1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "Common.h"
18 #include "Enumerator.h"
19 #include "HalDisplay.h"
20 #include "MockHWDisplay.h"
21
22 #include <fuzzer/FuzzedDataProvider.h>
23
24 #include <sys/time.h>
25
26 #include <iostream>
27
28 using ::android::hardware::automotive::evs::V1_0::DisplayDesc;
29 using ::android::hardware::automotive::evs::V1_0::DisplayState;
30 using IEvsDisplay_1_0 = ::android::hardware::automotive::evs::V1_0::IEvsDisplay;
31
32 namespace android::automotive::evs::V1_1::implementation {
33
34 namespace {
35
36 enum EvsFuzzFuncs {
37 EVS_FUZZ_GET_HW_DISPLAY = 0, // verify getHwDisplay
38 EVS_FUZZ_GET_DISPLAY_INFO, // verify getDisplayInfo
39 EVS_FUZZ_SET_DISPLAY_STATE, // verify setDisplayState
40 EVS_FUZZ_GET_DISPLAY_STATE, // verify getDisplayState
41 EVS_FUZZ_GET_TARGET_BUFFER, // verify getTargetBuffer
42 EVS_FUZZ_RTN_TGT_BUF_FOR_DISPLAY, // verify returnTargetBufferForDisplay
43 EVS_FUZZ_GET_DISPLAY_INFO_1_1, // verify getDisplayInfo_1_1
44 EVS_FUZZ_TO_STRING, // verify toString
45 EVS_FUZZ_API_SUM
46 };
47
48 const int kMaxFuzzerConsumedBytes = 12;
49
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)50 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
51 FuzzedDataProvider fdp(data, size);
52 sp<IEvsDisplay_1_0> mockHWDisplay = new MockHWDisplay();
53 sp<HalDisplay> halDisplay = new HalDisplay(mockHWDisplay);
54
55 while (fdp.remaining_bytes() > kMaxFuzzerConsumedBytes) {
56 switch (fdp.ConsumeIntegralInRange<uint32_t>(0, EVS_FUZZ_API_SUM)) {
57 case EVS_FUZZ_GET_HW_DISPLAY: {
58 LOG(DEBUG) << "EVS_FUZZ_GET_HW_DISPLAY";
59 halDisplay->getHwDisplay();
60 break;
61 }
62 case EVS_FUZZ_GET_DISPLAY_INFO: {
63 LOG(DEBUG) << "EVS_FUZZ_GET_DISPLAY_INFO";
64 halDisplay->getDisplayInfo([](DisplayDesc desc) {});
65 break;
66 }
67 case EVS_FUZZ_SET_DISPLAY_STATE: {
68 LOG(DEBUG) << "EVS_FUZZ_SET_DISPLAY_STATE";
69 uint32_t state =
70 fdp.ConsumeIntegralInRange<uint32_t>(0,
71 static_cast<uint32_t>(
72 DisplayState::NUM_STATES) -
73 1);
74 halDisplay->setDisplayState(static_cast<DisplayState>(state));
75 break;
76 }
77 case EVS_FUZZ_GET_DISPLAY_STATE: {
78 LOG(DEBUG) << "EVS_FUZZ_GET_DISPLAY_STATE";
79 halDisplay->getDisplayState();
80 break;
81 }
82 case EVS_FUZZ_GET_TARGET_BUFFER: {
83 LOG(DEBUG) << "EVS_FUZZ_GET_TARGET_BUFFER";
84 halDisplay->getTargetBuffer([](const BufferDesc_1_0& buff) {});
85 break;
86 }
87 case EVS_FUZZ_RTN_TGT_BUF_FOR_DISPLAY: {
88 LOG(DEBUG) << "EVS_FUZZ_RTN_TGT_BUF_FOR_DISPLAY";
89 BufferDesc_1_0 buffer;
90 buffer.bufferId = fdp.ConsumeIntegral<int32_t>();
91 halDisplay->returnTargetBufferForDisplay(buffer);
92 break;
93 }
94 case EVS_FUZZ_GET_DISPLAY_INFO_1_1: {
95 LOG(DEBUG) << "EVS_FUZZ_GET_DISPLAY_INFO_1_1";
96 halDisplay->getDisplayInfo_1_1([](const auto& config, const auto& state) {});
97 break;
98 }
99 case EVS_FUZZ_TO_STRING: {
100 LOG(DEBUG) << "EVS_FUZZ_TO_STRING";
101 std::string indent = fdp.ConsumeRandomLengthString(kMaxFuzzerConsumedBytes);
102 halDisplay->toString(indent.c_str());
103 break;
104 }
105 default:
106 LOG(ERROR) << "Unexpected option, aborting...";
107 break;
108 }
109 }
110 return 0;
111 }
112
113 } // namespace
114 } // namespace android::automotive::evs::V1_1::implementation
115