test/fuzz: enable debug symbols, set att callbacks in att db fuzzer, add gdb + lldb to docker image

2025-01-03 23:47:08 +00:00 · 2020-02-11 21:17:43 +01:00 · 2020-02-11 21:17:43 +01:00 · bba538e52d
commit bba538e52d
parent 87645b3a52
3 changed files with 24 additions and 7 deletions
--- a/test/fuzz/CMakeLists.txt
+++ b/test/fuzz/CMakeLists.txt
@ -101,8 +101,8 @@ set(SOURCES
        )
 list(SORT SOURCES)

-add_compile_options( -fsanitize=fuzzer,address -fprofile-instr-generate -fcoverage-mapping)
-add_link_options(    -fsanitize=fuzzer,address -fprofile-instr-generate -fcoverage-mapping)
+add_compile_options( -g -fsanitize=fuzzer,address -fprofile-instr-generate -fcoverage-mapping)
+add_link_options(       -fsanitize=fuzzer,address -fprofile-instr-generate -fcoverage-mapping)

 # create static lib
 add_library(btstack STATIC ${SOURCES})
--- a/test/fuzz/Dockerfile
+++ b/test/fuzz/Dockerfile
@ -3,5 +3,5 @@ FROM debian

 # Install clang, cmake, ninja
 RUN apt-get update
-RUN apt-get install -y clang cmake ninja-build
+RUN apt-get install -y clang gdb lldb cmake ninja-build

--- a/test/fuzz/fuzz_att_db.c
+++ b/test/fuzz/fuzz_att_db.c
@ -2,8 +2,19 @@
 #include <stddef.h>
 #include <stdio.h>

-#include <ble/att_db.h>
-#include <ble/att_db_util.h>
+#include "ble/att_db.h"
+#include "ble/att_db_util.h"
+#include "bluetooth_gatt.h"
+
+static uint8_t battery_level = 100;
+
+static uint16_t att_read_callback(hci_con_handle_t con_handle, uint16_t attribute_handle, uint16_t offset, uint8_t * buffer, uint16_t buffer_size){
+    return 0;
+}  
+
+static int att_write_callback(hci_con_handle_t con_handle, uint16_t attribute_handle, uint16_t transaction_mode, uint16_t offset, uint8_t *buffer, uint16_t buffer_size){
+    return 0;
+}

 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    static int initialized = 0;
@ -11,13 +22,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
        initialized = 1;
        // setup empty db
        att_db_util_init();
-        uint8_t * att_db = att_db_util_get_address();
        // setup att_db
+        att_db_util_add_service_uuid16(ORG_BLUETOOTH_SERVICE_BATTERY_SERVICE);
+        att_db_util_add_characteristic_uuid16(ORG_BLUETOOTH_CHARACTERISTIC_BATTERY_LEVEL, ATT_PROPERTY_READ | ATT_PROPERTY_NOTIFY, ATT_SECURITY_NONE, ATT_SECURITY_NONE, &battery_level, 1);
+        att_set_read_callback(&att_read_callback);
+        att_set_write_callback(&att_write_callback); 
+        uint8_t * att_db = att_db_util_get_address();
        att_set_db(att_db);
    }

-    // TODO: setup att_connection
+    // setup att_connection
    att_connection_t att_connection = { 0 };
+    att_connection.max_mtu = 1000;
+    att_connection.mtu = ATT_DEFAULT_MTU;
    uint8_t att_response[1000];
    uint16_t att_request_len = size;
    const uint8_t * att_request = data;