xref: /btstack/test/fuzz/fuzz_avrcp.c (revision 1872d633b5f2ab394e3a3d79dc75791647f40b60) 
1 #include <stdint.h>
2 #include <stddef.h>
3 
4 #include "classic/avrcp.h"
5 #include "classic/avrcp_controller.h"
6 #include "classic/avrcp_target.h"
7 #include "btstack_run_loop_posix.h"
8 #include "btstack_memory.h"
9 
10 static  void (*packet_handler)(uint8_t packet_type, uint8_t *packet, uint16_t size);
11 
hci_transport_fuzz_set_baudrate(uint32_t baudrate)12 static int hci_transport_fuzz_set_baudrate(uint32_t baudrate){
13     return 0;
14 }
15 
hci_transport_fuzz_can_send_now(uint8_t packet_type)16 static int hci_transport_fuzz_can_send_now(uint8_t packet_type){
17     return 1;
18 }
19 
hci_transport_fuzz_send_packet(uint8_t packet_type,uint8_t * packet,int size)20 static int hci_transport_fuzz_send_packet(uint8_t packet_type, uint8_t * packet, int size){
21     return 0;
22 }
23 
hci_transport_fuzz_init(const void * transport_config)24 static void hci_transport_fuzz_init(const void * transport_config){
25 }
26 
hci_transport_fuzz_open(void)27 static int hci_transport_fuzz_open(void){
28     return 0;
29 }
30 
hci_transport_fuzz_close(void)31 static int hci_transport_fuzz_close(void){
32     return 0;
33 }
34 
hci_transport_fuzz_register_packet_handler(void (* handler)(uint8_t packet_type,uint8_t * packet,uint16_t size))35 static void hci_transport_fuzz_register_packet_handler(void (*handler)(uint8_t packet_type, uint8_t *packet, uint16_t size)){
36     packet_handler = handler;
37 }
38 
39 static const hci_transport_t hci_transport_fuzz = {
40         /* const char * name; */                                        "FUZZ",
41         /* void   (*init) (const void *transport_config); */            &hci_transport_fuzz_init,
42         /* int    (*open)(void); */                                     &hci_transport_fuzz_open,
43         /* int    (*close)(void); */                                    &hci_transport_fuzz_close,
44         /* void   (*register_packet_handler)(void (*handler)(...); */   &hci_transport_fuzz_register_packet_handler,
45         /* int    (*can_send_packet_now)(uint8_t packet_type); */       &hci_transport_fuzz_can_send_now,
46         /* int    (*send_packet)(...); */                               &hci_transport_fuzz_send_packet,
47         /* int    (*set_baudrate)(uint32_t baudrate); */                &hci_transport_fuzz_set_baudrate,
48         /* void   (*reset_link)(void); */                               NULL,
49         /* void   (*set_sco_config)(uint16_t voice_setting, int num_connections); */ NULL,
50 };
51 
avrcp_client_packet_handler(uint8_t packet_type,uint16_t handle,uint8_t * packet,uint16_t size)52 static void avrcp_client_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){
53 }
54 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)55 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
56     const hci_con_handle_t ble_handle = 0x0005;
57 
58     static bool avrcp_initialized = false;
59     if (!avrcp_initialized){
60         avrcp_initialized = true;
61         btstack_memory_init();
62         btstack_run_loop_init(btstack_run_loop_posix_get_instance());
63         hci_init(&hci_transport_fuzz, NULL);
64         avrcp_init();
65         avrcp_controller_init();
66         avrcp_target_init();
67         avrcp_init_fuzz();
68         avrcp_controller_register_packet_handler(&avrcp_client_packet_handler);
69         avrcp_target_register_packet_handler(&avrcp_client_packet_handler);
70     }
71     avrcp_packet_handler_fuzz((uint8_t*)data, size);
72     return 0;
73 }
74