1 #include <stdint.h> 2 #include <stddef.h> 3 #include <stdio.h> 4 5 #include "ble/att_db.h" 6 #include "ble/att_db_util.h" 7 #include "bluetooth_gatt.h" 8 9 static uint8_t battery_level = 100; 10 11 static uint16_t att_read_callback(hci_con_handle_t con_handle, uint16_t attribute_handle, uint16_t offset, uint8_t * buffer, uint16_t buffer_size){ 12 return 0; 13 } 14 15 static int att_write_callback(hci_con_handle_t con_handle, uint16_t attribute_handle, uint16_t transaction_mode, uint16_t offset, uint8_t *buffer, uint16_t buffer_size){ 16 return 0; 17 } 18 19 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 20 static int initialized = 0; 21 if (initialized == 0){ 22 initialized = 1; 23 // setup empty db 24 att_db_util_init(); 25 // setup att_db 26 att_db_util_add_service_uuid16(ORG_BLUETOOTH_SERVICE_BATTERY_SERVICE); 27 att_db_util_add_characteristic_uuid16(ORG_BLUETOOTH_CHARACTERISTIC_BATTERY_LEVEL, ATT_PROPERTY_READ | ATT_PROPERTY_NOTIFY, ATT_SECURITY_NONE, ATT_SECURITY_NONE, &battery_level, 1); 28 att_set_read_callback(&att_read_callback); 29 att_set_write_callback(&att_write_callback); 30 uint8_t * att_db = att_db_util_get_address(); 31 att_set_db(att_db); 32 } 33 34 // setup att_connection 35 att_connection_t att_connection = { 0 }; 36 att_connection.max_mtu = 1000; 37 att_connection.mtu = ATT_DEFAULT_MTU; 38 uint8_t att_response[1000]; 39 uint16_t att_request_len = size; 40 const uint8_t * att_request = data; 41 uint16_t att_respnose_len = att_handle_request(&att_connection, (uint8_t *) att_request, att_request_len, att_response); 42 return 0; 43 } 44