOS {
36
JSObjectCreate(JSThread * thread)37 JSFunction *JSObjectCreate(JSThread *thread)
38 {
39 JSHandle<GlobalEnv> globalEnv = thread->GetEcmaVM()->GetGlobalEnv();
40 return globalEnv->GetObjectFunction().GetObject<JSFunction>();
41 }
42
CreateEcmaRuntimeCallInfo(JSThread * thread,uint32_t numArgs)43 EcmaRuntimeCallInfo *CreateEcmaRuntimeCallInfo(JSThread *thread, uint32_t numArgs)
44 {
45 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
46 JSHandle<JSTaggedValue> hclass(thread, JSObjectCreate(thread));
47 JSHandle<JSTaggedValue> callee(factory->NewJSObjectByConstructor(JSHandle<JSFunction>::Cast(hclass), hclass));
48 JSHandle<JSTaggedValue> undefined = thread->GlobalConstants()->GetHandledUndefined();
49 EcmaRuntimeCallInfo *objCallInfo =
50 EcmaInterpreter::NewRuntimeCallInfo(thread, undefined, callee, undefined, numArgs);
51 return objCallInfo;
52 }
53
InitializeArrayListConstructor(JSThread * thread)54 JSTaggedValue InitializeArrayListConstructor(JSThread *thread)
55 {
56 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
57 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
58 JSHandle<JSTaggedValue> globalObject = env->GetJSGlobalObject();
59 JSHandle<JSTaggedValue> key(factory->NewFromASCII("ArkPrivate"));
60 JSHandle<JSTaggedValue> value =
61 JSObject::GetProperty(thread, JSHandle<JSTaggedValue>(globalObject), key).GetValue();
62
63 auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length
64 objCallInfo->SetFunction(JSTaggedValue::Undefined());
65 objCallInfo->SetThis(value.GetTaggedValue());
66 objCallInfo->SetCallArg(0, JSTaggedValue(static_cast<int>(ContainerTag::ArrayList)));
67 JSTaggedValue result = ContainersPrivate::Load(objCallInfo);
68 return result;
69 }
70
CreateJSAPIArrayList(JSThread * thread)71 JSHandle<JSAPIArrayList> CreateJSAPIArrayList(JSThread *thread)
72 {
73 JSHandle<JSFunction> newTarget(thread, InitializeArrayListConstructor(thread));
74 auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 4);
75 objCallInfo->SetFunction(newTarget.GetTaggedValue());
76 objCallInfo->SetNewTarget(newTarget.GetTaggedValue());
77 objCallInfo->SetThis(JSTaggedValue::Undefined());
78 JSTaggedValue result = ContainersArrayList::ArrayListConstructor(objCallInfo);
79 JSHandle<JSAPIArrayList> arrayList(thread, result);
80 return arrayList;
81 }
82
ArrayListAdd(JSThread * thread,JSHandle<JSAPIArrayList> arrayList,JSTaggedValue value)83 void ArrayListAdd(JSThread* thread, JSHandle<JSAPIArrayList> arrayList, JSTaggedValue value)
84 {
85 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
86 callInfo->SetFunction(JSTaggedValue::Undefined());
87 callInfo->SetThis(arrayList.GetTaggedValue());
88 callInfo->SetCallArg(0, value);
89
90 ContainersArrayList::Add(callInfo);
91 }
92
TestForEachFunc(EcmaRuntimeCallInfo * argv)93 static JSTaggedValue TestForEachFunc(EcmaRuntimeCallInfo *argv)
