1 // Copyright 2021 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 #include <cstddef>
16 #include <span>
17
18 #include "pw_bluetooth_hci/packet.h"
19 #include "pw_bluetooth_hci/uart_transport.h"
20 #include "pw_bytes/span.h"
21 #include "pw_status/status_with_size.h"
22 #include "pw_stream/null_stream.h"
23
24 namespace pw::bluetooth_hci {
25 namespace {
26
27 // A very simple structure unaware fuzzer.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)28 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
29 DecodedPacketCallback packet_callback = [](const Packet& packet) {
30 // Instead of doing nothing with the random packet content, attempt to
31 // consume the entire packet API by streaming it into the null stream.
32 stream::Writer& stream = stream::NullStream::Instance();
33
34 switch (packet.type()) {
35 case Packet::Type::kCommandPacket: {
36 const CommandPacket& command_packet = packet.command_packet();
37
38 const uint16_t opcode = command_packet.opcode();
39 stream.Write(std::as_bytes(std::span<const uint16_t>(&opcode, 1)));
40
41 const uint16_t opcode_command_field =
42 command_packet.opcode_command_field();
43 stream.Write(
44 std::as_bytes(std::span<const uint16_t>(&opcode_command_field, 1)));
45
46 const uint8_t opcode_group_field = command_packet.opcode_group_field();
47 stream.Write(
48 std::as_bytes(std::span<const uint8_t>(&opcode_group_field, 1)));
49
50 stream.Write(command_packet.parameters());
51 return;
52 }
53
54 case Packet::Type::kAsyncDataPacket: {
55 const AsyncDataPacket& async_data_packet = packet.async_data_packet();
56
57 const uint16_t handle_and_fragmentation_bits =
58 async_data_packet.handle_and_fragmentation_bits();
59 stream.Write(std::as_bytes(
60 std::span<const uint16_t>(&handle_and_fragmentation_bits, 1)));
61
62 const uint16_t handle = async_data_packet.handle();
63 stream.Write(std::as_bytes(std::span<const uint16_t>(&handle, 1)));
64
65 const uint8_t pb_flag = async_data_packet.pb_flag();
66 stream.Write(std::as_bytes(std::span<const uint8_t>(&pb_flag, 1)));
67
68 const uint8_t bc_flag = async_data_packet.bc_flag();
69 stream.Write(std::as_bytes(std::span<const uint8_t>(&bc_flag, 1)));
70
71 stream.Write(async_data_packet.data());
72 return;
73 }
74
75 case Packet::Type::kSyncDataPacket: {
76 const SyncDataPacket& sync_data_packet = packet.sync_data_packet();
77
78 const uint16_t handle_and_status_bits =
79 sync_data_packet.handle_and_status_bits();
80 stream.Write(std::as_bytes(
81 std::span<const uint16_t>(&handle_and_status_bits, 1)));
82
83 const uint16_t handle = sync_data_packet.handle();
84 stream.Write(std::as_bytes(std::span<const uint16_t>(&handle, 1)));
85
86 const uint8_t packet_status_flag =
87 sync_data_packet.packet_status_flag();
88 stream.Write(
89 std::as_bytes(std::span<const uint8_t>(&packet_status_flag, 1)));
90
91 stream.Write(sync_data_packet.data());
92 return;
93 }
94
95 case Packet::Type::kEventPacket: {
96 const EventPacket& event_packet = packet.event_packet();
97
98 const uint8_t event_code = event_packet.event_code();
99 stream.Write(std::as_bytes(std::span<const uint8_t>(&event_code, 1)));
100
101 stream.Write(event_packet.parameters());
102 return;
103 }
104
105 default:
106 return;
107 }
108 };
109
110 const StatusWithSize result =
111 DecodeHciUartData(std::as_bytes(std::span(data, size)), packet_callback);
112 result.status().IgnoreError();
113 return 0;
114 }
115
116 } // namespace
117 } // namespace pw::bluetooth_hci
118