1 #include <stdint.h>
2 #include <stddef.h>
3 #include <stdio.h>
4
5 #include "ble/att_db.h"
6 #include "ble/att_db_util.h"
7 #include "bluetooth_gatt.h"
8
9 static uint8_t battery_level = 100;
10
att_read_callback(hci_con_handle_t con_handle,uint16_t attribute_handle,uint16_t offset,uint8_t * buffer,uint16_t buffer_size)11 static uint16_t att_read_callback(hci_con_handle_t con_handle, uint16_t attribute_handle, uint16_t offset, uint8_t * buffer, uint16_t buffer_size){
12 return 0;
13 }
14
att_write_callback(hci_con_handle_t con_handle,uint16_t attribute_handle,uint16_t transaction_mode,uint16_t offset,uint8_t * buffer,uint16_t buffer_size)15 static int att_write_callback(hci_con_handle_t con_handle, uint16_t attribute_handle, uint16_t transaction_mode, uint16_t offset, uint8_t *buffer, uint16_t buffer_size){
16 return 0;
17 }
18
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)19 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
20 static int initialized = 0;
21 if (initialized == 0){
22 initialized = 1;
23 // setup empty db
24 att_db_util_init();
25 // setup att_db
26 att_db_util_add_service_uuid16(ORG_BLUETOOTH_SERVICE_BATTERY_SERVICE);
27 att_db_util_add_characteristic_uuid16(ORG_BLUETOOTH_CHARACTERISTIC_BATTERY_LEVEL, ATT_PROPERTY_READ | ATT_PROPERTY_NOTIFY, ATT_SECURITY_NONE, ATT_SECURITY_NONE, &battery_level, 1);
28 att_set_read_callback(&att_read_callback);
29 att_set_write_callback(&att_write_callback);
30 uint8_t * att_db = att_db_util_get_address();
31 att_set_db(att_db);
32 }
33
34 // setup att_connection
35 att_connection_t att_connection = { 0 };
36 att_connection.max_mtu = 1000;
37 att_connection.mtu = ATT_DEFAULT_MTU;
38 uint8_t att_response[1000];
39 uint16_t att_request_len = size;
40 const uint8_t * att_request = data;
41 uint16_t att_respnose_len = att_handle_request(&att_connection, (uint8_t *) att_request, att_request_len, att_response);
42 return 0;
43 }
44