94 {
95 JSThread *thread = argv->GetThread();
96 JSHandle<JSTaggedValue> value = argv->GetCallArg(0);
97 JSHandle<JSTaggedValue> key = argv->GetCallArg(1);
98 JSHandle<JSTaggedValue> arrayList = argv->GetCallArg(2); // 2 means the secode arg
99 if (!arrayList->IsUndefined()) {
100 if (value->IsNumber()) {
101 TaggedArray *elements = TaggedArray::Cast(JSAPIArrayList::Cast(arrayList.GetTaggedValue().
102 GetTaggedObject())->GetElements(thread).GetTaggedObject());
103 [[maybe_unused]] JSTaggedValue result = elements->Get(thread, key->GetInt());
104 }
105 }
106 return JSTaggedValue::Undefined();
107 }
108
TestReplaceAllElementsFunc(EcmaRuntimeCallInfo * argv)109 static JSTaggedValue TestReplaceAllElementsFunc(EcmaRuntimeCallInfo *argv)
110 {
111 JSThread *thread = argv->GetThread();
112 JSHandle<JSTaggedValue> value = argv->GetCallArg(0);
113 JSHandle<JSTaggedValue> index = argv->GetCallArg(1);
114 JSHandle<JSTaggedValue> arrayList = argv->GetCallArg(2); // 2 means the secode arg
115 if (!arrayList->IsUndefined()) {
116 if (value->IsNumber()) {
117 JSHandle<JSTaggedValue> newValue(thread, JSTaggedValue(value->GetInt() * 2)); // 2 means mul by 2
118 JSHandle<JSAPIArrayList>::Cast(arrayList)->Set(thread, index->GetNumber(), newValue.GetTaggedValue());
119 return newValue.GetTaggedValue();
120 }
121 }
122 return JSTaggedValue::Undefined();
123 }
124
ArrayListForEachFuzzTest(const uint8_t * data,size_t size)125 void ArrayListForEachFuzzTest(const uint8_t* data, size_t size)
126 {
127 if (data == nullptr || size <= 0) {
128 std::cout << "illegal input!";
129 return;
130 }
131 RuntimeOption option;
132 option.SetLogLevel(common::LOG_LEVEL::ERROR);
133 EcmaVM *vm = JSNApi::CreateJSVM(option);
134 {
135 JsiFastNativeScope scope(vm);
136 auto thread = vm->GetAssociatedJSThread();
137 ObjectFactory *factory = vm->GetFactory();
138 JSHandle<GlobalEnv> env = vm->GetGlobalEnv();
139
140 uint32_t inputNum = 0;
141 if (size > MAXBYTELEN) {
142 size = MAXBYTELEN;
143 }
144 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
145 std::cout << "memcpy_s failed!";
146 UNREACHABLE();
147 }
148 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
149 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
150 info->SetFunction(JSTaggedValue::Undefined());
151 info->SetThis(arrayList.GetTaggedValue());
152 info->SetCallArg(0, JSTaggedValue(inputNum));
153 ContainersArrayList::Add(info);
154
155 JSHandle<JSAPIArrayList> arrList = CreateJSAPIArrayList(thread);
156 JSHandle<JSFunction> func = factory->NewJSFunction(env, reinterpret_cast<void *>(TestForEachFunc));
157 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 8);
158 callInfo->SetFunction(JSTaggedValue::Undefined());
159 callInfo->SetThis(arrayList.GetTaggedValue());
160 callInfo->SetCallArg(0, func.GetTaggedValue());
161 callInfo->SetCallArg(1, arrList.GetTaggedValue());
162 ContainersArrayList::ForEach(callInfo);
163 }
164 JSNApi::DestroyJSVM(vm);
165 }
166
ArrayListAddFuzzTest(const uint8_t * data,size_t size)167 void ArrayListAddFuzzTest(const uint8_t* data, size_t size)
168 {
169 RuntimeOption option;
170 option.SetLogLevel(common::LOG_LEVEL::ERROR);
171 EcmaVM *vm = JSNApi::CreateJSVM(option);
172 {
173 JsiFastNativeScope scope(vm);
174 auto thread = vm->GetAssociatedJSThread();
175
176 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
177 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
178 callInfo->SetFunction(JSTaggedValue::Undefined());
179 callInfo->SetThis(arrayList.GetTaggedValue());
180
181 unsigned int inputNum = 0;
182 if (size <= 0) {
183 return;
184 }
185 if (size > MAXBYTELEN) {
186 size = MAXBYTELEN;
187 }
188 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
189 std::cout << "memcpy_s failed!";
190 UNREACHABLE();
191 }
192 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
193 ContainersArrayList::Add(callInfo);
194 }
195 JSNApi::DestroyJSVM(vm);
196 }
197
ArrayListClearFuzzTest(const uint8_t * data,size_t size)198 void ArrayListClearFuzzTest(const uint8_t* data, size_t size)
199 {
200 if (data == nullptr || size <= 0) {
201 std::cout << "illegal input!";
202 return;
203 }
204 RuntimeOption option;
205 option.SetLogLevel(common::LOG_LEVEL::ERROR);
206 EcmaVM *vm = JSNApi::CreateJSVM(option);
207 {
208 JsiFastNativeScope scope(vm);
209 auto thread = vm->GetAssociatedJSThread();
210
211 uint32_t inputNum = 0;
212 if (size > MAXBYTELEN) {
213 size = MAXBYTELEN;
214 }
215 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
216 std::cout << "memcpy_s failed!";
217 UNREACHABLE();
218 }
