btstack/test/fuzz/fuzz_hci_transport_h4.c

120 lines
4.1 KiB
C
Raw Normal View History

2020-01-18 23:44:02 +00:00
#include <stdint.h>
#include <stddef.h>
#include <stdio.h>
#include <btstack_util.h>
#include "hci_transport.h"
2021-04-15 20:58:24 +00:00
#include "hci_transport_h4.h"
2020-01-18 23:44:02 +00:00
static hci_transport_config_uart_t config = {
HCI_TRANSPORT_CONFIG_UART,
115200,
0, // main baudrate
1, // flow control
NULL,
};
static uint8_t * read_request_buffer;
static uint32_t read_request_len;
static void (*block_received)(void);
static int btstack_uart_fuzz_init(const btstack_uart_config_t * config){
return 0;
}
static int btstack_uart_fuzz_open(void){
return 0;
}
static int btstack_uart_fuzz_close(void){
return 0;
}
static void btstack_uart_fuzz_set_block_received( void (*block_handler)(void)){
block_received = block_handler;
}
static void btstack_uart_fuzz_set_block_sent( void (*block_handler)(void)){
}
static void btstack_uart_fuzz_set_wakeup_handler( void (*the_wakeup_handler)(void)){
}
static int btstack_uart_fuzz_set_parity(int parity){
return 0;
}
static void btstack_uart_fuzz_send_block(const uint8_t *data, uint16_t size){
}
static void btstack_uart_fuzz_receive_block(uint8_t *buffer, uint16_t len){
read_request_buffer = buffer;
read_request_len = len;
}
static int btstack_uart_fuzz_set_baudrate(uint32_t baudrate){
return 0;
}
static int btstack_uart_fuzz_get_supported_sleep_modes(void){
return BTSTACK_UART_SLEEP_MASK_RTS_HIGH_WAKE_ON_CTS_PULSE;
}
static void btstack_uart_fuzz_set_sleep(btstack_uart_sleep_mode_t sleep_mode){
}
btstack_uart_block_t uart_driver = {
/* int (*init)(hci_transport_config_uart_t * config); */ &btstack_uart_fuzz_init,
/* int (*open)(void); */ &btstack_uart_fuzz_open,
/* int (*close)(void); */ &btstack_uart_fuzz_close,
/* void (*set_block_received)(void (*handler)(void)); */ &btstack_uart_fuzz_set_block_received,
/* void (*set_block_sent)(void (*handler)(void)); */ &btstack_uart_fuzz_set_block_sent,
/* int (*set_baudrate)(uint32_t baudrate); */ &btstack_uart_fuzz_set_baudrate,
/* int (*set_parity)(int parity); */ &btstack_uart_fuzz_set_parity,
/* int (*set_flowcontrol)(int flowcontrol); */ NULL,
/* void (*receive_block)(uint8_t *buffer, uint16_t len); */ &btstack_uart_fuzz_receive_block,
/* void (*send_block)(const uint8_t *buffer, uint16_t length); */ &btstack_uart_fuzz_send_block,
/* int (*get_supported_sleep_modes); */ &btstack_uart_fuzz_get_supported_sleep_modes,
/* void (*set_sleep)(btstack_uart_sleep_mode_t sleep_mode); */ &btstack_uart_fuzz_set_sleep,
/* void (*set_wakeup_handler)(void (*handler)(void)); */ &btstack_uart_fuzz_set_wakeup_handler,
};
static void packet_handler(uint8_t packet_type, uint8_t *packet, uint16_t size){
switch (packet_type) {
case HCI_EVENT_PACKET:
if (size < 2) __builtin_trap();
if ((2 + packet[1]) != size)__builtin_trap();
break;
case HCI_SCO_DATA_PACKET:
if (size < 3) __builtin_trap();
if ((3 + packet[2]) != size)__builtin_trap();
break;
case HCI_ACL_DATA_PACKET:
if (size < 3) __builtin_trap();
if ((4 + little_endian_read_16( packet, 2)) != size)__builtin_trap();
break;
default:
__builtin_trap();
break;
}
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const hci_transport_t * transport = hci_transport_h4_instance(&uart_driver);
read_request_len = 0;
transport->init(&config);
transport->register_packet_handler(&packet_handler);
transport->open();
while (size > 0){
if (read_request_len == 0) __builtin_trap();
uint16_t bytes_to_feed = btstack_min(read_request_len, size);
memcpy(read_request_buffer, data, bytes_to_feed);
size -= bytes_to_feed;
data += bytes_to_feed;
(*block_received)();
}
return 0;
}