1 #include <stdint.h> 2 #include <stddef.h> 3 4 #include "classic/avrcp.h" 5 #include "classic/avrcp_controller.h" 6 #include "classic/avrcp_target.h" 7 #include "btstack_run_loop_posix.h" 8 #include "btstack_memory.h" 9 #include "classic/a2dp_sink.h" 10 11 static void (*packet_handler)(uint8_t packet_type, uint8_t *packet, uint16_t size); 12 13 static int hci_transport_fuzz_set_baudrate(uint32_t baudrate){ 14 return 0; 15 } 16 17 static int hci_transport_fuzz_can_send_now(uint8_t packet_type){ 18 return 1; 19 } 20 21 static int hci_transport_fuzz_send_packet(uint8_t packet_type, uint8_t * packet, int size){ 22 return 0; 23 } 24 25 static void hci_transport_fuzz_init(const void * transport_config){ 26 } 27 28 static int hci_transport_fuzz_open(void){ 29 return 0; 30 } 31 32 static int hci_transport_fuzz_close(void){ 33 return 0; 34 } 35 36 static void hci_transport_fuzz_register_packet_handler(void (*handler)(uint8_t packet_type, uint8_t *packet, uint16_t size)){ 37 packet_handler = handler; 38 } 39 40 static const hci_transport_t hci_transport_fuzz = { 41 /* const char * name; */ "FUZZ", 42 /* void (*init) (const void *transport_config); */ &hci_transport_fuzz_init, 43 /* int (*open)(void); */ &hci_transport_fuzz_open, 44 /* int (*close)(void); */ &hci_transport_fuzz_close, 45 /* void (*register_packet_handler)(void (*handler)(...); */ &hci_transport_fuzz_register_packet_handler, 46 /* int (*can_send_packet_now)(uint8_t packet_type); */ &hci_transport_fuzz_can_send_now, 47 /* int (*send_packet)(...); */ &hci_transport_fuzz_send_packet, 48 /* int (*set_baudrate)(uint32_t baudrate); */ &hci_transport_fuzz_set_baudrate, 49 /* void (*reset_link)(void); */ NULL, 50 /* void (*set_sco_config)(uint16_t voice_setting, int num_connections); */ NULL, 51 }; 52 53 static void avdtp_client_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){ 54 } 55 56 static uint8_t a2dp_local_seid; 57 static uint8_t media_sbc_codec_configuration[4]; 58 static uint8_t media_sbc_codec_capabilities[] = { 59 0xFF,//(AVDTP_SBC_44100 << 4) | AVDTP_SBC_STEREO, 60 0xFF,//(AVDTP_SBC_BLOCK_LENGTH_16 << 4) | (AVDTP_SBC_SUBBANDS_8 << 2) | AVDTP_SBC_ALLOCATION_METHOD_LOUDNESS, 61 2, 53 62 }; 63 64 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 65 const hci_con_handle_t ble_handle = 0x0005; 66 const uint16_t l2cap_cid = 0x41; 67 68 static bool avrcp_initialized = false; 69 if (!avrcp_initialized){ 70 avrcp_initialized = true; 71 btstack_memory_init(); 72 btstack_run_loop_init(btstack_run_loop_posix_get_instance()); 73 hci_init(&hci_transport_fuzz, NULL); 74 l2cap_init(); 75 avdtp_init(); 76 avdtp_sink_init(); 77 avdtp_source_init(); 78 avdtp_sink_register_packet_handler(&avdtp_client_packet_handler); 79 avdtp_source_register_packet_handler(&avdtp_client_packet_handler); 80 avdtp_stream_endpoint_t * local_stream_endpoint = a2dp_sink_create_stream_endpoint(AVDTP_AUDIO, 81 AVDTP_CODEC_SBC, media_sbc_codec_capabilities, sizeof(media_sbc_codec_capabilities), 82 media_sbc_codec_configuration, sizeof(media_sbc_codec_configuration)); 83 avdtp_init_fuzz(); 84 } 85 avdtp_packet_handler_fuzz((uint8_t*)data, size); 86 return 0; 87 } 88