1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef BT_STACK_FUZZ_COMMON_HELPERS_H_
18 #define BT_STACK_FUZZ_COMMON_HELPERS_H_
19
20 #include <fuzzer/FuzzedDataProvider.h>
21
22 #include <cstring> // For memcpy
23 #include <functional>
24 #include <vector>
25
26 #include "types/bluetooth/uuid.h"
27 #include "types/raw_address.h"
28
29 // Calls a function from the ops_vector
callArbitraryFunction(FuzzedDataProvider * fdp,std::vector<std::function<void (FuzzedDataProvider *)>> ops_vector)30 void callArbitraryFunction(FuzzedDataProvider* fdp,
31 std::vector<std::function<void(FuzzedDataProvider*)>> ops_vector) {
32 // Choose which function we'll be calling
33 uint8_t function_id = fdp->ConsumeIntegralInRange<uint8_t>(0, ops_vector.size() - 1);
34
35 // Call the function we've chosen
36 ops_vector[function_id](fdp);
37 }
38
39 template <class T>
getArbitraryVectorElement(FuzzedDataProvider * fdp,std::vector<T> vect,bool allow_null)40 T getArbitraryVectorElement(FuzzedDataProvider* fdp, std::vector<T> vect, bool allow_null) {
41 // If we're allowing null, give it a 50:50 shot at returning a zero element
42 // (Or if the vector's empty)
43 if (vect.empty() || (allow_null && fdp->ConsumeBool())) {
44 return static_cast<T>(0);
45 }
46
47 // Otherwise, return an element from our vector
48 return vect.at(fdp->ConsumeIntegralInRange<size_t>(0, vect.size() - 1));
49 }
50
generateRawAddress(FuzzedDataProvider * fdp)51 RawAddress generateRawAddress(FuzzedDataProvider* fdp) {
52 RawAddress retval;
53
54 // Zero address
55 for (int i = 0; i < 6; i++) {
56 retval.address[i] = 0;
57 }
58
59 // Read as much as we can from the buffer and copy it in
60 std::vector<uint8_t> bytes = fdp->ConsumeBytes<uint8_t>(retval.kLength);
61 memcpy(retval.address, bytes.data(), bytes.size());
62
63 return retval;
64 }
65
generateArbitraryUuid(FuzzedDataProvider * fdp)66 bluetooth::Uuid generateArbitraryUuid(FuzzedDataProvider* fdp) {
67 std::vector<uint8_t> bytes_vect = fdp->ConsumeBytes<uint8_t>(bluetooth::Uuid::kNumBytes128);
68 // We need it to be the correct size regardless of if fdp ran out of bytes
69 while (bytes_vect.size() < bluetooth::Uuid::kNumBytes128) {
70 bytes_vect.push_back('\0');
71 }
72
73 return bluetooth::Uuid::From128BitBE(bytes_vect.data());
74 }
75
76 #endif // BT_STACK_FUZZ_COMMON_HELPERS_H_
77