1 /*
2 * Copyright 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <InputDevice.h>
18 #include <InputReaderBase.h>
19 #include <KeyboardInputMapper.h>
20 #include <MapperHelpers.h>
21
22 namespace android {
23
24 const int32_t kMaxKeycodes = 100;
25
addProperty(FuzzEventHub & eventHub,std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp)26 static void addProperty(FuzzEventHub& eventHub, std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp) {
27 // Pick a random property to set for the mapper to have set.
28 fdp->PickValueInArray<std::function<void()>>(
29 {[&]() -> void { eventHub.addProperty("keyboard.orientationAware", "1"); },
30 [&]() -> void {
31 eventHub.addProperty("keyboard.orientationAware",
32 fdp->ConsumeRandomLengthString(100).data());
33 },
34 [&]() -> void {
35 eventHub.addProperty("keyboard.doNotWakeByDefault",
36 fdp->ConsumeRandomLengthString(100).data());
37 },
38 [&]() -> void {
39 eventHub.addProperty("keyboard.handlesKeyRepeat",
40 fdp->ConsumeRandomLengthString(100).data());
41 }})();
42 }
43
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)44 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
45 std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp =
46 std::make_shared<ThreadSafeFuzzedDataProvider>(data, size);
47
48 // Create mocked objects to support the fuzzed input mapper.
49 std::shared_ptr<FuzzEventHub> eventHub = std::make_shared<FuzzEventHub>(fdp);
50 FuzzInputReaderContext context(eventHub, fdp);
51 InputDevice device = getFuzzedInputDevice(*fdp, &context);
52
53 KeyboardInputMapper& mapper =
54 getMapperForDevice<ThreadSafeFuzzedDataProvider,
55 KeyboardInputMapper>(*fdp.get(), device, InputReaderConfiguration{},
56 /*source=*/fdp->ConsumeIntegral<uint32_t>());
57
58 // Loop through mapper operations until randomness is exhausted.
59 while (fdp->remaining_bytes() > 0) {
60 fdp->PickValueInArray<std::function<void()>>({
61 [&]() -> void { addProperty(*eventHub.get(), fdp); },
62 [&]() -> void {
63 std::string dump;
64 mapper.dump(dump);
65 },
66 [&]() -> void {
67 InputDeviceInfo info;
68 mapper.populateDeviceInfo(info);
69 },
70 [&]() -> void { mapper.getSources(); },
71 [&]() -> void {
72 std::list<NotifyArgs> unused =
73 mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), /*readerConfig=*/{},
74 InputReaderConfiguration::Change(
75 fdp->ConsumeIntegral<uint32_t>()));
76 },
77 [&]() -> void {
78 std::list<NotifyArgs> unused = mapper.reset(fdp->ConsumeIntegral<nsecs_t>());
79 },
80 [&]() -> void {
81 RawEvent rawEvent = getFuzzedRawEvent(*fdp);
82 std::list<NotifyArgs> unused = mapper.process(rawEvent);
83 },
84 [&]() -> void {
85 mapper.getKeyCodeState(fdp->ConsumeIntegral<uint32_t>(),
86 fdp->ConsumeIntegral<int32_t>());
87 },
88 [&]() -> void {
89 mapper.getScanCodeState(fdp->ConsumeIntegral<uint32_t>(),
90 fdp->ConsumeIntegral<int32_t>());
91 },
92 [&]() -> void {
93 std::vector<int32_t> keyCodes;
94 int32_t numBytes = fdp->ConsumeIntegralInRange<int32_t>(0, kMaxKeycodes);
95 for (int32_t i = 0; i < numBytes; ++i) {
96 keyCodes.push_back(fdp->ConsumeIntegral<int32_t>());
97 }
98 mapper.markSupportedKeyCodes(fdp->ConsumeIntegral<uint32_t>(), keyCodes,
99 nullptr);
100 },
101 [&]() -> void { mapper.getMetaState(); },
102 [&]() -> void { mapper.updateMetaState(fdp->ConsumeIntegral<int32_t>()); },
103 [&]() -> void { mapper.getAssociatedDisplayId(); },
104 })();
105 }
106
107 return 0;
108 }
109
110 } // namespace android
111