xref: /btstack/test/fuzz/fuzz_hci_transport_h4.c (revision 1f805efefda17c3c51b11aaa365eaa161e780e81) 
1*1f805efeSMatthias Ringwald #include <stdint.h>
2*1f805efeSMatthias Ringwald #include <stddef.h>
3*1f805efeSMatthias Ringwald #include <stdio.h>
4*1f805efeSMatthias Ringwald 
5*1f805efeSMatthias Ringwald #include <btstack_util.h>
6*1f805efeSMatthias Ringwald #include "hci_transport.h"
7*1f805efeSMatthias Ringwald 
8*1f805efeSMatthias Ringwald static hci_transport_config_uart_t config = {
9*1f805efeSMatthias Ringwald         HCI_TRANSPORT_CONFIG_UART,
10*1f805efeSMatthias Ringwald         115200,
11*1f805efeSMatthias Ringwald         0,  // main baudrate
12*1f805efeSMatthias Ringwald         1,  // flow control
13*1f805efeSMatthias Ringwald         NULL,
14*1f805efeSMatthias Ringwald };
15*1f805efeSMatthias Ringwald 
16*1f805efeSMatthias Ringwald static uint8_t * read_request_buffer;
17*1f805efeSMatthias Ringwald static uint32_t  read_request_len;
18*1f805efeSMatthias Ringwald 
19*1f805efeSMatthias Ringwald static void (*block_received)(void);
20*1f805efeSMatthias Ringwald 
21*1f805efeSMatthias Ringwald static int btstack_uart_fuzz_init(const btstack_uart_config_t * config){
22*1f805efeSMatthias Ringwald     return 0;
23*1f805efeSMatthias Ringwald }
24*1f805efeSMatthias Ringwald 
25*1f805efeSMatthias Ringwald static int btstack_uart_fuzz_open(void){
26*1f805efeSMatthias Ringwald     return 0;
27*1f805efeSMatthias Ringwald }
28*1f805efeSMatthias Ringwald 
29*1f805efeSMatthias Ringwald static int btstack_uart_fuzz_close(void){
30*1f805efeSMatthias Ringwald     return 0;
31*1f805efeSMatthias Ringwald }
32*1f805efeSMatthias Ringwald 
33*1f805efeSMatthias Ringwald static void btstack_uart_fuzz_set_block_received( void (*block_handler)(void)){
34*1f805efeSMatthias Ringwald     block_received = block_handler;
35*1f805efeSMatthias Ringwald }
36*1f805efeSMatthias Ringwald 
37*1f805efeSMatthias Ringwald static void btstack_uart_fuzz_set_block_sent( void (*block_handler)(void)){
38*1f805efeSMatthias Ringwald }
39*1f805efeSMatthias Ringwald 
40*1f805efeSMatthias Ringwald static void btstack_uart_fuzz_set_wakeup_handler( void (*the_wakeup_handler)(void)){
41*1f805efeSMatthias Ringwald }
42*1f805efeSMatthias Ringwald 
43*1f805efeSMatthias Ringwald static int btstack_uart_fuzz_set_parity(int parity){
44*1f805efeSMatthias Ringwald     return 0;
45*1f805efeSMatthias Ringwald }
46*1f805efeSMatthias Ringwald 
47*1f805efeSMatthias Ringwald static void btstack_uart_fuzz_send_block(const uint8_t *data, uint16_t size){
48*1f805efeSMatthias Ringwald }
49*1f805efeSMatthias Ringwald 
50*1f805efeSMatthias Ringwald static void btstack_uart_fuzz_receive_block(uint8_t *buffer, uint16_t len){
51*1f805efeSMatthias Ringwald     read_request_buffer = buffer;
52*1f805efeSMatthias Ringwald     read_request_len = len;
53*1f805efeSMatthias Ringwald }
54*1f805efeSMatthias Ringwald 
55*1f805efeSMatthias Ringwald static int btstack_uart_fuzz_set_baudrate(uint32_t baudrate){
56*1f805efeSMatthias Ringwald     return 0;
57*1f805efeSMatthias Ringwald }
58*1f805efeSMatthias Ringwald 
59*1f805efeSMatthias Ringwald static int btstack_uart_fuzz_get_supported_sleep_modes(void){
60*1f805efeSMatthias Ringwald     return BTSTACK_UART_SLEEP_MASK_RTS_HIGH_WAKE_ON_CTS_PULSE;
61*1f805efeSMatthias Ringwald }
62*1f805efeSMatthias Ringwald 
63*1f805efeSMatthias Ringwald static void btstack_uart_fuzz_set_sleep(btstack_uart_sleep_mode_t sleep_mode){
64*1f805efeSMatthias Ringwald }
65*1f805efeSMatthias Ringwald 
66*1f805efeSMatthias Ringwald btstack_uart_block_t uart_driver = {
67*1f805efeSMatthias Ringwald         /* int  (*init)(hci_transport_config_uart_t * config); */         &btstack_uart_fuzz_init,
68*1f805efeSMatthias Ringwald         /* int  (*open)(void); */                                         &btstack_uart_fuzz_open,
