HCI: Add fuzz test for HCI packets

  defaults: ["gd_defaults"],

  srcs: [

    "fuzz_test.cc",

    ":BluetoothHciFuzzTestSources",

    ":BluetoothL2capFuzzTestSources",

  ],

  static_libs: [

extern void RunL2capClassicDynamicChannelAllocatorFuzzTest(const uint8_t* data, size_t size);

extern void RunL2capPacketFuzzTest(const uint8_t* data, size_t size);

extern void RunHciPacketFuzzTest(const uint8_t* data, size_t size);

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  RunL2capClassicDynamicChannelAllocatorFuzzTest(data, size);

  RunL2capPacketFuzzTest(data, size);

  RunHciPacketFuzzTest(data, size);

  return 0;

}

 No newline at end of file

        "cert/cert.cc",

    ],

}

filegroup {

    name: "BluetoothHciFuzzTestSources",

    srcs: [

        "hci_packets_fuzz_test.cc",

    ],

}

/*

 * Copyright 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#define PACKET_FUZZ_TESTING

#include "hci/hci_packets.h"

#include <memory>

#include "os/log.h"

#include "packet/bit_inserter.h"

#include "packet/raw_builder.h"

using bluetooth::packet::BitInserter;

using bluetooth::packet::RawBuilder;

using std::vector;

namespace bluetooth {

namespace hci {

std::vector<void (*)(const uint8_t*, size_t)> hci_packet_fuzz_tests;

DEFINE_AND_REGISTER_ResetReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ResetCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadBufferSizeReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadBufferSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_HostBufferSizeReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_HostBufferSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadLocalVersionInformationReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadLocalVersionInformationCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadBdAddrReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadBdAddrCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadLocalSupportedCommandsReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadLocalSupportedCommandsCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteSimplePairingModeReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteSimplePairingModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteLeHostSupportReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteLeHostSupportCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadLocalExtendedFeaturesReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadLocalExtendedFeaturesCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteSecureConnectionsHostSupportReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteSecureConnectionsHostSupportCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_LeReadWhiteListSizeReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_LeReadWhiteListSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_LeReadBufferSizeReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_LeReadBufferSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteCurrentIacLapReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteCurrentIacLapCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteInquiryScanActivityReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WriteInquiryScanActivityCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadInquiryScanActivityReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadInquiryScanActivityCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadCurrentIacLapReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadCurrentIacLapCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadNumberOfSupportedIacReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadNumberOfSupportedIacCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadPageTimeoutReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ReadPageTimeoutCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WritePageTimeoutReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_WritePageTimeoutCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_InquiryReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_InquiryStatusReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_InquiryCancelReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_InquiryCancelCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_PeriodicInquiryModeReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_PeriodicInquiryModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ExitPeriodicInquiryModeReflectionFuzzTest(hci_packet_fuzz_tests);

DEFINE_AND_REGISTER_ExitPeriodicInquiryModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);

}  // namespace hci

}  // namespace bluetooth

void RunHciPacketFuzzTest(const uint8_t* data, size_t size) {

  if (data == nullptr) return;

  for (auto test_function : bluetooth::hci::hci_packet_fuzz_tests) {

    test_function(data, size);

  }

}

 No newline at end of file

#define PACKET_FUZZ_TESTING

#include "l2cap/l2cap_packets.h"

#include <gtest/gtest.h>

#include <forward_list>

#include <memory>

#include "os/log.h"

namespace bluetooth {

namespace l2cap {

DEFINE_ExtendedInformationStartFrameReflectionFuzzTest;

std::vector<void (*)(const uint8_t*, size_t)> l2cap_packet_fuzz_tests;

DEFINE_StandardInformationFrameWithFcsReflectionFuzzTest;

DEFINE_AND_REGISTER_ExtendedInformationStartFrameReflectionFuzzTest(l2cap_packet_fuzz_tests);

DEFINE_StandardSupervisoryFrameWithFcsReflectionFuzzTest;

DEFINE_AND_REGISTER_StandardInformationFrameWithFcsReflectionFuzzTest(l2cap_packet_fuzz_tests);

DEFINE_GroupFrameReflectionFuzzTest;

DEFINE_AND_REGISTER_StandardSupervisoryFrameWithFcsReflectionFuzzTest(l2cap_packet_fuzz_tests);

DEFINE_ConfigurationRequestReflectionFuzzTest;

DEFINE_AND_REGISTER_GroupFrameReflectionFuzzTest(l2cap_packet_fuzz_tests);

DEFINE_AND_REGISTER_ConfigurationRequestReflectionFuzzTest(l2cap_packet_fuzz_tests);

}  // namespace l2cap

}  // namespace bluetooth

void RunL2capPacketFuzzTest(const uint8_t* data, size_t size) {

  if (data == nullptr) return;

  bluetooth::l2cap::RunExtendedInformationStartFrameReflectionFuzzTest(data, size);

  bluetooth::l2cap::RunStandardInformationFrameWithFcsReflectionFuzzTest(data, size);

  bluetooth::l2cap::RunStandardSupervisoryFrameWithFcsReflectionFuzzTest(data, size);

  bluetooth::l2cap::RunGroupFrameReflectionFuzzTest(data, size);

  bluetooth::l2cap::RunConfigurationRequestReflectionFuzzTest(data, size);

  for (auto test_function : bluetooth::l2cap::l2cap_packet_fuzz_tests) {

    test_function(data, size);

  }

}

 No newline at end of file