Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9fbba67f authored by Zach Johnson's avatar Zach Johnson
Browse files

Add sco data to the hci layer fuzz test 

Sco data isn't implemented at this point, but
by adding it now we won't forget to add it in
the future.

Test: fuzz/run --host bluetooth_gd_hci_fuzz_test
Change-Id: Ibba20139466a9364c75d77929d3d907c7527c5fd
parent 7fe06a89

system/gd/hal/fuzz/fuzz_hci_hal.cc

+11 −1
Original line number Diff line number Diff line
@@ -69,7 +69,7 @@ void FuzzHciHal::injectHciEvent(std::vector<uint8_t> data) { 
  callbacks_->hciEventReceived(data);

}



void FuzzHciHal::injectAcl(std::vector<uint8_t> data) {

void FuzzHciHal::injectAclData(std::vector<uint8_t> data) {

  auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data));

  hci::AclPacketView aclPacket = hci::AclPacketView::Create(packet);

  if (!aclPacket.IsValid()) {
@@ -79,6 +79,16 @@ void FuzzHciHal::injectAcl(std::vector<uint8_t> data) { 
  callbacks_->aclDataReceived(data);

}



void FuzzHciHal::injectScoData(std::vector<uint8_t> data) {

  auto packet = packet::PacketView<packet::kLittleEndian>(std::make_shared<std::vector<uint8_t>>(data));

  hci::ScoPacketView scoPacket = hci::ScoPacketView::Create(packet);

  if (!scoPacket.IsValid()) {

    return;

  }



  callbacks_->scoDataReceived(data);

}



}  // namespace fuzz

}  // namespace hal

}  // namespace bluetooth

system/gd/hal/fuzz/fuzz_hci_hal.h

+2 −1
Original line number Diff line number Diff line
@@ -33,8 +33,9 @@ class FuzzHciHal : public HciHal { 
  void sendAclData(HciPacket packet) override {}

  void sendScoData(HciPacket packet) override {}



  void injectAcl(std::vector<uint8_t> data);

  void injectAclData(std::vector<uint8_t> data);

  void injectHciEvent(std::vector<uint8_t> data);

  void injectScoData(std::vector<uint8_t> data);



  std::string ToString() const override {

    return "HciHalFuzz";

system/gd/hci/fuzz/hci_layer_fuzz_test.cc

+5 −2
Original line number Diff line number Diff line
@@ -42,17 +42,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 
  moduleRegistry.Start<DevNullHci>(&moduleRegistry.GetTestThread());



  while (dataProvider.remaining_bytes() > 0) {

    const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 2);

    const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 4);

    switch (action) {

      case 1:

        fake_timerfd_advance(dataProvider.ConsumeIntegral<uint64_t>());

        break;

      case 2:

        fuzzHal->injectAcl(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>()));

        fuzzHal->injectAclData(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>()));

        break;

      case 3:

        fuzzHal->injectHciEvent(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>()));

        break;

      case 4:

        fuzzHal->injectScoData(dataProvider.ConsumeBytes<uint8_t>(dataProvider.ConsumeIntegral<size_t>()));

        break;

    }

  }