69*1f805efeSMatthias Ringwald         /* int  (*close)(void); */                                        &btstack_uart_fuzz_close,
70*1f805efeSMatthias Ringwald         /* void (*set_block_received)(void (*handler)(void)); */          &btstack_uart_fuzz_set_block_received,
71*1f805efeSMatthias Ringwald         /* void (*set_block_sent)(void (*handler)(void)); */              &btstack_uart_fuzz_set_block_sent,
72*1f805efeSMatthias Ringwald         /* int  (*set_baudrate)(uint32_t baudrate); */                    &btstack_uart_fuzz_set_baudrate,
73*1f805efeSMatthias Ringwald         /* int  (*set_parity)(int parity); */                             &btstack_uart_fuzz_set_parity,
74*1f805efeSMatthias Ringwald         /* int  (*set_flowcontrol)(int flowcontrol); */                   NULL,
75*1f805efeSMatthias Ringwald         /* void (*receive_block)(uint8_t *buffer, uint16_t len); */       &btstack_uart_fuzz_receive_block,
76*1f805efeSMatthias Ringwald         /* void (*send_block)(const uint8_t *buffer, uint16_t length); */ &btstack_uart_fuzz_send_block,
77*1f805efeSMatthias Ringwald         /* int (*get_supported_sleep_modes); */                           &btstack_uart_fuzz_get_supported_sleep_modes,
78*1f805efeSMatthias Ringwald         /* void (*set_sleep)(btstack_uart_sleep_mode_t sleep_mode); */    &btstack_uart_fuzz_set_sleep,
79*1f805efeSMatthias Ringwald         /* void (*set_wakeup_handler)(void (*handler)(void)); */          &btstack_uart_fuzz_set_wakeup_handler,
80*1f805efeSMatthias Ringwald };
81*1f805efeSMatthias Ringwald 
82*1f805efeSMatthias Ringwald static void packet_handler(uint8_t packet_type, uint8_t *packet, uint16_t size){
83*1f805efeSMatthias Ringwald     switch (packet_type) {
84*1f805efeSMatthias Ringwald         case HCI_EVENT_PACKET:
85*1f805efeSMatthias Ringwald             if (size < 2) __builtin_trap();
86*1f805efeSMatthias Ringwald             if ((2 + packet[1]) != size)__builtin_trap();
87*1f805efeSMatthias Ringwald             break;
88*1f805efeSMatthias Ringwald         case HCI_SCO_DATA_PACKET:
89*1f805efeSMatthias Ringwald             if (size < 3) __builtin_trap();
90*1f805efeSMatthias Ringwald             if ((3 + packet[2]) != size)__builtin_trap();
91*1f805efeSMatthias Ringwald             break;
92*1f805efeSMatthias Ringwald         case HCI_ACL_DATA_PACKET:
93*1f805efeSMatthias Ringwald             if (size < 3) __builtin_trap();
94*1f805efeSMatthias Ringwald             if ((4 + little_endian_read_16( packet, 2)) != size)__builtin_trap();
95*1f805efeSMatthias Ringwald             break;
96*1f805efeSMatthias Ringwald         default:
97*1f805efeSMatthias Ringwald             __builtin_trap();
98*1f805efeSMatthias Ringwald             break;
99*1f805efeSMatthias Ringwald     }
100*1f805efeSMatthias Ringwald }
101*1f805efeSMatthias Ringwald 
102*1f805efeSMatthias Ringwald int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
103*1f805efeSMatthias Ringwald     const hci_transport_t * transport = hci_transport_h4_instance(&uart_driver);
104*1f805efeSMatthias Ringwald     read_request_len = 0;
105*1f805efeSMatthias Ringwald     transport->init(&config);
106*1f805efeSMatthias Ringwald     transport->register_packet_handler(&packet_handler);
107*1f805efeSMatthias Ringwald     transport->open();
108*1f805efeSMatthias Ringwald     while (size > 0){
109*1f805efeSMatthias Ringwald         if (read_request_len == 0) __builtin_trap();
110*1f805efeSMatthias Ringwald 
111*1f805efeSMatthias Ringwald         uint16_t bytes_to_feed = btstack_min(read_request_len, size);
112*1f805efeSMatthias Ringwald         memcpy(read_request_buffer, data, bytes_to_feed);
113*1f805efeSMatthias Ringwald         size -= bytes_to_feed;
114*1f805efeSMatthias Ringwald         data += bytes_to_feed;
115*1f805efeSMatthias Ringwald         (*block_received)();
116*1f805efeSMatthias Ringwald     }
117*1f805efeSMatthias Ringwald     return 0;
118*1f805efeSMatthias Ringwald }
119