Loading system/gd/hci/fuzz/acl_manager_fuzz_test.cc +18 −3 Original line number Diff line number Diff line Loading @@ -35,6 +35,13 @@ using bluetooth::os::fake_timer::fake_timerfd_advance; using bluetooth::os::fake_timer::fake_timerfd_cap_at; using bluetooth::os::fake_timer::fake_timerfd_reset; constexpr int32_t kMinTimeAdvanced = 0; /** * kMaxTotalTimeAdvanced value is referenced from * kDefaultConfigSaveDelay defined in storage_module.cc */ constexpr int32_t kMaxTotalTimeAdvanced = 3000; extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { FuzzedDataProvider dataProvider(data, size); Loading @@ -43,18 +50,26 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { fuzzHci->TurnOnAutoReply(&dataProvider); moduleRegistry.Start<AclManager>(); fuzzHci->TurnOffAutoReply(); uint64_t totalAdvanceTime = 0; while (dataProvider.remaining_bytes() > 0) { const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 2); switch (action) { case 1: fake_timerfd_advance(dataProvider.ConsumeIntegral<uint64_t>()); case 1: { uint64_t advanceTime = dataProvider.ConsumeIntegralInRange<uint64_t>(kMinTimeAdvanced, kMaxTotalTimeAdvanced); totalAdvanceTime += advanceTime; if (totalAdvanceTime < kMaxTotalTimeAdvanced) { fake_timerfd_advance(advanceTime); } break; case 2: } case 2: { fuzzHci->injectArbitrary(dataProvider); break; } } } moduleRegistry.WaitForIdleAndStopAll(); fake_timerfd_reset(); Loading Loading
system/gd/hci/fuzz/acl_manager_fuzz_test.cc +18 −3 Original line number Diff line number Diff line Loading @@ -35,6 +35,13 @@ using bluetooth::os::fake_timer::fake_timerfd_advance; using bluetooth::os::fake_timer::fake_timerfd_cap_at; using bluetooth::os::fake_timer::fake_timerfd_reset; constexpr int32_t kMinTimeAdvanced = 0; /** * kMaxTotalTimeAdvanced value is referenced from * kDefaultConfigSaveDelay defined in storage_module.cc */ constexpr int32_t kMaxTotalTimeAdvanced = 3000; extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { FuzzedDataProvider dataProvider(data, size); Loading @@ -43,18 +50,26 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { fuzzHci->TurnOnAutoReply(&dataProvider); moduleRegistry.Start<AclManager>(); fuzzHci->TurnOffAutoReply(); uint64_t totalAdvanceTime = 0; while (dataProvider.remaining_bytes() > 0) { const uint8_t action = dataProvider.ConsumeIntegralInRange(0, 2); switch (action) { case 1: fake_timerfd_advance(dataProvider.ConsumeIntegral<uint64_t>()); case 1: { uint64_t advanceTime = dataProvider.ConsumeIntegralInRange<uint64_t>(kMinTimeAdvanced, kMaxTotalTimeAdvanced); totalAdvanceTime += advanceTime; if (totalAdvanceTime < kMaxTotalTimeAdvanced) { fake_timerfd_advance(advanceTime); } break; case 2: } case 2: { fuzzHci->injectArbitrary(dataProvider); break; } } } moduleRegistry.WaitForIdleAndStopAll(); fake_timerfd_reset(); Loading
