/* * Copyright 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include namespace android { static void addProperty(FuzzEventHub& eventHub, std::shared_ptr fdp) { // Pick a random property to set for the mapper to have set. fdp->PickValueInArray>( {[&]() -> void { eventHub.addProperty("cursor.mode", "pointer"); }, [&]() -> void { eventHub.addProperty("cursor.mode", "navigation"); }, [&]() -> void { eventHub.addProperty("cursor.mode", fdp->ConsumeRandomLengthString(100).data()); }, [&]() -> void { eventHub.addProperty("cursor.orientationAware", fdp->ConsumeRandomLengthString(100).data()); }})(); } extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) { std::shared_ptr fdp = std::make_shared(data, size); // Create mocked objects to support the fuzzed input mapper. std::shared_ptr eventHub = std::make_shared(fdp); FuzzInputReaderContext context(eventHub, fdp); InputDevice device = getFuzzedInputDevice(*fdp, &context); InputReaderConfiguration policyConfig; CursorInputMapper& mapper = getMapperForDevice(*fdp.get(), device, policyConfig); // Loop through mapper operations until randomness is exhausted. while (fdp->remaining_bytes() > 0) { fdp->PickValueInArray>({ [&]() -> void { addProperty(*eventHub.get(), fdp); configureAndResetDevice(*fdp, device); }, [&]() -> void { std::string dump; mapper.dump(dump); }, [&]() -> void { mapper.getSources(); }, [&]() -> void { std::list unused = mapper.reconfigure(fdp->ConsumeIntegral(), policyConfig, InputReaderConfiguration::Change( fdp->ConsumeIntegral())); }, [&]() -> void { // Need to reconfigure with 0 or you risk a NPE. std::list unused = mapper.reconfigure(fdp->ConsumeIntegral(), policyConfig, InputReaderConfiguration::Change(0)); InputDeviceInfo info; mapper.populateDeviceInfo(info); }, [&]() -> void { // Need to reconfigure with 0 or you risk a NPE. std::list unused = mapper.reconfigure(fdp->ConsumeIntegral(), policyConfig, InputReaderConfiguration::Change(0)); RawEvent rawEvent = getFuzzedRawEvent(*fdp); unused += mapper.process(rawEvent); }, [&]() -> void { std::list unused = mapper.reset(fdp->ConsumeIntegral()); }, [&]() -> void { mapper.getScanCodeState(fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { // Need to reconfigure with 0 or you risk a NPE. std::list unused = mapper.reconfigure(fdp->ConsumeIntegral(), policyConfig, InputReaderConfiguration::Change(0)); mapper.getAssociatedDisplayId(); }, })(); } return 0; } } // namespace android