/*
 * Copyright (C) 2021 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/* Following files are taken as reference to come up with this PoC */
/* 1. 'system/nfc/src/fuzzers/fuzz_utils.cc'                       */
/* 2. 'system/nfc/src/fuzzers/rw/main.cc'                          */

#include <vector>
#include "../includes/common.h"
#include "fuzz.h"
#include "fuzz_cmn.h"
extern void Type4_Fuzz(uint8_t SubType, const std::vector<bytes_t> &Packets);

FILE *file = nullptr;
char *vulnPtr = nullptr;
bool testInProgress = false;

struct sigaction new_action, old_action;
void sigsegv_handler(int signum, siginfo_t *info, void *context) {
    if (testInProgress && info->si_signo == SIGSEGV) {
        const size_t page_size = getpagesize();
	const size_t page_mask = (~(page_size - 1));
        if (page_size) {
            char *vulnPtrGuardPage = (char *)((size_t)vulnPtr & page_mask) + page_size;
            char *faultPage = (char *)((size_t)info->si_addr & page_mask);
            if (faultPage == vulnPtrGuardPage) {
                (*old_action.sa_sigaction)(signum, info, context);
                return;
            }
        }
    }
    _exit(EXIT_FAILURE);
}

void exit_Handler(void) {
    if (file) {
        fclose(file);
    }
}

static std::vector<bytes_t> UnpackPackets(const uint8_t *Data, size_t Size) {
    std::vector<bytes_t> result;
    while (Size > 0) {
        auto s = *Data++;
        Size--;

        if (s > Size) {
            s = Size;
        }

        if (s > 0) {
            result.push_back(bytes_t(Data, Data + s));
        }

        Size -= s;
        Data += s;
    }

    return result;
}

int main(int argc, char **argv) {
    sigemptyset(&new_action.sa_mask);
    new_action.sa_flags = SA_SIGINFO;
    new_action.sa_sigaction = sigsegv_handler;
    sigaction(SIGSEGV, &new_action, &old_action);
    FAIL_CHECK(argc > 1);

    file = fopen(argv[1], "r");
    FAIL_CHECK(file);

    fseek(file, 0, SEEK_END);
    size_t size = ftell(file);
    fseek(file, 0, SEEK_SET);

    std::vector<uint8_t> bufVector(size);
    FAIL_CHECK(bufVector.data());
    FAIL_CHECK(fread(bufVector.data(), 1, size, file) == size);

    const uint8_t *data = (const uint8_t *)bufVector.data();
    auto Packets = UnpackPackets(data, size);
    FAIL_CHECK(Packets.size() > 1);

    auto &ctrl = Packets[0];
    FAIL_CHECK(ctrl.size() > 1);

    Type4_Fuzz(ctrl[1], Packets);

    return EXIT_SUCCESS;
}