1 /* 2 * Copyright 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define PACKET_FUZZ_TESTING 18 #include "l2cap/l2cap_packets.h" 19 20 #include <memory> 21 22 #include "os/log.h" 23 #include "packet/bit_inserter.h" 24 #include "packet/raw_builder.h" 25 26 using bluetooth::packet::BitInserter; 27 using bluetooth::packet::RawBuilder; 28 using std::vector; 29 30 namespace bluetooth { 31 namespace l2cap { 32 33 std::vector<void (*)(const uint8_t*, size_t)> l2cap_packet_fuzz_tests; 34 35 DEFINE_AND_REGISTER_ExtendedInformationStartFrameReflectionFuzzTest(l2cap_packet_fuzz_tests); 36 37 DEFINE_AND_REGISTER_StandardInformationFrameWithFcsReflectionFuzzTest(l2cap_packet_fuzz_tests); 38 39 DEFINE_AND_REGISTER_StandardSupervisoryFrameWithFcsReflectionFuzzTest(l2cap_packet_fuzz_tests); 40 41 DEFINE_AND_REGISTER_GroupFrameReflectionFuzzTest(l2cap_packet_fuzz_tests); 42 43 DEFINE_AND_REGISTER_ConfigurationRequestReflectionFuzzTest(l2cap_packet_fuzz_tests); 44 45 } // namespace l2cap 46 } // namespace bluetooth 47 RunL2capPacketFuzzTest(const uint8_t * data,size_t size)48void RunL2capPacketFuzzTest(const uint8_t* data, size_t size) { 49 if (data == nullptr || size > 65536 /* Max ACL packet size */) return; 50 for (auto test_function : bluetooth::l2cap::l2cap_packet_fuzz_tests) { 51 test_function(data, size); 52 } 53 }