219 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
220 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
221 info->SetFunction(JSTaggedValue::Undefined());
222 info->SetThis(arrayList.GetTaggedValue());
223 info->SetCallArg(0, JSTaggedValue(inputNum));
224 ContainersArrayList::Add(info);
225
226 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
227 callInfo->SetFunction(JSTaggedValue::Undefined());
228 callInfo->SetThis(arrayList.GetTaggedValue());
229 ContainersArrayList::Clear(callInfo);
230 }
231 JSNApi::DestroyJSVM(vm);
232 }
233
ArrayListCloneFuzzTest(const uint8_t * data,size_t size)234 void ArrayListCloneFuzzTest(const uint8_t* data, size_t size)
235 {
236 if (data == nullptr || size <= 0) {
237 std::cout << "illegal input!";
238 return;
239 }
240 RuntimeOption option;
241 option.SetLogLevel(common::LOG_LEVEL::ERROR);
242 EcmaVM *vm = JSNApi::CreateJSVM(option);
243 {
244 JsiFastNativeScope scope(vm);
245 auto thread = vm->GetAssociatedJSThread();
246
247 uint32_t inputNum = 0;
248 if (size > MAXBYTELEN) {
249 size = MAXBYTELEN;
250 }
251 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
252 std::cout << "memcpy_s failed!";
253 UNREACHABLE();
254 }
255 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
256 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
257 info->SetFunction(JSTaggedValue::Undefined());
258 info->SetThis(arrayList.GetTaggedValue());
259 info->SetCallArg(0, JSTaggedValue(inputNum));
260 ContainersArrayList::Add(info);
261
262 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
263 callInfo->SetFunction(JSTaggedValue::Undefined());
264 callInfo->SetThis(arrayList.GetTaggedValue());
265 ContainersArrayList::Clone(callInfo);
266 }
267 JSNApi::DestroyJSVM(vm);
268 }
269
ArrayListConvertToArrayFuzzTest(const uint8_t * data,size_t size)270 void ArrayListConvertToArrayFuzzTest(const uint8_t* data, size_t size)
271 {
272 if (data == nullptr || size <= 0) {
273 std::cout << "illegal input!";
274 return;
275 }
276 RuntimeOption option;
277 option.SetLogLevel(common::LOG_LEVEL::ERROR);
278 EcmaVM *vm = JSNApi::CreateJSVM(option);
279 {
280 JsiFastNativeScope scope(vm);
281 auto thread = vm->GetAssociatedJSThread();
282
283 uint32_t inputNum = 0;
284 if (size > MAXBYTELEN) {
285 size = MAXBYTELEN;
286 }
287 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
288 std::cout << "memcpy_s failed!";
289 UNREACHABLE();
290 }
291 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
292 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
293 info->SetFunction(JSTaggedValue::Undefined());
294 info->SetThis(arrayList.GetTaggedValue());
295 info->SetCallArg(0, JSTaggedValue(inputNum));
296 ContainersArrayList::Add(info);
297
298 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
299 callInfo->SetFunction(JSTaggedValue::Undefined());
300 callInfo->SetThis(arrayList.GetTaggedValue());
301 ContainersArrayList::ConvertToArray(callInfo);
302 }
303 JSNApi::DestroyJSVM(vm);
304 }
305
ArrayListGetFuzzTest(const uint8_t * data,size_t size)306 void ArrayListGetFuzzTest(const uint8_t* data, size_t size)
307 {
308 if (data == nullptr || size <= 0) {
309 std::cout << "illegal input!";
310 return;
311 }
312 RuntimeOption option;
313 option.SetLogLevel(common::LOG_LEVEL::ERROR);
314 EcmaVM *vm = JSNApi::CreateJSVM(option);
315 {
316 JsiFastNativeScope scope(vm);
317 auto thread = vm->GetAssociatedJSThread();
318
319 uint32_t inputNum = 0;
320 if (size > MAXBYTELEN) {
321 size = MAXBYTELEN;
322 }
323 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
324 std::cout << "memcpy_s failed!";
325 UNREACHABLE();
326 }
327 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
328 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
329 info->SetFunction(JSTaggedValue::Undefined());
330 info->SetThis(arrayList.GetTaggedValue());
331 info->SetCallArg(0, JSTaggedValue(inputNum));
332 ContainersArrayList::Add(info);
333
334 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
335 callInfo->SetFunction(JSTaggedValue::Undefined());
336 callInfo->SetThis(arrayList.GetTaggedValue());
337 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
338 ContainersArrayList::Get(callInfo);
339 }
340 JSNApi::DestroyJSVM(vm);
341 }
342
ArrayListGetCapacityFuzzTest(const uint8_t * data,size_t size)343 void ArrayListGetCapacityFuzzTest(const uint8_t* data, size_t size)
344 {
345 if (data == nullptr || size <= 0) {
346 std::cout << "illegal input!";
347 return;
348 }
349 RuntimeOption option;
350 option.SetLogLevel(common::LOG_LEVEL::ERROR);
351 EcmaVM *vm = JSNApi::CreateJSVM(option);
