xref: /btstack/test/fuzz/fuzz_avdtp.c (revision f05358500e612946f8c340b1f11e5703dafd65f8) 
1 #include <stdint.h>
2 #include <stddef.h>
3 
4 #include "classic/avrcp.h"
5 #include "classic/avrcp_controller.h"
6 #include "classic/avrcp_target.h"
7 #include "btstack_run_loop_posix.h"
8 #include "btstack_memory.h"
9 #include "classic/a2dp_sink.h"
10 
11 static  void (*packet_handler)(uint8_t packet_type, uint8_t *packet, uint16_t size);
12 
13 static int hci_transport_fuzz_set_baudrate(uint32_t baudrate){
14     return 0;
15 }
16 
17 static int hci_transport_fuzz_can_send_now(uint8_t packet_type){
18     return 1;
19 }
20 
21 static int hci_transport_fuzz_send_packet(uint8_t packet_type, uint8_t * packet, int size){
22     return 0;
23 }
24 
25 static void hci_transport_fuzz_init(const void * transport_config){
26 }
27 
28 static int hci_transport_fuzz_open(void){
29     return 0;
30 }
31 
32 static int hci_transport_fuzz_close(void){
33     return 0;
34 }
35 
36 static void hci_transport_fuzz_register_packet_handler(void (*handler)(uint8_t packet_type, uint8_t *packet, uint16_t size)){
37     packet_handler = handler;
38 }
39 
40 static const hci_transport_t hci_transport_fuzz = {
41         /* const char * name; */                                        "FUZZ",
42         /* void   (*init) (const void *transport_config); */            &hci_transport_fuzz_init,
43         /* int    (*open)(void); */                                     &hci_transport_fuzz_open,
44         /* int    (*close)(void); */                                    &hci_transport_fuzz_close,
45         /* void   (*register_packet_handler)(void (*handler)(...); */   &hci_transport_fuzz_register_packet_handler,
46         /* int    (*can_send_packet_now)(uint8_t packet_type); */       &hci_transport_fuzz_can_send_now,
47         /* int    (*send_packet)(...); */                               &hci_transport_fuzz_send_packet,
48         /* int    (*set_baudrate)(uint32_t baudrate); */                &hci_transport_fuzz_set_baudrate,
49         /* void   (*reset_link)(void); */                               NULL,
50         /* void   (*set_sco_config)(uint16_t voice_setting, int num_connections); */ NULL,
51 };
52 
53 static void avdtp_client_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){
54 }
55 
56 static uint8_t  a2dp_local_seid;
57 static uint8_t  media_sbc_codec_configuration[4];
58 static uint8_t media_sbc_codec_capabilities[] = {
59         0xFF,//(AVDTP_SBC_44100 << 4) | AVDTP_SBC_STEREO,
60         0xFF,//(AVDTP_SBC_BLOCK_LENGTH_16 << 4) | (AVDTP_SBC_SUBBANDS_8 << 2) | AVDTP_SBC_ALLOCATION_METHOD_LOUDNESS,
61         2, 53
62 };
63 
64 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
65     const hci_con_handle_t ble_handle = 0x0005;
66     const uint16_t l2cap_cid = 0x41;
67 
68     static bool avrcp_initialized = false;
69     if (!avrcp_initialized){
70         avrcp_initialized = true;
71         btstack_memory_init();
72         btstack_run_loop_init(btstack_run_loop_posix_get_instance());
73         hci_init(&hci_transport_fuzz, NULL);
74         l2cap_init();
75         avdtp_init();
76         avdtp_sink_init();
77         avdtp_source_init();
78         avdtp_sink_register_packet_handler(&avdtp_client_packet_handler);
79         avdtp_source_register_packet_handler(&avdtp_client_packet_handler);
80         avdtp_stream_endpoint_t * local_stream_endpoint = a2dp_sink_create_stream_endpoint(AVDTP_AUDIO,
81                                                                                            AVDTP_CODEC_SBC, media_sbc_codec_capabilities, sizeof(media_sbc_codec_capabilities),
82                                                                                            media_sbc_codec_configuration, sizeof(media_sbc_codec_configuration));
83         avdtp_init_fuzz();
84     }
85     avdtp_packet_handler_fuzz((uint8_t*)data, size);
86     return 0;
87 }
88