1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "Common.h"
18 #include "Enumerator.h"
19 #include "HalDisplay.h"
20 #include "MockEvsDisplay.h"
21
22 #include <fuzzbinder/libbinder_ndk_driver.h>
23 #include <fuzzer/FuzzedDataProvider.h>
24
25 #include <sys/time.h>
26
27 #include <iostream>
28
29 namespace {
30
31 using aidl::android::automotive::evs::implementation::HalDisplay;
32 using aidl::android::automotive::evs::implementation::NiceMockEvsDisplay;
33 using aidl::android::hardware::automotive::evs::BufferDesc;
34 using aidl::android::hardware::automotive::evs::DisplayDesc;
35 using aidl::android::hardware::automotive::evs::DisplayState;
36 using aidl::android::hardware::automotive::evs::IEvsDisplay;
37
38 enum EvsFuzzFuncs {
39 EVS_FUZZ_GET_DISPLAY_INFO = 0, // verify getDisplayInfo
40 EVS_FUZZ_SET_DISPLAY_STATE, // verify setDisplayState
41 EVS_FUZZ_GET_DISPLAY_STATE, // verify getDisplayState
42 EVS_FUZZ_GET_TARGET_BUFFER, // verify getTargetBuffer
43 EVS_FUZZ_RTN_TGT_BUF_FOR_DISPLAY, // verify returnTargetBufferForDisplay
44 EVS_FUZZ_TO_STRING, // verify toString
45 EVS_FUZZ_API_SUM
46 };
47
48 const int kMaxFuzzerConsumedBytes = 12;
49
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)50 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
51 FuzzedDataProvider fdp(data, size);
52 std::shared_ptr<IEvsDisplay> mockHwDisplay = ndk::SharedRefBase::make<NiceMockEvsDisplay>();
53 std::shared_ptr<HalDisplay> halDisplay = ndk::SharedRefBase::make<HalDisplay>(mockHwDisplay);
54
55 while (fdp.remaining_bytes() > kMaxFuzzerConsumedBytes) {
56 switch (fdp.ConsumeIntegralInRange<uint32_t>(0, EVS_FUZZ_API_SUM)) {
57 case EVS_FUZZ_GET_DISPLAY_INFO: {
58 LOG(DEBUG) << "EVS_FUZZ_GET_DISPLAY_INFO";
59 DisplayDesc desc;
60 halDisplay->getDisplayInfo(&desc);
61 break;
62 }
63 case EVS_FUZZ_SET_DISPLAY_STATE: {
64 LOG(DEBUG) << "EVS_FUZZ_SET_DISPLAY_STATE";
65 uint32_t state = fdp.ConsumeIntegralInRange<uint32_t>(0,
66 static_cast<uint32_t>(
67 DisplayState::DEAD));
68 halDisplay->setDisplayState(static_cast<DisplayState>(state));
69 break;
70 }
71 case EVS_FUZZ_GET_DISPLAY_STATE: {
72 LOG(DEBUG) << "EVS_FUZZ_GET_DISPLAY_STATE";
73 DisplayState state;
74 halDisplay->getDisplayState(&state);
75 break;
76 }
77 case EVS_FUZZ_GET_TARGET_BUFFER: {
78 LOG(DEBUG) << "EVS_FUZZ_GET_TARGET_BUFFER";
79 BufferDesc displayBuffer;
80 halDisplay->getTargetBuffer(&displayBuffer);
81 break;
82 }
83 case EVS_FUZZ_RTN_TGT_BUF_FOR_DISPLAY: {
84 LOG(DEBUG) << "EVS_FUZZ_RTN_TGT_BUF_FOR_DISPLAY";
85 BufferDesc buffer;
86 buffer.bufferId = fdp.ConsumeIntegral<int32_t>();
87 halDisplay->returnTargetBufferForDisplay(buffer);
88 break;
89 }
90 case EVS_FUZZ_TO_STRING: {
91 LOG(DEBUG) << "EVS_FUZZ_TO_STRING";
92 std::string indent = fdp.ConsumeRandomLengthString(kMaxFuzzerConsumedBytes);
93 halDisplay->toString(indent.c_str());
94 break;
95 }
96 default:
97 LOG(ERROR) << "Unexpected option, aborting...";
98 break;
99 }
100 }
101 return 0;
102 }
103
104 } // namespace
105