352 {
353 JsiFastNativeScope scope(vm);
354 auto thread = vm->GetAssociatedJSThread();
355
356 uint32_t inputNum = 0;
357 if (size > MAXBYTELEN) {
358 size = MAXBYTELEN;
359 }
360 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
361 std::cout << "memcpy_s failed!";
362 UNREACHABLE();
363 }
364 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
365 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
366 info->SetFunction(JSTaggedValue::Undefined());
367 info->SetThis(arrayList.GetTaggedValue());
368 info->SetCallArg(0, JSTaggedValue(inputNum));
369 ContainersArrayList::Add(info);
370
371 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
372 callInfo->SetFunction(JSTaggedValue::Undefined());
373 callInfo->SetThis(arrayList.GetTaggedValue());
374 ContainersArrayList::GetCapacity(callInfo);
375 }
376 JSNApi::DestroyJSVM(vm);
377 }
378
ArrayListGetIndexOfFuzzTest(const uint8_t * data,size_t size)379 void ArrayListGetIndexOfFuzzTest(const uint8_t* data, size_t size)
380 {
381 if (data == nullptr || size <= 0) {
382 std::cout << "illegal input!";
383 return;
384 }
385 RuntimeOption option;
386 option.SetLogLevel(common::LOG_LEVEL::ERROR);
387 EcmaVM *vm = JSNApi::CreateJSVM(option);
388 {
389 JsiFastNativeScope scope(vm);
390 auto thread = vm->GetAssociatedJSThread();
391
392 uint32_t inputNum = 0;
393 if (size > MAXBYTELEN) {
394 size = MAXBYTELEN;
395 }
396 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
397 std::cout << "memcpy_s failed!";
398 UNREACHABLE();
399 }
400 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
401 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
402 info->SetFunction(JSTaggedValue::Undefined());
403 info->SetThis(arrayList.GetTaggedValue());
404 info->SetCallArg(0, JSTaggedValue(inputNum));
405 ContainersArrayList::Add(info);
406
407 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
408 callInfo->SetFunction(JSTaggedValue::Undefined());
409 callInfo->SetThis(arrayList.GetTaggedValue());
410 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
411 ContainersArrayList::GetIndexOf(callInfo);
412 }
413 JSNApi::DestroyJSVM(vm);
414 }
415
ArrayListGetIteratorObjFuzzTest(const uint8_t * data,size_t size)416 void ArrayListGetIteratorObjFuzzTest(const uint8_t* data, size_t size)
417 {
418 if (data == nullptr || size <= 0) {
419 std::cout << "illegal input!";
420 return;
421 }
422 RuntimeOption option;
423 option.SetLogLevel(common::LOG_LEVEL::ERROR);
424 EcmaVM *vm = JSNApi::CreateJSVM(option);
425 {
426 JsiFastNativeScope scope(vm);
427 auto thread = vm->GetAssociatedJSThread();
428
429 uint32_t inputNum = 0;
430 if (size > MAXBYTELEN) {
431 size = MAXBYTELEN;
432 }
433 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
434 std::cout << "memcpy_s failed!";
435 UNREACHABLE();
436 }
437 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
438 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
439 info->SetFunction(JSTaggedValue::Undefined());
440 info->SetThis(arrayList.GetTaggedValue());
441 info->SetCallArg(0, JSTaggedValue(inputNum));
442 ContainersArrayList::Add(info);
443
444 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
445 callInfo->SetFunction(JSTaggedValue::Undefined());
446 callInfo->SetThis(arrayList.GetTaggedValue());
447 ContainersArrayList::GetIteratorObj(callInfo);
448 }
449 JSNApi::DestroyJSVM(vm);
450 }
451
ArrayListGetLastIndexOfFuzzTest(const uint8_t * data,size_t size)452 void ArrayListGetLastIndexOfFuzzTest(const uint8_t* data, size_t size)
453 {
454 if (data == nullptr || size <= 0) {
455 std::cout << "illegal input!";
456 return;
457 }
458 RuntimeOption option;
459 option.SetLogLevel(common::LOG_LEVEL::ERROR);
460 EcmaVM *vm = JSNApi::CreateJSVM(option);
461 {
462 JsiFastNativeScope scope(vm);
463 auto thread = vm->GetAssociatedJSThread();
464
465 uint32_t inputNum = 0;
466 if (size > MAXBYTELEN) {
467 size = MAXBYTELEN;
468 }
469 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
470 std::cout << "memcpy_s failed!";
471 UNREACHABLE();
472 }
473 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
474 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
475 info->SetFunction(JSTaggedValue::Undefined());
476 info->SetThis(arrayList.GetTaggedValue());
477 info->SetCallArg(0, JSTaggedValue(inputNum));
478 ContainersArrayList::Add(info);
479
480 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
481 callInfo->SetFunction(JSTaggedValue::Undefined());
482 callInfo->SetThis(arrayList.GetTaggedValue());
483 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
