Loading system/gd/fuzz_test.cc +2 −0 Original line number Diff line number Diff line Loading @@ -18,8 +18,10 @@ #include <stdint.h> extern void RunL2capClassicDynamicChannelAllocatorFuzzTest(const uint8_t* data, size_t size); extern void RunL2capPacketFuzzTest(const uint8_t* data, size_t size); extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { RunL2capClassicDynamicChannelAllocatorFuzzTest(data, size); RunL2capPacketFuzzTest(data, size); return 0; } No newline at end of file system/gd/l2cap/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -66,5 +66,6 @@ filegroup { name: "BluetoothL2capFuzzTestSources", srcs: [ "classic/internal/dynamic_channel_allocator_fuzz_test.cc", "l2cap_packet_fuzz_test.cc", ], } system/gd/l2cap/l2cap_packet_fuzz_test.cc 0 → 100644 +55 −0 Original line number Diff line number Diff line /* * Copyright 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #define PACKET_FUZZ_TESTING #include "l2cap/l2cap_packets.h" #include <gtest/gtest.h> #include <forward_list> #include <memory> #include "os/log.h" #include "packet/bit_inserter.h" #include "packet/raw_builder.h" using bluetooth::packet::BitInserter; using bluetooth::packet::RawBuilder; using std::vector; namespace bluetooth { namespace l2cap { DEFINE_ExtendedInformationStartFrameReflectionFuzzTest; DEFINE_StandardInformationFrameWithFcsReflectionFuzzTest; DEFINE_StandardSupervisoryFrameWithFcsReflectionFuzzTest; DEFINE_GroupFrameReflectionFuzzTest; DEFINE_ConfigurationRequestReflectionFuzzTest; } // namespace l2cap } // namespace bluetooth void RunL2capPacketFuzzTest(const uint8_t* data, size_t size) { if (data == nullptr) return; bluetooth::l2cap::RunExtendedInformationStartFrameReflectionFuzzTest(data, size); bluetooth::l2cap::RunStandardInformationFrameWithFcsReflectionFuzzTest(data, size); bluetooth::l2cap::RunStandardSupervisoryFrameWithFcsReflectionFuzzTest(data, size); bluetooth::l2cap::RunGroupFrameReflectionFuzzTest(data, size); bluetooth::l2cap::RunConfigurationRequestReflectionFuzzTest(data, size); } No newline at end of file system/gd/packet/parser/packet_def.cc +41 −0 Original line number Diff line number Diff line Loading @@ -285,6 +285,9 @@ void PacketDef::GenBuilderDefinition(std::ostream& s) const { GenTestDefine(s); s << "\n"; GenFuzzTestDefine(s); s << "\n"; } void PacketDef::GenTestDefine(std::ostream& s) const { Loading Loading @@ -336,6 +339,44 @@ void PacketDef::GenTestDefine(std::ostream& s) const { s << "\n#endif"; } void PacketDef::GenFuzzTestDefine(std::ostream& s) const { s << "#ifdef PACKET_FUZZ_TESTING\n"; s << "#define DEFINE_" << name_ << "ReflectionFuzzTest "; s << "void Run" << name_ << "ReflectionFuzzTest(const uint8_t* data, size_t size) {"; s << "auto vec = std::make_shared<std::vector<uint8_t>>(data, data + size);"; s << name_ << "View view = " << name_ << "View::Create("; auto ancestor_ptr = parent_; size_t parent_parens = 0; while (ancestor_ptr != nullptr) { s << ancestor_ptr->name_ << "View::Create("; parent_parens++; ancestor_ptr = ancestor_ptr->parent_; } s << "vec"; for (size_t i = 0; i < parent_parens; i++) { s << ")"; } s << ");"; s << "if (!view.IsValid()) { return; }"; s << "auto packet = " << name_ << "Builder::Create("; FieldList params = GetParamList().GetFieldsWithoutTypes({ BodyField::kFieldType, }); for (int i = 0; i < params.size(); i++) { params[i]->GenBuilderParameterFromView(s); if (i != params.size() - 1) { s << ", "; } } s << ");"; s << "std::shared_ptr<std::vector<uint8_t>> packet_bytes = std::make_shared<std::vector<uint8_t>>();"; s << "packet_bytes->reserve(packet->size());"; s << "BitInserter it(*packet_bytes);"; s << "packet->Serialize(it);"; s << "}"; s << "\n#endif"; } FieldList PacketDef::GetParametersToValidate() const { FieldList params_to_validate; for (const auto& field : GetParamList()) { Loading system/gd/packet/parser/packet_def.h +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,8 @@ class PacketDef : public ParentDef { void GenTestDefine(std::ostream& s) const; void GenFuzzTestDefine(std::ostream& s) const; FieldList GetParametersToValidate() const; void GenBuilderCreate(std::ostream& s) const; Loading Loading
