• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2023 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14 
15 #include <fuzzer/FuzzedDataProvider.h>
16 #include <pw_async/fake_dispatcher.h>
17 #include <pw_random/fuzzer.h>
18 
19 #include "pw_bluetooth_sapphire/internal/host/common/random.h"
20 #include "pw_bluetooth_sapphire/internal/host/gap/peer_cache.h"
21 #include "pw_bluetooth_sapphire/internal/host/testing/peer_fuzzer.h"
22 
23 // Lightweight harness that adds a single peer to a PeerCache and mutates it
24 // with fuzz inputs
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
26   FuzzedDataProvider fuzzed_data_provider(data, size);
27   pw::random::FuzzerRandomGenerator rng(&fuzzed_data_provider);
28   bt::set_random_generator(&rng);
29 
30   pw::async::test::FakeDispatcher dispatcher;
31   bt::gap::PeerCache peer_cache(dispatcher);
32 
33   bt::DeviceAddress addr =
34       bt::testing::MakePublicDeviceAddress(fuzzed_data_provider);
35   bool connectable = fuzzed_data_provider.ConsumeBool();
36   // NewPeer() can get stuck in an infinite loop generating a PeerId if there is
37   // no fuzzer data left.
38   if (fuzzed_data_provider.remaining_bytes() == 0) {
39     bt::set_random_generator(nullptr);
40     return 0;
41   }
42   bt::gap::Peer* const peer = peer_cache.NewPeer(addr, connectable);
43 
44   bt::gap::testing::PeerFuzzer peer_fuzzer(fuzzed_data_provider, *peer);
45   while (fuzzed_data_provider.remaining_bytes() != 0) {
46     peer_fuzzer.FuzzOneField();
47     if (fuzzed_data_provider.ConsumeBool()) {
48       dispatcher.RunUntilIdle();
49     }
50   }
51   bt::set_random_generator(nullptr);
52   return 0;
53 }
54