484 ContainersArrayList::GetLastIndexOf(callInfo);
485 }
486 JSNApi::DestroyJSVM(vm);
487 }
488
ArrayListGetSizeFuzzTest(const uint8_t * data,size_t size)489 void ArrayListGetSizeFuzzTest(const uint8_t* data, size_t size)
490 {
491 if (data == nullptr || size <= 0) {
492 std::cout << "illegal input!";
493 return;
494 }
495 RuntimeOption option;
496 option.SetLogLevel(common::LOG_LEVEL::ERROR);
497 EcmaVM *vm = JSNApi::CreateJSVM(option);
498 {
499 JsiFastNativeScope scope(vm);
500 auto thread = vm->GetAssociatedJSThread();
501
502 uint32_t inputNum = 0;
503 if (size > MAXBYTELEN) {
504 size = MAXBYTELEN;
505 }
506 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
507 std::cout << "memcpy_s failed!";
508 UNREACHABLE();
509 }
510 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
511 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
512 info->SetFunction(JSTaggedValue::Undefined());
513 info->SetThis(arrayList.GetTaggedValue());
514 info->SetCallArg(0, JSTaggedValue(inputNum));
515 ContainersArrayList::Add(info);
516
517 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
518 callInfo->SetFunction(JSTaggedValue::Undefined());
519 callInfo->SetThis(arrayList.GetTaggedValue());
520 ContainersArrayList::GetSize(callInfo);
521 }
522 JSNApi::DestroyJSVM(vm);
523 }
524
ArrayListHasFuzzTest(const uint8_t * data,size_t size)525 void ArrayListHasFuzzTest(const uint8_t* data, size_t size)
526 {
527 if (data == nullptr || size <= 0) {
528 std::cout << "illegal input!";
529 return;
530 }
531 RuntimeOption option;
532 option.SetLogLevel(common::LOG_LEVEL::ERROR);
533 EcmaVM *vm = JSNApi::CreateJSVM(option);
534 {
535 JsiFastNativeScope scope(vm);
536 auto thread = vm->GetAssociatedJSThread();
537
538 uint32_t inputNum = 0;
539 if (size > MAXBYTELEN) {
540 size = MAXBYTELEN;
541 }
542 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
543 std::cout << "memcpy_s failed!";
544 UNREACHABLE();
545 }
546 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
547 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
548 info->SetFunction(JSTaggedValue::Undefined());
549 info->SetThis(arrayList.GetTaggedValue());
550 info->SetCallArg(0, JSTaggedValue(inputNum));
551 ContainersArrayList::Add(info);
552
553 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
554 callInfo->SetFunction(JSTaggedValue::Undefined());
555 callInfo->SetThis(arrayList.GetTaggedValue());
556 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
557 ContainersArrayList::Has(callInfo);
558 }
559 JSNApi::DestroyJSVM(vm);
560 }
561
ArrayListIncreaseCapacityToFuzzTest(const uint8_t * data,size_t size)562 void ArrayListIncreaseCapacityToFuzzTest(const uint8_t* data, size_t size)
563 {
564 if (data == nullptr || size <= 0) {
565 std::cout << "illegal input!";
566 return;
567 }
568 RuntimeOption option;
569 option.SetLogLevel(common::LOG_LEVEL::ERROR);
570 EcmaVM *vm = JSNApi::CreateJSVM(option);
571 {
572 JsiFastNativeScope scope(vm);
573 auto thread = vm->GetAssociatedJSThread();
574
575 uint32_t inputNum = 0;
576 const uint32_t maxByteLen = 1;
577 if (size > maxByteLen) {
578 size = maxByteLen;
579 }
580 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
581 std::cout << "memcpy_s failed!";
582 UNREACHABLE();
583 }
584 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
585 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
586 info->SetFunction(JSTaggedValue::Undefined());
587 info->SetThis(arrayList.GetTaggedValue());
588 info->SetCallArg(0, JSTaggedValue(inputNum));
589 ContainersArrayList::Add(info);
590
591 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
592 callInfo->SetFunction(JSTaggedValue::Undefined());
593 callInfo->SetThis(arrayList.GetTaggedValue());
594 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
595 ContainersArrayList::IncreaseCapacityTo(callInfo);
596 }
597 JSNApi::DestroyJSVM(vm);
598 }
599
ArrayListInsertFuzzTest(const uint8_t * data,size_t size)600 void ArrayListInsertFuzzTest(const uint8_t* data, size_t size)
601 {
602 if (data == nullptr || size <= 0) {
603 std::cout << "illegal input!";
604 return;
605 }
606 RuntimeOption option;
607 option.SetLogLevel(common::LOG_LEVEL::ERROR);
608 EcmaVM *vm = JSNApi::CreateJSVM(option);
609 {
610 JsiFastNativeScope scope(vm);
611 auto thread = vm->GetAssociatedJSThread();
612
613 uint32_t inputNum = 0;
614 if (size > MAXBYTELEN) {
615 size = MAXBYTELEN;
616 }
617 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
618 std::cout << "memcpy_s failed!";
619 UNREACHABLE();
620 }
621 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
