1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <fuzzer/FuzzedDataProvider.h>
17 #include "weaksetref_fuzzer.h"
18 #include "common_components/base/utf_helper.h"
19 #include "ecmascript/ecma_string-inl.h"
20 #include "ecmascript/global_env.h"
21 #include "ecmascript/js_handle.h"
22 #include "ecmascript/js_weak_container.h"
23 #include "ecmascript/napi/include/jsnapi.h"
24 #include "ecmascript/napi/jsnapi_helper.h"
25 #include "ecmascript/linked_hash_table.h"
26
27 using namespace panda;
28 using namespace panda::ecmascript;
29 using namespace common::utf_helper;
30
31 namespace OHOS {
WeakSetRefGetSizeFuzzTest(const uint8_t * data,size_t size)32 void WeakSetRefGetSizeFuzzTest(const uint8_t *data, size_t size)
33 {
34 RuntimeOption option;
35 option.SetLogLevel(common::LOG_LEVEL::ERROR);
36 EcmaVM *vm = JSNApi::CreateJSVM(option);
37 {
38 JsiFastNativeScope scope(vm);
39 if (size <= 0) {
40 return;
41 }
42 JSThread *thread = vm->GetJSThread();
43 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
44 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
45 JSHandle<JSTaggedValue> constructor = env->GetBuiltinsWeakSetFunction();
46 auto obj = factory->NewJSObjectByConstructor(JSHandle<JSFunction>(constructor), constructor);
47 JSHandle<JSWeakSet> weakSet = JSHandle<JSWeakSet>::Cast(obj);
48 JSHandle<LinkedHashSet> hashSet = LinkedHashSet::Create(thread);
49 weakSet->SetLinkedSet(thread, hashSet);
50 JSHandle<JSTaggedValue> weakSetTag = JSHandle<JSTaggedValue>::Cast(weakSet);
51 Local<WeakSetRef> set = JSNApiHelper::ToLocal<WeakSetRef>(weakSetTag);
52 FuzzedDataProvider fdp(data, size);
53 std::string str = fdp.ConsumeRandomLengthString(1024);
54 JSHandle<JSTaggedValue> value(factory->NewFromStdString(str));
55 JSWeakSet::Add(thread, weakSet, value);
56 set->GetSize(vm);
57 }
58 JSNApi::DestroyJSVM(vm);
59 return;
60 }
61
WeakSetRefGetTotalElementsFuzzTest(const uint8_t * data,size_t size)62 void WeakSetRefGetTotalElementsFuzzTest(const uint8_t *data, size_t size)
63 {
64 RuntimeOption option;
65 option.SetLogLevel(common::LOG_LEVEL::ERROR);
66 EcmaVM *vm = JSNApi::CreateJSVM(option);
67 {
68 JsiFastNativeScope scope(vm);
69 if (size <= 0) {
70 return;
71 }
72 JSThread *thread = vm->GetJSThread();
73 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
74 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
75 JSHandle<JSTaggedValue> constructor = env->GetBuiltinsWeakSetFunction();
76 auto obj = factory->NewJSObjectByConstructor(JSHandle<JSFunction>(constructor), constructor);
77 JSHandle<JSWeakSet> weakSet = JSHandle<JSWeakSet>::Cast(obj);
78 JSHandle<LinkedHashSet> hashSet = LinkedHashSet::Create(thread);
79 weakSet->SetLinkedSet(thread, hashSet);
80 JSHandle<JSTaggedValue> weakSetTag = JSHandle<JSTaggedValue>::Cast(weakSet);
81 Local<WeakSetRef> set = JSNApiHelper::ToLocal<WeakSetRef>(weakSetTag);
82 FuzzedDataProvider fdp(data, size);
83 std::string str = fdp.ConsumeRandomLengthString(1024);
84 JSHandle<JSTaggedValue> value(factory->NewFromStdString(str));
85 JSWeakSet::Add(thread, weakSet, value);
86 set->GetTotalElements(vm);
87 }
88 JSNApi::DestroyJSVM(vm);
89 return;
90 }
91
WeakSetRefGetValueFuzzTest(const uint8_t * data,size_t size)92 void WeakSetRefGetValueFuzzTest(const uint8_t *data, size_t size)
93 {
94 RuntimeOption option;
95 option.SetLogLevel(common::LOG_LEVEL::ERROR);
96 EcmaVM *vm = JSNApi::CreateJSVM(option);
97 {
98 JsiFastNativeScope scope(vm);
99 if (size <= 0) {
100 return;
101 }
102 JSThread *thread = vm->GetJSThread();
103 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
104 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
105 JSHandle<JSTaggedValue> constructor = env->GetBuiltinsWeakSetFunction();
106 auto obj = factory->NewJSObjectByConstructor(JSHandle<JSFunction>(constructor), constructor);
107 JSHandle<JSWeakSet> weakSet = JSHandle<JSWeakSet>::Cast(obj);
108 JSHandle<LinkedHashSet> hashSet = LinkedHashSet::Create(thread);
109 weakSet->SetLinkedSet(thread, hashSet);
110 JSHandle<JSTaggedValue> weakSetTag = JSHandle<JSTaggedValue>::Cast(weakSet);
111 Local<WeakSetRef> set = JSNApiHelper::ToLocal<WeakSetRef>(weakSetTag);
112 FuzzedDataProvider fdp(data, size);
113 std::string str = fdp.ConsumeRandomLengthString(1024);
114 JSHandle<JSTaggedValue> value(factory->NewFromStdString(str));
115 JSWeakSet::Add(thread, weakSet, value);
116 set->GetValue(vm, 0);
117 }
118 JSNApi::DestroyJSVM(vm);
119 return;
120 }
121 }
122
123 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)124 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
125 {
126 // Run your code on data.
127 OHOS::WeakSetRefGetSizeFuzzTest(data, size);
128 OHOS::WeakSetRefGetTotalElementsFuzzTest(data, size);
129 OHOS::WeakSetRefGetValueFuzzTest(data, size);
130 return 0;
131 }