1 // Copyright 2023 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 #include <fuzzer/FuzzedDataProvider.h>
16
17 #include "pw_bluetooth_sapphire/internal/host/sdp/pdu.h"
18
19 namespace bt::sdp {
20
fuzz(const uint8_t * data,size_t size)21 void fuzz(const uint8_t* data, size_t size) {
22 FuzzedDataProvider fuzzed_data(data, size);
23 uint8_t type = fuzzed_data.ConsumeIntegral<uint8_t>();
24 std::vector<uint8_t> remaining_bytes =
25 fuzzed_data.ConsumeRemainingBytes<uint8_t>();
26 DynamicByteBuffer buf(remaining_bytes.size());
27 if (buf.size() != 0) {
28 memcpy(buf.mutable_data(), remaining_bytes.data(), remaining_bytes.size());
29 }
30 fit::result<Error<>> status = fit::ok();
31 ErrorResponse error_response;
32 ServiceSearchResponse service_search_response;
33 ServiceAttributeResponse service_attribute_response;
34 ServiceSearchAttributeResponse service_search_attribute_response;
35 switch (type % 4) {
36 case 0:
37 status = error_response.Parse(buf);
38 break;
39 case 1:
40 status = service_search_response.Parse(buf);
41 break;
42 case 2:
43 status = service_attribute_response.Parse(buf);
44 break;
45 case 3:
46 status = service_search_attribute_response.Parse(buf);
47 break;
48 }
49 }
50
51 } // namespace bt::sdp
52
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)53 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
54 bt::sdp::fuzz(data, size);
55 return 0;
56 }
57