622 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
623 info->SetFunction(JSTaggedValue::Undefined());
624 info->SetThis(arrayList.GetTaggedValue());
625 info->SetCallArg(0, JSTaggedValue(inputNum));
626 ContainersArrayList::Add(info);
627
628 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 8);
629 callInfo->SetFunction(JSTaggedValue::Undefined());
630 callInfo->SetThis(arrayList.GetTaggedValue());
631 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
632 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
633 ContainersArrayList::Insert(callInfo);
634 }
635 JSNApi::DestroyJSVM(vm);
636 }
637
ArrayListIsEmptyFuzzTest(const uint8_t * data,size_t size)638 void ArrayListIsEmptyFuzzTest(const uint8_t* data, size_t size)
639 {
640 if (data == nullptr || size <= 0) {
641 std::cout << "illegal input!";
642 return;
643 }
644 RuntimeOption option;
645 option.SetLogLevel(common::LOG_LEVEL::ERROR);
646 EcmaVM *vm = JSNApi::CreateJSVM(option);
647 {
648 JsiFastNativeScope scope(vm);
649 auto thread = vm->GetAssociatedJSThread();
650
651 uint32_t inputNum = 0;
652 if (size > MAXBYTELEN) {
653 size = MAXBYTELEN;
654 }
655 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
656 std::cout << "memcpy_s failed!";
657 UNREACHABLE();
658 }
659 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
660 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
661 info->SetFunction(JSTaggedValue::Undefined());
662 info->SetThis(arrayList.GetTaggedValue());
663 info->SetCallArg(0, JSTaggedValue(inputNum));
664 ContainersArrayList::Add(info);
665
666 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
667 callInfo->SetFunction(JSTaggedValue::Undefined());
668 callInfo->SetThis(arrayList.GetTaggedValue());
669 ContainersArrayList::IsEmpty(callInfo);
670 }
671 JSNApi::DestroyJSVM(vm);
672 }
673
ArrayListRemoveByIndexFuzzTest(const uint8_t * data,size_t size)674 void ArrayListRemoveByIndexFuzzTest(const uint8_t* data, size_t size)
675 {
676 if (data == nullptr || size <= 0) {
677 std::cout << "illegal input!";
678 return;
679 }
680 RuntimeOption option;
681 option.SetLogLevel(common::LOG_LEVEL::ERROR);
682 EcmaVM *vm = JSNApi::CreateJSVM(option);
683 {
684 JsiFastNativeScope scope(vm);
685 auto thread = vm->GetAssociatedJSThread();
686
687 uint32_t inputNum = 0;
688 if (size > MAXBYTELEN) {
689 size = MAXBYTELEN;
690 }
691 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
692 std::cout << "memcpy_s failed!";
693 UNREACHABLE();
694 }
695 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
696 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
697 info->SetFunction(JSTaggedValue::Undefined());
698 info->SetThis(arrayList.GetTaggedValue());
699 info->SetCallArg(0, JSTaggedValue(inputNum));
700 ContainersArrayList::Add(info);
701
702 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
703 callInfo->SetFunction(JSTaggedValue::Undefined());
704 callInfo->SetThis(arrayList.GetTaggedValue());
705 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
706 ContainersArrayList::Remove(callInfo);
707 }
708 JSNApi::DestroyJSVM(vm);
709 }
710
ArrayListRemoveByRangeFuzzTest(const uint8_t * data,size_t size)711 void ArrayListRemoveByRangeFuzzTest(const uint8_t* data, size_t size)
712 {
713 if (data == nullptr || size <= 0) {
714 std::cout << "illegal input!";
715 return;
716 }
717 RuntimeOption option;
718 option.SetLogLevel(common::LOG_LEVEL::ERROR);
719 EcmaVM *vm = JSNApi::CreateJSVM(option);
720 {
721 JsiFastNativeScope scope(vm);
722 auto thread = vm->GetAssociatedJSThread();
723
724 uint32_t inputNum = 0;
725 const uint32_t maxByteLen = 1;
726 if (size > maxByteLen) {
727 size = maxByteLen;
728 }
729 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
730 std::cout << "memcpy_s failed!";
731 UNREACHABLE();
732 }
733 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
734 for (uint32_t i = 0; i <= inputNum; i++) {
735 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
736 info->SetFunction(JSTaggedValue::Undefined());
737 info->SetThis(arrayList.GetTaggedValue());
738 info->SetCallArg(0, JSTaggedValue(inputNum));
739 ContainersArrayList::Add(info);
740 }
741
742 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
743 callInfo->SetFunction(JSTaggedValue::Undefined());
744 callInfo->SetThis(arrayList.GetTaggedValue());
745 callInfo->SetCallArg(0, JSTaggedValue(0));
746 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
747 ContainersArrayList::RemoveByRange(callInfo);
748 }
749 JSNApi::DestroyJSVM(vm);
750 }
751
