Loading system/gd/hal/fuzz/fuzz_hci_hal.cc +11 −1 Original line number Diff line number Diff line Loading @@ -69,7 +69,7 @@ void FuzzHciHal::injectHciEvent(std::vector<uint8_t> data) { callbacks_->hciEventReceived(data); } void FuzzHciHal::injectAcl(std::vector<uint8_t> data) { void FuzzHciHal::injectAclData(std::vector<uint8_t> data) { auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data)); hci::AclPacketView aclPacket = hci::AclPacketView::Create(packet); if (!aclPacket.IsValid()) { Loading @@ -79,6 +79,16 @@ void FuzzHciHal::injectAcl(std::vector<uint8_t> data) { callbacks_->aclDataReceived(data); } void FuzzHciHal::injectScoData(std::vector<uint8_t> data) { auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data)); hci::ScoPacketView scoPacket = hci::ScoPacketView::Create(packet); if (!scoPacket.IsValid()) { return; } callbacks_->scoDataReceived(data); } } // namespace fuzz } // namespace hal } // namespace bluetooth system/gd/hal/fuzz/fuzz_hci_hal.h +2 −1 Original line number Diff line number Diff line Loading @@ -33,8 +33,9 @@ class FuzzHciHal : public HciHal { void sendAclData(HciPacket packet) override {} void sendScoData(HciPacket packet) override {} void injectAcl(std::vector<uint8_t> data); void injectAclData(std::vector<uint8_t> data); void injectHciEvent(std::vector<uint8_t> data); void injectScoData(std::vector<uint8_t> data); std::string ToString() const override { return "HciHalFuzz"; Loading system/gd/hci/fuzz/hci_layer_fuzz_test.cc +5 −2 Original line number Diff line number Diff line Loading @@ -42,17 +42,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { moduleRegistry.Start<DevNullHci>(&moduleRegistry.GetTestThread()); while (dataProvider.remaining_bytes() > 0) { const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 2); const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 4); switch (action) { case 1: fake_timerfd_advance(dataProvider.ConsumeIntegral<uint64_t>()); break; case 2: fuzzHal->injectAcl(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); fuzzHal->injectAclData(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); break; case 3: fuzzHal->injectHciEvent(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); break; case 4: fuzzHal->injectScoData(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); break; } } Loading Loading
system/gd/hal/fuzz/fuzz_hci_hal.cc +11 −1 Original line number Diff line number Diff line Loading @@ -69,7 +69,7 @@ void FuzzHciHal::injectHciEvent(std::vector<uint8_t> data) { callbacks_->hciEventReceived(data); } void FuzzHciHal::injectAcl(std::vector<uint8_t> data) { void FuzzHciHal::injectAclData(std::vector<uint8_t> data) { auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data)); hci::AclPacketView aclPacket = hci::AclPacketView::Create(packet); if (!aclPacket.IsValid()) { Loading @@ -79,6 +79,16 @@ void FuzzHciHal::injectAcl(std::vector<uint8_t> data) { callbacks_->aclDataReceived(data); } void FuzzHciHal::injectScoData(std::vector<uint8_t> data) { auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data)); hci::ScoPacketView scoPacket = hci::ScoPacketView::Create(packet); if (!scoPacket.IsValid()) { return; } callbacks_->scoDataReceived(data); } } // namespace fuzz } // namespace hal } // namespace bluetooth
system/gd/hal/fuzz/fuzz_hci_hal.h +2 −1 Original line number Diff line number Diff line Loading @@ -33,8 +33,9 @@ class FuzzHciHal : public HciHal { void sendAclData(HciPacket packet) override {} void sendScoData(HciPacket packet) override {} void injectAcl(std::vector<uint8_t> data); void injectAclData(std::vector<uint8_t> data); void injectHciEvent(std::vector<uint8_t> data); void injectScoData(std::vector<uint8_t> data); std::string ToString() const override { return "HciHalFuzz"; Loading
system/gd/hci/fuzz/hci_layer_fuzz_test.cc +5 −2 Original line number Diff line number Diff line Loading @@ -42,17 +42,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { moduleRegistry.Start<DevNullHci>(&moduleRegistry.GetTestThread()); while (dataProvider.remaining_bytes() > 0) { const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 2); const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 4); switch (action) { case 1: fake_timerfd_advance(dataProvider.ConsumeIntegral<uint64_t>()); break; case 2: fuzzHal->injectAcl(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); fuzzHal->injectAclData(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); break; case 3: fuzzHal->injectHciEvent(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); break; case 4: fuzzHal->injectScoData(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>())); break; } } Loading
