Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2097bbd8 authored by Zach Johnson's avatar Zach Johnson Committed by Gerrit Code Review
Browse files

Merge changes Ic98d029e,I51f8bdd9 

* changes:
  Add fake_timerfd_cap_at to allow tests to prevent error conditions
  Use new View.FromBytes function available in testing
parents 5d21f3fe a9d8924a

system/gd/hal/fuzz/fuzz_hci_hal.cc

+4 −8
Original line number Diff line number Diff line
@@ -31,8 +31,7 @@ void FuzzHciHal::unregisterIncomingPacketCallback() { 
}



void FuzzHciHal::sendHciCommand(HciPacket packet) {

  auto packetView = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(packet));

  hci::CommandPacketView command = hci::CommandPacketView::Create(packetView);

  hci::CommandPacketView command = hci::CommandPacketView::FromBytes(packet);

  if (!command.IsValid()) {

    return;

  }
@@ -42,8 +41,7 @@ void FuzzHciHal::sendHciCommand(HciPacket packet) { 
}



void FuzzHciHal::injectHciEvent(std::vector<uint8_t> data) {

  auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data));

  hci::EventPacketView event = hci::EventPacketView::Create(packet);

  hci::EventPacketView event = hci::EventPacketView::FromBytes(data);

  if (!event.IsValid()) {

    return;

  }
@@ -70,8 +68,7 @@ void FuzzHciHal::injectHciEvent(std::vector<uint8_t> data) { 
}



void FuzzHciHal::injectAclData(std::vector<uint8_t> data) {

  auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data));

  hci::AclPacketView aclPacket = hci::AclPacketView::Create(packet);

  hci::AclPacketView aclPacket = hci::AclPacketView::FromBytes(data);

  if (!aclPacket.IsValid()) {

    return;

  }
@@ -80,8 +77,7 @@ void FuzzHciHal::injectAclData(std::vector<uint8_t> data) { 
}



void FuzzHciHal::injectScoData(std::vector<uint8_t> data) {

  auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data));

  hci::ScoPacketView scoPacket = hci::ScoPacketView::Create(packet);

  hci::ScoPacketView scoPacket = hci::ScoPacketView::FromBytes(data);

  if (!scoPacket.IsValid()) {

    return;

  }

system/gd/hci/fuzz/dev_null_hci.cc

+1 −2
Original line number Diff line number Diff line
@@ -48,8 +48,7 @@ void DevNullHci::Stop() { 
}



void DevNullHci::injectAclData(std::vector<uint8_t> data) {

  auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data));

  hci::AclPacketView aclPacket = hci::AclPacketView::Create(packet);

  hci::AclPacketView aclPacket = hci::AclPacketView::FromBytes(data);

  if (!aclPacket.IsValid()) {

    return;

  }

system/gd/hci/fuzz/hci_layer_fuzz_test.cc

+2 −0
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ using bluetooth::hal::HciHal; 
using bluetooth::hal::fuzz::FuzzHciHal;

using bluetooth::hci::fuzz::DevNullHci;

using bluetooth::os::fuzz::fake_timerfd_advance;

using bluetooth::os::fuzz::fake_timerfd_cap_at;

using bluetooth::os::fuzz::fake_timerfd_reset;



static std::vector<uint8_t> GetArbitraryBytes(FuzzedDataProvider* fdp) {
@@ -38,6 +39,7 @@ static std::vector<uint8_t> GetArbitraryBytes(FuzzedDataProvider* fdp) { 


extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  FuzzedDataProvider dataProvider(data, size);

  fake_timerfd_cap_at(1999);  // prevent command timeouts



  static TestModuleRegistry moduleRegistry = TestModuleRegistry();

  FuzzHciHal* fuzzHal = new FuzzHciHal();

system/gd/os/fuzz/fake_timerfd.cc

+9 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ class FakeTimerFd { 


static std::map<int, FakeTimerFd*> fake_timers;

static uint64_t clock = 0;

static uint64_t max_clock = UINT64_MAX;



static uint64_t timespec_to_ms(const timespec* t) {

  return t->tv_sec * 1000 + t->tv_nsec / 1000000;
@@ -80,6 +81,7 @@ int fake_timerfd_close(int fd) { 


void fake_timerfd_reset() {

  clock = 0;

  max_clock = UINT64_MAX;

  // if there are entries still here, it is a failure of our users to clean up

  // so let them leak and trigger errors

  fake_timers.clear();
@@ -118,11 +120,18 @@ static bool fire_next_event(uint64_t new_clock) { 


void fake_timerfd_advance(uint64_t ms) {

  uint64_t new_clock = clock + ms;

  if (new_clock > max_clock) {

    new_clock = max_clock;

  }

  while (fire_next_event(new_clock)) {

  }

  clock = new_clock;

}



void fake_timerfd_cap_at(uint64_t ms) {

  max_clock = ms;

}



}  // namespace fuzz

}  // namespace os

}  // namespace bluetooth

system/gd/os/fuzz/fake_timerfd.h

+2 −0
Original line number Diff line number Diff line
@@ -33,6 +33,8 @@ void fake_timerfd_reset(); 


void fake_timerfd_advance(uint64_t ms);



void fake_timerfd_cap_at(uint64_t ms);



}  // namespace fuzz

}  // namespace os

}  // namespace bluetooth