ArrayListReplaceAllElementsFuzzTest(const uint8_t * data,size_t size)752 void ArrayListReplaceAllElementsFuzzTest(const uint8_t* data, size_t size)
753 {
754 if (data == nullptr || size <= 0) {
755 std::cout << "illegal input!";
756 return;
757 }
758 RuntimeOption option;
759 option.SetLogLevel(common::LOG_LEVEL::ERROR);
760 EcmaVM *vm = JSNApi::CreateJSVM(option);
761 {
762 JsiFastNativeScope scope(vm);
763 auto thread = vm->GetAssociatedJSThread();
764 ObjectFactory *factory = vm->GetFactory();
765 JSHandle<GlobalEnv> env = vm->GetGlobalEnv();
766
767 uint32_t inputNum = 0;
768 if (size > MAXBYTELEN) {
769 size = MAXBYTELEN;
770 }
771 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
772 std::cout << "memcpy_s failed!";
773 UNREACHABLE();
774 }
775 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
776 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
777 info->SetFunction(JSTaggedValue::Undefined());
778 info->SetThis(arrayList.GetTaggedValue());
779 info->SetCallArg(0, JSTaggedValue(inputNum));
780 ContainersArrayList::Add(info);
781
782 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
783 JSHandle<JSFunction> func =
784 factory->NewJSFunction(env, reinterpret_cast<void *>(TestReplaceAllElementsFunc));
785 callInfo->SetFunction(JSTaggedValue::Undefined());
786 callInfo->SetThis(arrayList.GetTaggedValue());
787 callInfo->SetCallArg(0, func.GetTaggedValue());
788 ContainersArrayList::ReplaceAllElements(callInfo);
789 }
790 JSNApi::DestroyJSVM(vm);
791 }
792
ArrayListSetFuzzTest(const uint8_t * data,size_t size)793 void ArrayListSetFuzzTest(const uint8_t* data, size_t size)
794 {
795 if (data == nullptr || size <= 0) {
796 std::cout << "illegal input!";
797 return;
798 }
799 RuntimeOption option;
800 option.SetLogLevel(common::LOG_LEVEL::ERROR);
801 EcmaVM *vm = JSNApi::CreateJSVM(option);
802 {
803 JsiFastNativeScope scope(vm);
804 auto thread = vm->GetAssociatedJSThread();
805
806 uint32_t inputNum = 0;
807 const uint32_t maxByteLen = 1;
808 if (size > maxByteLen) {
809 size = maxByteLen;
810 }
811 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
812 std::cout << "memcpy_s failed!";
813 UNREACHABLE();
814 }
815 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
816 for (uint32_t i = 0; i <= inputNum; i++) {
817 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
818 info->SetFunction(JSTaggedValue::Undefined());
819 info->SetThis(arrayList.GetTaggedValue());
820 info->SetCallArg(0, JSTaggedValue(inputNum));
821 ContainersArrayList::Add(info);
822 }
823
824 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
825 callInfo->SetFunction(JSTaggedValue::Undefined());
826 callInfo->SetThis(arrayList.GetTaggedValue());
827 callInfo->SetCallArg(0, JSTaggedValue(inputNum / 2)); // 2 : half
828 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
829 ContainersArrayList::Set(callInfo);
830 }
831 JSNApi::DestroyJSVM(vm);
832 }
833
ArrayListSortFuzzTest(const uint8_t * data,size_t size)834 void ArrayListSortFuzzTest(const uint8_t* data, size_t size)
835 {
836 if (data == nullptr || size <= 0) {
837 std::cout << "illegal input!";
838 return;
839 }
840 RuntimeOption option;
841 option.SetLogLevel(common::LOG_LEVEL::ERROR);
842 EcmaVM *vm = JSNApi::CreateJSVM(option);
843 {
844 JsiFastNativeScope scope(vm);
845 auto thread = vm->GetAssociatedJSThread();
846
847 uint32_t inputNum = 0;
848 const uint32_t maxByteLen = 1;
849 if (size > maxByteLen) {
850 size = maxByteLen;
851 }
852 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
853 std::cout << "memcpy_s failed!";
854 UNREACHABLE();
855 }
856 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
857 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
858 info->SetFunction(JSTaggedValue::Undefined());
859 info->SetThis(arrayList.GetTaggedValue());
860 info->SetCallArg(0, JSTaggedValue(inputNum));
861 ContainersArrayList::Add(info);
862
863 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
864 callInfo->SetFunction(JSTaggedValue::Undefined());
865 callInfo->SetThis(arrayList.GetTaggedValue());
866 callInfo->SetCallArg(0, JSTaggedValue::Undefined());
867 ContainersArrayList::Sort(callInfo);
868 }
869 JSNApi::DestroyJSVM(vm);
870 }
871
ArrayListSubArrayListFuzzTest(const uint8_t * data,size_t size)872 void ArrayListSubArrayListFuzzTest(const uint8_t* data, size_t size)
873 {
874 if (data == nullptr || size <= 0) {
875 std::cout << "illegal input!";
876 return;
877 }
878 RuntimeOption option;
879 option.SetLogLevel(common::LOG_LEVEL::ERROR);
880 EcmaVM *vm = JSNApi::CreateJSVM(option);
881 {
882 JsiFastNativeScope scope(vm);
883 auto thread = vm->GetAssociatedJSThread();
