1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <fuzzer/FuzzedDataProvider.h>
17 #include "mapiteratorefget_fuzzer.h"
18 #include "ecmascript/containers/containers_list.h"
19 #include "ecmascript/containers/containers_private.h"
20 #include "ecmascript/ecma_string-inl.h"
21 #include "ecmascript/ecma_vm.h"
22 #include "ecmascript/global_env.h"
23 #include "ecmascript/js_handle.h"
24 #include "ecmascript/js_tagged_value.h"
25 #include "ecmascript/napi/include/jsnapi.h"
26 #include "ecmascript/js_thread.h"
27 #include "ecmascript/js_global_object.h"
28 #include "ecmascript/napi/jsnapi_helper.h"
29 #include "ecmascript/linked_hash_table.h"
30 #include "ecmascript/ecma_runtime_call_info.h"
31 #include "ecmascript/containers/containers_hashset.h"
32 #include "ecmascript/common.h"
33 #include "ecmascript/frames.h"
34 #include "ecmascript/object_factory.h"
35 #include "ecmascript/js_set.h"
36 #include "ecmascript/js_set_iterator.h"
37 #include "ecmascript/js_map.h"
38 #include "ecmascript/js_weak_container.h"
39 #include "ecmascript/js_map_iterator.h"
40 #include "ecmascript/containers/containers_arraylist.h"
41 #include "ecmascript/js_api/js_api_arraylist.h"
42 #include "ecmascript/builtins/builtins_function.h"
43 #include "ecmascript/builtins/builtins.h"
44 #include "ecmascript/ecma_global_storage.h"
45 #include "ecmascript/js_bigint.h"
46 #include "ecmascript/js_runtime_options.h"
47 #include "ecmascript/object_factory.h"
48 #include "ecmascript/tagged_array.h"
49 #include "ecmascript/js_generator_object.h"
50 #include "ecmascript/js_string_iterator.h"
51 #include "ecmascript/js_date_time_format.h"
52 #include "ecmascript/js_tagged_number.h"
53 #include "ecmascript/js_api/js_api_hashmap.h"
54 #include "ecmascript/builtins/builtins_regexp.h"
55 #include "ecmascript/js_regexp.h"
56 #include "ecmascript/tagged_hash_array.h"
57 #include "ecmascript/containers/containers_lightweightmap.h"
58 #include "ecmascript/containers/containers_lightweightset.h"
59
60 using namespace panda;
61 using namespace panda::test;
62 using namespace panda::ecmascript;
63 using namespace panda::ecmascript::containers;
64
65 namespace OHOS {
MapIteratorRefGetIndexFuzzTest(const uint8_t * data,size_t size)66 void MapIteratorRefGetIndexFuzzTest(const uint8_t *data, size_t size)
67 {
68 RuntimeOption option;
69 option.SetLogLevel(common::LOG_LEVEL::ERROR);
70 EcmaVM *vm = JSNApi::CreateJSVM(option);
71 {
72 JsiFastNativeScope scope(vm);
73 auto thread = vm->GetAssociatedJSThread();
74 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
75 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
76 JSHandle<JSTaggedValue> builtinsMapFunc = env->GetBuiltinsMapFunction();
77 auto obj = factory->NewJSObjectByConstructor(JSHandle<JSFunction>(builtinsMapFunc), builtinsMapFunc);
78 JSHandle<JSMap> jsMap(obj);
79 JSHandle<JSTaggedValue> linkedHashMap(LinkedHashMap::Create(thread));
80 jsMap->SetLinkedMap(thread, linkedHashMap);
81 JSHandle<JSTaggedValue> mapValue(jsMap);
82 FuzzedDataProvider fdp(data, size);
83 auto kind = fdp.PickValueInArray({
84 IterationKind::KEY,
85 IterationKind::VALUE,
86 IterationKind::KEY_AND_VALUE,
87 });
88 JSHandle<JSTaggedValue> mapIteratorVal = JSMapIterator::CreateMapIterator(thread, mapValue, kind);
89 JSHandle<JSMapIterator> mapIterator = JSHandle<JSMapIterator>::Cast(mapIteratorVal);
90 mapIterator->SetNextIndex(1);
91 Local<MapIteratorRef> object = JSNApiHelper::ToLocal<MapIteratorRef>(mapIteratorVal);
92 object->GetIndex();
93 }
94 JSNApi::DestroyJSVM(vm);
95 }
96
MapIteratorRefGetKindFuzzTest(const uint8_t * data,size_t size)97 void MapIteratorRefGetKindFuzzTest(const uint8_t *data, size_t size)
98 {
99 RuntimeOption option;
100 option.SetLogLevel(common::LOG_LEVEL::ERROR);
101 EcmaVM *vm = JSNApi::CreateJSVM(option);
102 {
103 JsiFastNativeScope scope(vm);
104 auto thread = vm->GetAssociatedJSThread();
105 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
106 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
107 JSHandle<JSTaggedValue> builtinsMapFunc = env->GetBuiltinsMapFunction();
108 auto obj = factory->NewJSObjectByConstructor(JSHandle<JSFunction>(builtinsMapFunc), builtinsMapFunc);
109 JSHandle<JSMap> jsMap(obj);
110 JSHandle<JSTaggedValue> linkedHashMap(LinkedHashMap::Create(thread));
111 jsMap->SetLinkedMap(thread, linkedHashMap);
112 JSHandle<JSTaggedValue> mapValue(jsMap);
113 FuzzedDataProvider fdp(data, size);
114 auto kind = fdp.PickValueInArray({
115 IterationKind::KEY,
116 IterationKind::VALUE,
117 IterationKind::KEY_AND_VALUE,
118 });
119 JSHandle<JSTaggedValue> mapIteratorVal =
120 JSMapIterator::CreateMapIterator(thread, mapValue, kind);
121 JSHandle<JSMapIterator> mapIterator = JSHandle<JSMapIterator>::Cast(mapIteratorVal);
122 mapIterator->SetIterationKind(IterationKind::KEY);
123 mapIterator->SetIterationKind(IterationKind::VALUE);
124 mapIterator->SetIterationKind(IterationKind::KEY_AND_VALUE);
125 Local<MapIteratorRef> object = JSNApiHelper::ToLocal<MapIteratorRef>(mapIteratorVal);
126 object->GetKind(vm);
127 }
128 JSNApi::DestroyJSVM(vm);
129 }
130 }
131
132 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)133 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
134 {
135 // Run your code on data.
136 OHOS::MapIteratorRefGetIndexFuzzTest(data, size);
137 OHOS::MapIteratorRefGetKindFuzzTest(data, size);
138 return 0;
139 }