Loading system/gd/l2cap/l2cap_packet_test.cc +13 −0 Original line number Original line Diff line number Diff line Loading @@ -151,5 +151,18 @@ TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_5202709231697920) { sizeof(bluetooth_gd_fuzz_test_5747922062802944)); sizeof(bluetooth_gd_fuzz_test_5747922062802944)); } } TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_manual_5655429176229888) { std::vector<uint8_t> vec{0xc7, 0x0f, 0x0b, 0xe8, 0xfb, 0xff}; auto shared_bytes = std::make_shared<std::vector<uint8_t>>(vec); PacketView<kLittleEndian> packet_bytes_view(shared_bytes); auto bfwf = BasicFrameWithFcsView::Create(packet_bytes_view); ASSERT_FALSE(bfwf.IsValid()); auto sfwf = StandardFrameWithFcsView::Create(bfwf); ASSERT_FALSE(sfwf.IsValid()); auto sif = StandardInformationFrameWithFcsView::Create(sfwf); ASSERT_FALSE(sif.IsValid()); } } // namespace l2cap } // namespace l2cap } // namespace bluetooth } // namespace bluetooth system/gd/packet/parser/packet_def.cc +1 −0 Original line number Original line Diff line number Diff line Loading @@ -239,6 +239,7 @@ void PacketDef::GenValidator(std::ostream& s) const { } } s << "size_t end_sum_index = size() - (" << started_field->GetSize() << " - " << end_offset << ") / 8;"; s << "size_t end_sum_index = size() - (" << started_field->GetSize() << " - " << end_offset << ") / 8;"; } } s << "if (end_sum_index >= size()) { return false; }"; if (is_little_endian_) { if (is_little_endian_) { s << "auto checksum_view = GetLittleEndianSubview(sum_index, end_sum_index);"; s << "auto checksum_view = GetLittleEndianSubview(sum_index, end_sum_index);"; } else { } else { Loading system/gd/packet/parser/test/generated_packet_test.cc +10 −0 Original line number Original line Diff line number Diff line Loading @@ -362,6 +362,16 @@ TEST(GeneratedPacketTest, testChildWithNestedSum) { ASSERT_EQ(more_bytes, child_view.GetMoreBytes()); ASSERT_EQ(more_bytes, child_view.GetMoreBytes()); } } TEST(GeneratedPacketTest, testSizedWithSumBadSize) { vector<uint8_t> size_too_big{0x01, 0x02, 0x23, 0x11, 0x22, 0x33, 0x66, 0x00}; auto shared_bytes = std::make_shared<std::vector<uint8_t>>(size_too_big); PacketView<kLittleEndian> packet_bytes_view(shared_bytes); auto sws = SizedWithSumView::Create(packet_bytes_view); ASSERT_FALSE(sws.IsValid()); } namespace { namespace { vector<uint8_t> parent_size_modifier = { vector<uint8_t> parent_size_modifier = { 0x02 /* Size */, 0x02 /* Size */, Loading system/gd/packet/parser/test/test_packets.pdl +12 −0 Original line number Original line Diff line number Diff line Loading @@ -89,6 +89,18 @@ packet ChildWithNestedSum : ParentWithSum { nested_checksum : SimpleSum, nested_checksum : SimpleSum, } } packet SizedWithSum { two_bytes : 16, _size_(_payload_) : 8, _checksum_start_(example_checksum), _payload_, example_checksum : SimpleSum, } test SizedWithSum { "\x01\x02\x03\x01\x02\x03\x06\x00", } packet ParentSizeModifier { packet ParentSizeModifier { _size_(_payload_) : 8, _size_(_payload_) : 8, _payload_ : [+2], // Include two_bytes in the size _payload_ : [+2], // Include two_bytes in the size Loading Loading
system/gd/l2cap/l2cap_packet_test.cc +13 −0 Original line number Original line Diff line number Diff line Loading @@ -151,5 +151,18 @@ TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_5202709231697920) { sizeof(bluetooth_gd_fuzz_test_5747922062802944)); sizeof(bluetooth_gd_fuzz_test_5747922062802944)); } } TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_manual_5655429176229888) { std::vector<uint8_t> vec{0xc7, 0x0f, 0x0b, 0xe8, 0xfb, 0xff}; auto shared_bytes = std::make_shared<std::vector<uint8_t>>(vec); PacketView<kLittleEndian> packet_bytes_view(shared_bytes); auto bfwf = BasicFrameWithFcsView::Create(packet_bytes_view); ASSERT_FALSE(bfwf.IsValid()); auto sfwf = StandardFrameWithFcsView::Create(bfwf); ASSERT_FALSE(sfwf.IsValid()); auto sif = StandardInformationFrameWithFcsView::Create(sfwf); ASSERT_FALSE(sif.IsValid()); } } // namespace l2cap } // namespace l2cap } // namespace bluetooth } // namespace bluetooth
system/gd/packet/parser/packet_def.cc +1 −0 Original line number Original line Diff line number Diff line Loading @@ -239,6 +239,7 @@ void PacketDef::GenValidator(std::ostream& s) const { } } s << "size_t end_sum_index = size() - (" << started_field->GetSize() << " - " << end_offset << ") / 8;"; s << "size_t end_sum_index = size() - (" << started_field->GetSize() << " - " << end_offset << ") / 8;"; } } s << "if (end_sum_index >= size()) { return false; }"; if (is_little_endian_) { if (is_little_endian_) { s << "auto checksum_view = GetLittleEndianSubview(sum_index, end_sum_index);"; s << "auto checksum_view = GetLittleEndianSubview(sum_index, end_sum_index);"; } else { } else { Loading
system/gd/packet/parser/test/generated_packet_test.cc +10 −0 Original line number Original line Diff line number Diff line Loading @@ -362,6 +362,16 @@ TEST(GeneratedPacketTest, testChildWithNestedSum) { ASSERT_EQ(more_bytes, child_view.GetMoreBytes()); ASSERT_EQ(more_bytes, child_view.GetMoreBytes()); } } TEST(GeneratedPacketTest, testSizedWithSumBadSize) { vector<uint8_t> size_too_big{0x01, 0x02, 0x23, 0x11, 0x22, 0x33, 0x66, 0x00}; auto shared_bytes = std::make_shared<std::vector<uint8_t>>(size_too_big); PacketView<kLittleEndian> packet_bytes_view(shared_bytes); auto sws = SizedWithSumView::Create(packet_bytes_view); ASSERT_FALSE(sws.IsValid()); } namespace { namespace { vector<uint8_t> parent_size_modifier = { vector<uint8_t> parent_size_modifier = { 0x02 /* Size */, 0x02 /* Size */, Loading
system/gd/packet/parser/test/test_packets.pdl +12 −0 Original line number Original line Diff line number Diff line Loading @@ -89,6 +89,18 @@ packet ChildWithNestedSum : ParentWithSum { nested_checksum : SimpleSum, nested_checksum : SimpleSum, } } packet SizedWithSum { two_bytes : 16, _size_(_payload_) : 8, _checksum_start_(example_checksum), _payload_, example_checksum : SimpleSum, } test SizedWithSum { "\x01\x02\x03\x01\x02\x03\x06\x00", } packet ParentSizeModifier { packet ParentSizeModifier { _size_(_payload_) : 8, _size_(_payload_) : 8, _payload_ : [+2], // Include two_bytes in the size _payload_ : [+2], // Include two_bytes in the size Loading
