• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <android/gui/ISurfaceComposer.h>
18 
19 #include <libgui_fuzzer_utils.h>
20 
21 using namespace android;
22 
23 constexpr gui::ISurfaceComposer::VsyncSource kVsyncSource[] = {
24         gui::ISurfaceComposer::VsyncSource::eVsyncSourceApp,
25         gui::ISurfaceComposer::VsyncSource::eVsyncSourceSurfaceFlinger,
26 };
27 
28 constexpr gui::ISurfaceComposer::EventRegistration kEventRegistration[] = {
29         gui::ISurfaceComposer::EventRegistration::modeChanged,
30         gui::ISurfaceComposer::EventRegistration::frameRateOverride,
31 };
32 
33 constexpr uint32_t kDisplayEvent[] = {
34         DisplayEventReceiver::DISPLAY_EVENT_NULL,
35         DisplayEventReceiver::DISPLAY_EVENT_VSYNC,
36         DisplayEventReceiver::DISPLAY_EVENT_HOTPLUG,
37         DisplayEventReceiver::DISPLAY_EVENT_MODE_CHANGE,
38         DisplayEventReceiver::DISPLAY_EVENT_FRAME_RATE_OVERRIDE,
39         DisplayEventReceiver::DISPLAY_EVENT_FRAME_RATE_OVERRIDE_FLUSH,
40 };
41 
42 constexpr int32_t kEvents[] = {
43         Looper::EVENT_INPUT,  Looper::EVENT_OUTPUT,  Looper::EVENT_ERROR,
44         Looper::EVENT_HANGUP, Looper::EVENT_INVALID,
45 };
46 
buildDisplayEvent(FuzzedDataProvider * fdp,uint32_t type,DisplayEventReceiver::Event event)47 DisplayEventReceiver::Event buildDisplayEvent(FuzzedDataProvider* fdp, uint32_t type,
48                                               DisplayEventReceiver::Event event) {
49     switch (type) {
50         case DisplayEventReceiver::DISPLAY_EVENT_VSYNC: {
51             event.vsync.count = fdp->ConsumeIntegral<uint32_t>();
52             event.vsync.vsyncData.frameInterval = fdp->ConsumeIntegral<uint64_t>();
53             event.vsync.vsyncData.preferredFrameTimelineIndex = fdp->ConsumeIntegral<uint32_t>();
54             for (size_t idx = 0; idx < gui::VsyncEventData::kFrameTimelinesCapacity; ++idx) {
55                 event.vsync.vsyncData.frameTimelines[idx].vsyncId = fdp->ConsumeIntegral<int64_t>();
56                 event.vsync.vsyncData.frameTimelines[idx].deadlineTimestamp =
57                         fdp->ConsumeIntegral<uint64_t>();
58                 event.vsync.vsyncData.frameTimelines[idx].expectedPresentationTime =
59                         fdp->ConsumeIntegral<uint64_t>();
60             }
61             break;
62 
63         }
64         case DisplayEventReceiver::DISPLAY_EVENT_HOTPLUG: {
65             event.hotplug = DisplayEventReceiver::Event::Hotplug{fdp->ConsumeBool() /*connected*/};
66             break;
67         }
68         case DisplayEventReceiver::DISPLAY_EVENT_MODE_CHANGE: {
69             event.modeChange =
70                     DisplayEventReceiver::Event::ModeChange{fdp->ConsumeIntegral<int32_t>(),
71                                                             fdp->ConsumeIntegral<int64_t>()};
72             break;
73         }
74         case DisplayEventReceiver::DISPLAY_EVENT_FRAME_RATE_OVERRIDE:
75         case DisplayEventReceiver::DISPLAY_EVENT_FRAME_RATE_OVERRIDE_FLUSH: {
76             event.frameRateOverride =
77                     DisplayEventReceiver::Event::FrameRateOverride{fdp->ConsumeIntegral<uint32_t>(),
78                                                                    fdp->ConsumeFloatingPoint<
79                                                                            float>()};
80             break;
81         }
82     }
83     return event;
84 }
85 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)86 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
87     FuzzedDataProvider fdp(data, size);
88     sp<Looper> looper;
89     sp<FakeDisplayEventDispatcher> dispatcher(
90             new FakeDisplayEventDispatcher(looper, fdp.PickValueInArray(kVsyncSource),
91                                            fdp.PickValueInArray(kEventRegistration)));
92 
93     dispatcher->initialize();
94     DisplayEventReceiver::Event event;
95     uint32_t type = fdp.PickValueInArray(kDisplayEvent);
96     PhysicalDisplayId displayId;
97     event.header =
98             DisplayEventReceiver::Event::Header{type, displayId, fdp.ConsumeIntegral<int64_t>()};
99     event = buildDisplayEvent(&fdp, type, event);
100 
101     dispatcher->injectEvent(event);
102     dispatcher->handleEvent(0, fdp.PickValueInArray(kEvents), nullptr);
103     return 0;
104 }
105