system/gd/fuzz_test.cc +2 −0 Original line number Diff line number Diff line Loading @@ -18,8 +18,10 @@ #include <stdint.h> extern void RunL2capClassicDynamicChannelAllocatorFuzzTest(const uint8_t* data, size_t size); extern void RunL2capPacketFuzzTest(const uint8_t* data, size_t size); extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { RunL2capClassicDynamicChannelAllocatorFuzzTest(data, size); RunL2capPacketFuzzTest(data, size); return 0; } No newline at end of file
system/gd/l2cap/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -66,5 +66,6 @@ filegroup { name: "BluetoothL2capFuzzTestSources", srcs: [ "classic/internal/dynamic_channel_allocator_fuzz_test.cc", "l2cap_packet_fuzz_test.cc", ], }
system/gd/l2cap/l2cap_packet_fuzz_test.cc 0 → 100644 +55 −0 Original line number Diff line number Diff line /* * Copyright 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #define PACKET_FUZZ_TESTING #include "l2cap/l2cap_packets.h" #include <gtest/gtest.h> #include <forward_list> #include <memory> #include "os/log.h" #include "packet/bit_inserter.h" #include "packet/raw_builder.h" using bluetooth::packet::BitInserter; using bluetooth::packet::RawBuilder; using std::vector; namespace bluetooth { namespace l2cap { DEFINE_ExtendedInformationStartFrameReflectionFuzzTest; DEFINE_StandardInformationFrameWithFcsReflectionFuzzTest; DEFINE_StandardSupervisoryFrameWithFcsReflectionFuzzTest; DEFINE_GroupFrameReflectionFuzzTest; DEFINE_ConfigurationRequestReflectionFuzzTest; } // namespace l2cap } // namespace bluetooth void RunL2capPacketFuzzTest(const uint8_t* data, size_t size) { if (data == nullptr) return; bluetooth::l2cap::RunExtendedInformationStartFrameReflectionFuzzTest(data, size); bluetooth::l2cap::RunStandardInformationFrameWithFcsReflectionFuzzTest(data, size); bluetooth::l2cap::RunStandardSupervisoryFrameWithFcsReflectionFuzzTest(data, size); bluetooth::l2cap::RunGroupFrameReflectionFuzzTest(data, size); bluetooth::l2cap::RunConfigurationRequestReflectionFuzzTest(data, size); } No newline at end of file
system/gd/packet/parser/packet_def.cc +41 −0 Original line number Diff line number Diff line Loading @@ -285,6 +285,9 @@ void PacketDef::GenBuilderDefinition(std::ostream& s) const { GenTestDefine(s); s << "\n"; GenFuzzTestDefine(s); s << "\n"; } void PacketDef::GenTestDefine(std::ostream& s) const { Loading Loading @@ -336,6 +339,44 @@ void PacketDef::GenTestDefine(std::ostream& s) const { s << "\n#endif"; } void PacketDef::GenFuzzTestDefine(std::ostream& s) const { s << "#ifdef PACKET_FUZZ_TESTING\n"; s << "#define DEFINE_" << name_ << "ReflectionFuzzTest "; s << "void Run" << name_ << "ReflectionFuzzTest(const uint8_t* data, size_t size) {"; s << "auto vec = std::make_shared<std::vector<uint8_t>>(data, data + size);"; s << name_ << "View view = " << name_ << "View::Create("; auto ancestor_ptr = parent_; size_t parent_parens = 0; while (ancestor_ptr != nullptr) { s << ancestor_ptr->name_ << "View::Create("; parent_parens++; ancestor_ptr = ancestor_ptr->parent_; } s << "vec"; for (size_t i = 0; i < parent_parens; i++) { s << ")"; } s << ");"; s << "if (!view.IsValid()) { return; }"; s << "auto packet = " << name_ << "Builder::Create("; FieldList params = GetParamList().GetFieldsWithoutTypes({ BodyField::kFieldType, }); for (int i = 0; i < params.size(); i++) { params[i]->GenBuilderParameterFromView(s); if (i != params.size() - 1) { s << ", "; } } s << ");"; s << "std::shared_ptr<std::vector<uint8_t>> packet_bytes = std::make_shared<std::vector<uint8_t>>();"; s << "packet_bytes->reserve(packet->size());"; s << "BitInserter it(*packet_bytes);"; s << "packet->Serialize(it);"; s << "}"; s << "\n#endif"; } FieldList PacketDef::GetParametersToValidate() const { FieldList params_to_validate; for (const auto& field : GetParamList()) { Loading
system/gd/packet/parser/packet_def.h +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,8 @@ class PacketDef : public ParentDef { void GenTestDefine(std::ostream& s) const; void GenFuzzTestDefine(std::ostream& s) const; FieldList GetParametersToValidate() const; void GenBuilderCreate(std::ostream& s) const; Loading
