bluetooth_gd_acl_manager_fuzz_test: Bug Fix (6cd77606) · Commits · e / os / android_packages_modules_Bluetooth

system/gd/hci/fuzz/acl_manager_fuzz_test.cc

+18 −3

Original line number	Diff line number	Diff line
		@@ -35,6 +35,13 @@ using bluetooth::os::fuzz::fake_timerfd_advance;
		using bluetooth::os::fuzz::fake_timerfd_cap_at;
		using bluetooth::os::fuzz::fake_timerfd_reset;

		constexpr int32_t kMinTimeAdvanced = 0;
		/**
		* kMaxTotalTimeAdvanced value is referenced from
		* kDefaultConfigSaveDelay defined in storage_module.cc
		*/
		constexpr int32_t kMaxTotalTimeAdvanced = 3000;

		extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
		FuzzedDataProvider dataProvider(data, size);

		@@ -43,18 +50,26 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
		fuzzHci->TurnOnAutoReply(&dataProvider);
		moduleRegistry.Start<AclManager>();
		fuzzHci->TurnOffAutoReply();
		uint64_t totalAdvanceTime = 0;

		while (dataProvider.remaining_bytes() > 0) {
		const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 2);

		switch (action) {
		case 1:
		fake_timerfd_advance(dataProvider.ConsumeIntegral<uint64_t>());
		case 1: {
		uint64_t advanceTime = dataProvider.ConsumeIntegralInRange<uint64_t>(kMinTimeAdvanced, kMaxTotalTimeAdvanced);
		totalAdvanceTime += advanceTime;
		if (totalAdvanceTime < kMaxTotalTimeAdvanced) {
		fake_timerfd_advance(advanceTime);
		}
		break;
		case 2:
		}
		case 2: {
		fuzzHci->injectArbitrary(dataProvider);
		break;
		}
		}
		}

		moduleRegistry.WaitForIdleAndStopAll();
		fake_timerfd_reset();