1 /*
2 * Copyright 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <CursorInputMapper.h>
18 #include <InputDevice.h>
19 #include <InputReaderBase.h>
20 #include <MapperHelpers.h>
21
22 namespace android {
23
addProperty(FuzzEventHub & eventHub,std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp)24 static void addProperty(FuzzEventHub& eventHub, std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp) {
25 // Pick a random property to set for the mapper to have set.
26 fdp->PickValueInArray<std::function<void()>>(
27 {[&]() -> void { eventHub.addProperty("cursor.mode", "pointer"); },
28 [&]() -> void { eventHub.addProperty("cursor.mode", "navigation"); },
29 [&]() -> void {
30 eventHub.addProperty("cursor.mode", fdp->ConsumeRandomLengthString(100).data());
31 },
32 [&]() -> void {
33 eventHub.addProperty("cursor.orientationAware",
34 fdp->ConsumeRandomLengthString(100).data());
35 }})();
36 }
37
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)38 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
39 std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp =
40 std::make_shared<ThreadSafeFuzzedDataProvider>(data, size);
41
42 // Create mocked objects to support the fuzzed input mapper.
43 std::shared_ptr<FuzzEventHub> eventHub = std::make_shared<FuzzEventHub>(fdp);
44 FuzzInputReaderContext context(eventHub, fdp);
45 InputDevice device = getFuzzedInputDevice(*fdp, &context);
46
47 InputReaderConfiguration policyConfig;
48 CursorInputMapper& mapper =
49 getMapperForDevice<ThreadSafeFuzzedDataProvider, CursorInputMapper>(*fdp.get(), device,
50 policyConfig);
51
52 // Loop through mapper operations until randomness is exhausted.
53 while (fdp->remaining_bytes() > 0) {
54 fdp->PickValueInArray<std::function<void()>>({
55 [&]() -> void {
56 addProperty(*eventHub.get(), fdp);
57 configureAndResetDevice(*fdp, device);
58 },
59 [&]() -> void {
60 std::string dump;
61 mapper.dump(dump);
62 },
63 [&]() -> void { mapper.getSources(); },
64 [&]() -> void {
65 std::list<NotifyArgs> unused =
66 mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), policyConfig,
67 InputReaderConfiguration::Change(
68 fdp->ConsumeIntegral<int32_t>()));
69 },
70 [&]() -> void {
71 // Need to reconfigure with 0 or you risk a NPE.
72 std::list<NotifyArgs> unused =
73 mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), policyConfig,
74 InputReaderConfiguration::Change(0));
75 InputDeviceInfo info;
76 mapper.populateDeviceInfo(info);
77 },
78 [&]() -> void {
79 // Need to reconfigure with 0 or you risk a NPE.
80 std::list<NotifyArgs> unused =
81 mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), policyConfig,
82 InputReaderConfiguration::Change(0));
83 RawEvent rawEvent = getFuzzedRawEvent(*fdp);
84 unused += mapper.process(rawEvent);
85 },
86 [&]() -> void {
87 std::list<NotifyArgs> unused = mapper.reset(fdp->ConsumeIntegral<nsecs_t>());
88 },
89 [&]() -> void {
90 mapper.getScanCodeState(fdp->ConsumeIntegral<uint32_t>(),
91 fdp->ConsumeIntegral<int32_t>());
92 },
93 [&]() -> void {
94 // Need to reconfigure with 0 or you risk a NPE.
95 std::list<NotifyArgs> unused =
96 mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), policyConfig,
97 InputReaderConfiguration::Change(0));
98 mapper.getAssociatedDisplayId();
99 },
100 })();
101 }
102
103 return 0;
104 }
105
106 } // namespace android
107