1 // Copyright 2023 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 #include "pw_bluetooth_sapphire/internal/host/common/byte_buffer.h"
16 #include "pw_bluetooth_sapphire/internal/host/hci-spec/protocol.h"
17 #include "pw_bluetooth_sapphire/internal/host/l2cap/basic_mode_rx_engine.h"
18 #include "pw_bluetooth_sapphire/internal/host/l2cap/fragmenter.h"
19
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)20 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
21 constexpr bt::hci_spec::ConnectionHandle kTestHandle = 0x0001;
22 constexpr bt::l2cap::ChannelId kTestChannelId = 0x0001;
23 bt::l2cap::Fragmenter fragmenter(kTestHandle);
24 bt::l2cap::internal::BasicModeRxEngine rx_engine;
25
26 // The use of a fragmenter, to build a PDU for the receive engine, is
27 // admittedly counterintuitive. (In actual operation, we use a Fragmenter on
28 // the transmit path, and a Recombiner on the receive path.) Pragmatically,
29 // however, the Fragmenter is the easiest way to build a PDU.
30 //
31 // Note that using a Fragmenter to build the PDU doesn't decrease the efficacy
32 // of fuzzing, because the only guarantees provided by the Fragmenter are
33 // those that are preconditions for RxEngine::ProcessPdu().
34 auto pdu = fragmenter.BuildFrame(kTestChannelId,
35 bt::BufferView(data, size),
36 bt::l2cap::FrameCheckSequenceOption::kNoFcs);
37 rx_engine.ProcessPdu(std::move(pdu));
38 return 0;
39 }
40