xref: /aosp_15_r20/external/pigweed/pw_bluetooth_hci/uart_transport_fuzzer.cc (revision 61c4878ac05f98d0ceed94b57d316916de578985) 
1 // Copyright 2021 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14 
15 #include <cstddef>
16 
17 #include "pw_bluetooth_hci/packet.h"
18 #include "pw_bluetooth_hci/uart_transport.h"
19 #include "pw_bytes/span.h"
20 #include "pw_span/span.h"
21 #include "pw_status/status_with_size.h"
22 #include "pw_stream/null_stream.h"
23 
24 namespace pw::bluetooth_hci {
25 namespace {
26 
27 // A very simple structure unaware fuzzer.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)28 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
29   DecodedPacketCallback packet_callback = [](const Packet& packet) {
30     // Instead of doing nothing with the random packet content, attempt to
31     // consume the entire packet API by streaming it into the null stream.
32     stream::Writer& stream = stream::NullStream::Instance();
33 
34     switch (packet.type()) {
35       case Packet::Type::kCommandPacket: {
36         const CommandPacket& command_packet = packet.command_packet();
37 
38         const uint16_t opcode = command_packet.opcode();
39         stream.Write(as_bytes(span<const uint16_t>(&opcode, 1))).IgnoreError();
40 
41         const uint16_t opcode_command_field =
42             command_packet.opcode_command_field();
43         stream.Write(as_bytes(span<const uint16_t>(&opcode_command_field, 1)))
44             .IgnoreError();
45 
46         const uint8_t opcode_group_field = command_packet.opcode_group_field();
47         stream.Write(as_bytes(span<const uint8_t>(&opcode_group_field, 1)))
48             .IgnoreError();
49 
50         stream.Write(command_packet.parameters()).IgnoreError();
51         return;
52       }
53 
54       case Packet::Type::kAsyncDataPacket: {
55         const AsyncDataPacket& async_data_packet = packet.async_data_packet();
56 
57         const uint16_t handle_and_fragmentation_bits =
58             async_data_packet.handle_and_fragmentation_bits();
59         stream
60             .Write(as_bytes(
61                 span<const uint16_t>(&handle_and_fragmentation_bits, 1)))
62             .IgnoreError();
63 
64         const uint16_t handle = async_data_packet.handle();
65         stream.Write(as_bytes(span<const uint16_t>(&handle, 1))).IgnoreError();
66 
67         const uint8_t pb_flag = async_data_packet.pb_flag();
68         stream.Write(as_bytes(span<const uint8_t>(&pb_flag, 1))).IgnoreError();
69 
70         const uint8_t bc_flag = async_data_packet.bc_flag();
71         stream.Write(as_bytes(span<const uint8_t>(&bc_flag, 1))).IgnoreError();
72 
73         stream.Write(async_data_packet.data()).IgnoreError();
74         return;
75       }
76 
77       case Packet::Type::kSyncDataPacket: {
78         const SyncDataPacket& sync_data_packet = packet.sync_data_packet();
79 
80         const uint16_t handle_and_status_bits =
81             sync_data_packet.handle_and_status_bits();
82         stream.Write(as_bytes(span<const uint16_t>(&handle_and_status_bits, 1)))
83             .IgnoreError();
84 
85         const uint16_t handle = sync_data_packet.handle();
86         stream.Write(as_bytes(span<const uint16_t>(&handle, 1))).IgnoreError();
87 
88         const uint8_t packet_status_flag =
89             sync_data_packet.packet_status_flag();
90         stream.Write(as_bytes(span<const uint8_t>(&packet_status_flag, 1)))
91             .IgnoreError();
92 
93         stream.Write(sync_data_packet.data()).IgnoreError();
94         return;
95       }
96 
97       case Packet::Type::kEventPacket: {
98         const EventPacket& event_packet = packet.event_packet();
99 
100         const uint8_t event_code = event_packet.event_code();
101         stream.Write(as_bytes(span<const uint8_t>(&event_code, 1)))
102             .IgnoreError();
103 
104         stream.Write(event_packet.parameters()).IgnoreError();
105         return;
106       }
107 
108       default:
109         return;
110     }
111   };
112 
113   const StatusWithSize result =
114       DecodeHciUartData(as_bytes(span(data, size)), packet_callback);
115   result.status().IgnoreError();
116   return 0;
117 }
118 
119 }  // namespace
120 }  // namespace pw::bluetooth_hci
121