• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "photo_session_fuzzer.h"
17 #include "camera_log.h"
18 #include "camera_output_capability.h"
19 #include "input/camera_manager.h"
20 #include "message_parcel.h"
21 #include "token_setproc.h"
22 #include "nativetoken_kit.h"
23 #include "accesstoken_kit.h"
24 #include "securec.h"
25 #include "ipc_skeleton.h"
26 #include "photo_output.h"
27 #include <fuzzer/FuzzedDataProvider.h>
28 
29 namespace OHOS {
30 namespace CameraStandard {
31 static constexpr int32_t MIN_SIZE_NUM = 4;
32 
33 sptr<PhotoSession> fuzz_ = nullptr;
34 sptr<CameraManager> cameraManager_ = nullptr;
35 sptr<CaptureOutput> photoOutput_ = nullptr;
36 
PhotoSessionFuzzTest(FuzzedDataProvider & fdp)37 void PhotoSessionFuzzer::PhotoSessionFuzzTest(FuzzedDataProvider& fdp)
38 {
39     cameraManager_ = CameraManager::GetInstance();
40     sptr<CaptureSession> captureSession = cameraManager_->CreateCaptureSession(SceneMode::CAPTURE);
41     fuzz_ = static_cast<PhotoSession*>(captureSession.GetRefPtr());
42     if (fuzz_ == nullptr) {
43         return;
44     }
45     fuzz_->CanAddOutput(photoOutput_);
46     sptr<FluorescencePhotoSession> fluorescencePhotoSession =
47         static_cast<FluorescencePhotoSession*>(captureSession.GetRefPtr());
48 
49     sptr<Surface> photoSurface = Surface::CreateSurfaceAsConsumer("photoOutput");
50     sptr<IBufferProducer> bufferProducer = photoSurface->GetProducer();
51     sptr<CaptureOutput> output = new PhotoOutput(bufferProducer);
52     fluorescencePhotoSession->CanAddOutput(output);
53     uint8_t randomNum = fdp.ConsumeIntegral<uint8_t>();
54     std::vector<PreconfigType> preconfigTypeVec = {
55         PRECONFIG_720P,
56         PRECONFIG_1080P,
57         PRECONFIG_4K,
58         PRECONFIG_HIGH_QUALITY,
59     };
60     uint8_t underNum = randomNum % preconfigTypeVec.size();
61     PreconfigType preconfigType = preconfigTypeVec[underNum];
62     std::vector<ProfileSizeRatio> profileSizeRatioVec = {
63         UNSPECIFIED,
64         RATIO_1_1,
65         RATIO_4_3,
66         RATIO_16_9,
67     };
68     uint8_t underNumSec = randomNum % profileSizeRatioVec.size();
69     ProfileSizeRatio profileSizeRatio = profileSizeRatioVec[underNumSec];
70     std::vector<CameraFormat> cameraFormat = {
71         CAMERA_FORMAT_INVALID,
72         CAMERA_FORMAT_YCBCR_420_888,
73         CAMERA_FORMAT_RGBA_8888,
74         CAMERA_FORMAT_DNG,
75         CAMERA_FORMAT_DNG_XDRAW,
76         CAMERA_FORMAT_YUV_420_SP,
77         CAMERA_FORMAT_NV12,
78         CAMERA_FORMAT_YUV_422_YUYV,
79         CAMERA_FORMAT_JPEG,
80         CAMERA_FORMAT_YCBCR_P010,
81         CAMERA_FORMAT_YCRCB_P010,
82         CAMERA_FORMAT_HEIC,
83         CAMERA_FORMAT_DEPTH_16,
84         CAMERA_FORMAT_DEPTH_32,
85     };
86     uint8_t underFormat = randomNum % cameraFormat.size();
87     CameraFormat format = cameraFormat[underFormat];
88     fuzz_->GeneratePreconfigProfiles(preconfigType, profileSizeRatio);
89     auto configs = fuzz_->GeneratePreconfigProfiles(preconfigType, profileSizeRatio);
90     fuzz_->IsPreconfigProfilesLegal(configs);
91     fuzz_->CanPreconfig(preconfigType, profileSizeRatio);
92     fuzz_->Preconfig(preconfigType, profileSizeRatio);
93     auto cameras = cameraManager_->GetSupportedCameras();
94     CHECK_RETURN_ELOG(cameras.empty(), "PhotoSessionFuzzer: GetSupportedCameras Error");
95     Profile photo(format, {640, 480});
96     fuzz_->IsPhotoProfileLegal(cameras[0], photo);
97     Profile preview(format, {640, 480});
98     fuzz_->IsPreviewProfileLegal(cameras[0], preview);
99 }
100 
Test(uint8_t * data,size_t size)101 void Test(uint8_t* data, size_t size)
102 {
103     auto photoSession = std::make_unique<PhotoSessionFuzzer>();
104     if (photoSession == nullptr) {
105         MEDIA_INFO_LOG("photoSession is null");
106         return;
107     }
108     FuzzedDataProvider fdp(data, size);
109     if (fdp.remaining_bytes() < MIN_SIZE_NUM) {
110         return;
111     }
112     photoSession->PhotoSessionFuzzTest(fdp);
113 }
114 } // namespace CameraStandard
115 } // namespace OHOS
116 
117 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)118 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size)
119 {
120     OHOS::CameraStandard::Test(data, size);
121     return 0;
122 }