884
885 uint32_t inputNum = 0;
886 const uint32_t maxByteLen = 1;
887 if (size > maxByteLen) {
888 size = maxByteLen;
889 }
890 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
891 std::cout << "memcpy_s failed!";
892 UNREACHABLE();
893 }
894 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
895 for (uint32_t i = 0; i <= inputNum; i++) {
896 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
897 info->SetFunction(JSTaggedValue::Undefined());
898 info->SetThis(arrayList.GetTaggedValue());
899 info->SetCallArg(0, JSTaggedValue(inputNum));
900 ContainersArrayList::Add(info);
901 }
902
903 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
904 callInfo->SetFunction(JSTaggedValue::Undefined());
905 callInfo->SetThis(arrayList.GetTaggedValue());
906 callInfo->SetCallArg(0, JSTaggedValue(0)); // start
907 callInfo->SetCallArg(1, JSTaggedValue(inputNum / 2)); // end 2 : half
908 ContainersArrayList::SubArrayList(callInfo);
909 }
910 JSNApi::DestroyJSVM(vm);
911 }
912
ArrayListTrimToCurrentLengthFuzzTest(const uint8_t * data,size_t size)913 void ArrayListTrimToCurrentLengthFuzzTest(const uint8_t* data, size_t size)
914 {
915 if (data == nullptr || size <= 0) {
916 std::cout << "illegal input!";
917 return;
918 }
919 RuntimeOption option;
920 option.SetLogLevel(common::LOG_LEVEL::ERROR);
921 EcmaVM *vm = JSNApi::CreateJSVM(option);
922 {
923 JsiFastNativeScope scope(vm);
924 auto thread = vm->GetAssociatedJSThread();
925
926 uint32_t inputNum = 0;
927 const uint32_t maxByteLen = 1;
928 if (size > maxByteLen) {
929 size = maxByteLen;
930 }
931 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
932 std::cout << "memcpy_s failed!";
933 UNREACHABLE();
934 }
935 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
936 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
937 info->SetFunction(JSTaggedValue::Undefined());
938 info->SetThis(arrayList.GetTaggedValue());
939 info->SetCallArg(0, JSTaggedValue(inputNum));
940 ContainersArrayList::Add(info);
941
942 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
943 callInfo->SetFunction(JSTaggedValue::Undefined());
944 callInfo->SetThis(arrayList.GetTaggedValue());
945 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
946 ContainersArrayList::TrimToCurrentLength(callInfo);
947 }
948 JSNApi::DestroyJSVM(vm);
949 }
950
JSValueRefInstanceOfValueFuzzTest(const uint8_t * data,size_t size)951 void JSValueRefInstanceOfValueFuzzTest(const uint8_t *data, size_t size)
952 {
953 FuzzedDataProvider fdp(data, size);
954 const int arkProp = fdp.ConsumeIntegral<int>();
955 RuntimeOption option;
956 option.SetLogLevel(common::LOG_LEVEL::ERROR);
957 option.SetArkProperties(arkProp);
958 EcmaVM *vm = JSNApi::CreateJSVM(option);
959 {
960 JsiFastNativeScope scope(vm);
961 Local<ObjectRef> origin = ObjectRef::New(vm);
962 JSHandle<GlobalEnv> globalEnv = vm->GetGlobalEnv();
963 JSHandle<JSFunction> constructor(globalEnv->GetObjectFunction());
964 JSHandle<JSTaggedValue> arryListTag = JSHandle<JSTaggedValue>::Cast(constructor);
965 Local<JSValueRef> value = JSNApiHelper::ToLocal<JSValueRef>(arryListTag);
966 (void)origin->InstanceOf(vm, value);
967 }
968 JSNApi::DestroyJSVM(vm);
969 }
970 }
971
972 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)973 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
974 {
975 // Run your code on data.
976 OHOS::ArrayListAddFuzzTest(data, size);
977 OHOS::ArrayListForEachFuzzTest(data, size);
978 OHOS::ArrayListIsEmptyFuzzTest(data, size);
979 OHOS::ArrayListInsertFuzzTest(data, size);
980 OHOS::ArrayListIncreaseCapacityToFuzzTest(data, size);
981 OHOS::ArrayListHasFuzzTest(data, size);
982 OHOS::ArrayListGetSizeFuzzTest(data, size);
983 OHOS::ArrayListGetLastIndexOfFuzzTest(data, size);
984 OHOS::ArrayListGetIteratorObjFuzzTest(data, size);
985 OHOS::ArrayListGetIndexOfFuzzTest(data, size);
986 OHOS::ArrayListGetCapacityFuzzTest(data, size);
987 OHOS::ArrayListGetFuzzTest(data, size);
988 OHOS::ArrayListConvertToArrayFuzzTest(data, size);
989 OHOS::ArrayListCloneFuzzTest(data, size);
990 OHOS::ArrayListClearFuzzTest(data, size);
991 OHOS::ArrayListRemoveByIndexFuzzTest(data, size);
992 OHOS::ArrayListRemoveByRangeFuzzTest(data, size);
993 OHOS::ArrayListReplaceAllElementsFuzzTest(data, size);
994 OHOS::ArrayListSetFuzzTest(data, size);
995 OHOS::ArrayListSortFuzzTest(data, size);
996 OHOS::ArrayListSubArrayListFuzzTest(data, size);
997 OHOS::ArrayListTrimToCurrentLengthFuzzTest(data, size);
998 OHOS::JSValueRefInstanceOfValueFuzzTest(data, size);
999 return 0;
1000 }