• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <CameraParameters.h>
18 #include <CameraParameters2.h>
19 #include <fcntl.h>
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include <utils/String16.h>
22 
23 using namespace std;
24 using namespace android;
25 
26 string kValidFormats[] = {
27         CameraParameters::PIXEL_FORMAT_YUV422SP,      CameraParameters::PIXEL_FORMAT_YUV420SP,
28         CameraParameters::PIXEL_FORMAT_YUV422I,       CameraParameters::PIXEL_FORMAT_YUV420P,
29         CameraParameters::PIXEL_FORMAT_RGB565,        CameraParameters::PIXEL_FORMAT_RGBA8888,
30         CameraParameters::PIXEL_FORMAT_JPEG,          CameraParameters::PIXEL_FORMAT_BAYER_RGGB,
31         CameraParameters::PIXEL_FORMAT_ANDROID_OPAQUE};
32 
33 class CameraParametersFuzzer {
34   public:
35     void process(const uint8_t* data, size_t size);
~CameraParametersFuzzer()36     ~CameraParametersFuzzer() {
37         delete mCameraParameters;
38         delete mCameraParameters2;
39     }
40 
41   private:
42     void invokeCameraParameters();
43     template <class type>
44     void initCameraParameters(type** obj);
45     template <class type>
46     void cameraParametersCommon(type* obj);
47     CameraParameters* mCameraParameters = nullptr;
48     CameraParameters2* mCameraParameters2 = nullptr;
49     FuzzedDataProvider* mFDP = nullptr;
50 };
51 
52 template <class type>
initCameraParameters(type ** obj)53 void CameraParametersFuzzer::initCameraParameters(type** obj) {
54     if (mFDP->ConsumeBool()) {
55         *obj = new type();
56     } else {
57         string params;
58         if (mFDP->ConsumeBool()) {
59             int32_t width = mFDP->ConsumeIntegral<int32_t>();
60             int32_t height = mFDP->ConsumeIntegral<int32_t>();
61             int32_t minFps = mFDP->ConsumeIntegral<int32_t>();
62             int32_t maxFps = mFDP->ConsumeIntegral<int32_t>();
63             params = CameraParameters::KEY_SUPPORTED_VIDEO_SIZES;
64             params += '=' + to_string(width) + 'x' + to_string(height) + ';';
65             if (mFDP->ConsumeBool()) {
66                 params += CameraParameters::KEY_PREVIEW_FPS_RANGE;
67                 params += '=' + to_string(minFps) + ',' + to_string(maxFps) + ';';
68             }
69             if (mFDP->ConsumeBool()) {
70                 params += CameraParameters::KEY_SUPPORTED_PICTURE_SIZES;
71                 params += '=' + to_string(width) + 'x' + to_string(height) + ';';
72             }
73             if (mFDP->ConsumeBool()) {
74                 params += CameraParameters::KEY_SUPPORTED_PREVIEW_FORMATS;
75                 params += '=' + mFDP->PickValueInArray(kValidFormats) + ';';
76             }
77         } else {
78             params = mFDP->ConsumeRandomLengthString();
79         }
80         *obj = new type(String8(params.c_str()));
81     }
82 }
83 
84 template <class type>
cameraParametersCommon(type * obj)85 void CameraParametersFuzzer::cameraParametersCommon(type* obj) {
86     Vector<Size> supportedPreviewSizes;
87     obj->getSupportedPreviewSizes(supportedPreviewSizes);
88     int32_t previewWidth = mFDP->ConsumeIntegral<int32_t>();
89     int32_t previewHeight = mFDP->ConsumeIntegral<int32_t>();
90     obj->setPreviewSize(previewWidth, previewHeight);
91     obj->getPreviewSize(&previewWidth, &previewHeight);
92 
93     Vector<Size> supportedVideoSizes;
94     obj->getSupportedVideoSizes(supportedVideoSizes);
95     if (supportedVideoSizes.size() != 0) {
96         int32_t videoWidth, videoHeight, preferredVideoWidth, preferredVideoHeight;
97         if (mFDP->ConsumeBool()) {
98             int32_t idx = mFDP->ConsumeIntegralInRange<int32_t>(0, supportedVideoSizes.size() - 1);
99             obj->setVideoSize(supportedVideoSizes[idx].width, supportedVideoSizes[idx].height);
100         } else {
101             videoWidth = mFDP->ConsumeIntegral<int32_t>();
102             videoHeight = mFDP->ConsumeIntegral<int32_t>();
103             obj->setVideoSize(videoWidth, videoHeight);
104         }
105         obj->getVideoSize(&videoWidth, &videoHeight);
106         obj->getPreferredPreviewSizeForVideo(&preferredVideoWidth, &preferredVideoHeight);
107     }
108 
109     int32_t fps = mFDP->ConsumeIntegral<int32_t>();
110     obj->setPreviewFrameRate(fps);
111     obj->getPreviewFrameRate();
112     string previewFormat = mFDP->ConsumeBool() ? mFDP->PickValueInArray(kValidFormats)
113                                                : mFDP->ConsumeRandomLengthString();
114     obj->setPreviewFormat(previewFormat.c_str());
115 
116     int32_t pictureWidth = mFDP->ConsumeIntegral<int32_t>();
117     int32_t pictureHeight = mFDP->ConsumeIntegral<int32_t>();
118     Vector<Size> supportedPictureSizes;
119     obj->setPictureSize(pictureWidth, pictureHeight);
120     obj->getPictureSize(&pictureWidth, &pictureHeight);
121     obj->getSupportedPictureSizes(supportedPictureSizes);
122     string pictureFormat = mFDP->ConsumeBool() ? mFDP->PickValueInArray(kValidFormats)
123                                                : mFDP->ConsumeRandomLengthString();
124     obj->setPictureFormat(pictureFormat.c_str());
125     obj->getPictureFormat();
126 
127     if (mFDP->ConsumeBool()) {
128         obj->dump();
129     } else {
130         int32_t fd = open("/dev/null", O_CLOEXEC | O_RDWR | O_CREAT);
131         Vector<String16> args = {};
132         obj->dump(fd, args);
133         close(fd);
134     }
135 }
136 
invokeCameraParameters()137 void CameraParametersFuzzer::invokeCameraParameters() {
138     initCameraParameters<CameraParameters>(&mCameraParameters);
139     cameraParametersCommon<CameraParameters>(mCameraParameters);
140     initCameraParameters<CameraParameters2>(&mCameraParameters2);
141     cameraParametersCommon<CameraParameters2>(mCameraParameters2);
142 
143     int32_t minFPS, maxFPS;
144     mCameraParameters->getPreviewFpsRange(&minFPS, &maxFPS);
145     string format = mFDP->ConsumeBool() ? mFDP->PickValueInArray(kValidFormats)
146                                         : mFDP->ConsumeRandomLengthString();
147     mCameraParameters->previewFormatToEnum(format.c_str());
148     mCameraParameters->isEmpty();
149     Vector<int32_t> formats;
150     mCameraParameters->getSupportedPreviewFormats(formats);
151 }
152 
process(const uint8_t * data,size_t size)153 void CameraParametersFuzzer::process(const uint8_t* data, size_t size) {
154     mFDP = new FuzzedDataProvider(data, size);
155     invokeCameraParameters();
156     delete mFDP;
157 }
158 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)159 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
160     CameraParametersFuzzer cameraParametersFuzzer;
161     cameraParametersFuzzer.process(data, size);
162     return 0;
163 }
164