Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3fcf1c42 authored by Myles Watson's avatar Myles Watson Committed by Automerger Merge Worker
Browse files

Merge "Never fire timers in HCI fuzz" into main am: ab71d315 

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/2917685



Change-Id: I722d200f0860c9de0d40610e59a9079fb9bab4f4
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents b97de648 ab71d315

system/gd/hci/fuzz/hci_layer_fuzz_test.cc

+2 −8
Original line number Diff line number Diff line
@@ -31,28 +31,22 @@ using bluetooth::fuzz::GetArbitraryBytes; 
using bluetooth::hal::HciHal;

using bluetooth::hal::fuzz::FuzzHciHal;

using bluetooth::hci::fuzz::HciLayerFuzzClient;

using bluetooth::os::fake_timer::fake_timerfd_advance;

using bluetooth::os::fake_timer::fake_timerfd_cap_at;

using bluetooth::os::fake_timer::fake_timerfd_reset;



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  FuzzedDataProvider dataProvider(data, size);

  fake_timerfd_cap_at(1999);  // prevent command timeouts



  static FuzzTestModuleRegistry moduleRegistry = FuzzTestModuleRegistry();

  FuzzHciHal* fuzzHal = moduleRegistry.Inject<FuzzHciHal>(&HciHal::Factory);

  HciLayerFuzzClient* fuzzClient = moduleRegistry.Start<HciLayerFuzzClient>();



  while (dataProvider.remaining_bytes() > 0) {

    const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 5);

    const uint8_t action = dataProvider.ConsumeIntegralInRange(1, 2);

    switch (action) {

      case 1:

        fake_timerfd_advance(dataProvider.ConsumeIntegral<uint64_t>());

        break;

      case 2:

        fuzzHal->injectArbitrary(dataProvider);

        break;

      case 3:

      case 2:

        fuzzClient->injectArbitrary(dataProvider);

        break;

    }