1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef BT_STACK_FUZZ_COMMON_HELPERS_H_
18 #define BT_STACK_FUZZ_COMMON_HELPERS_H_
19
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include <cstring> // For memcpy
22 #include <vector>
23 #include "raw_address.h"
24 #include "sdp_api.h"
25
26 // Calls a function from the ops_vector
callArbitraryFunction(FuzzedDataProvider * fdp,std::vector<std::function<void (FuzzedDataProvider *)>> ops_vector)27 void callArbitraryFunction(
28 FuzzedDataProvider* fdp,
29 std::vector<std::function<void(FuzzedDataProvider*)>> ops_vector) {
30 // Choose which function we'll be calling
31 uint8_t function_id =
32 fdp->ConsumeIntegralInRange<uint8_t>(0, ops_vector.size() - 1);
33
34 // Call the function we've chosen
35 ops_vector[function_id](fdp);
36 }
37
38 template <class T>
getArbitraryVectorElement(FuzzedDataProvider * fdp,std::vector<T> vect,bool allow_null)39 T getArbitraryVectorElement(FuzzedDataProvider* fdp, std::vector<T> vect,
40 bool allow_null) {
41 // If we're allowing null, give it a 50:50 shot at returning a zero element
42 // (Or if the vector's empty)
43 if (vect.empty() || (allow_null && fdp->ConsumeBool())) {
44 return static_cast<T>(0);
45 }
46
47 // Otherwise, return an element from our vector
48 return vect.at(fdp->ConsumeIntegralInRange<size_t>(0, vect.size() - 1));
49 }
50
generateRawAddress(FuzzedDataProvider * fdp)51 RawAddress generateRawAddress(FuzzedDataProvider* fdp) {
52 RawAddress retval;
53
54 // Zero address
55 for (int i = 0; i < 6; i++) {
56 retval.address[i] = 0;
57 }
58
59 // Read as much as we can from the buffer and copy it in
60 std::vector<uint8_t> bytes = fdp->ConsumeBytes<uint8_t>(retval.kLength);
61 memcpy(retval.address, bytes.data(), bytes.size());
62
63 return retval;
64 }
65
generateArbitraryUuid(FuzzedDataProvider * fdp)66 bluetooth::Uuid generateArbitraryUuid(FuzzedDataProvider* fdp) {
67 std::vector<uint8_t> bytes_vect =
68 fdp->ConsumeBytes<uint8_t>(bluetooth::Uuid::kNumBytes128);
69 // We need it to be the correct size regardless of if fdp ran out of bytes
70 while (bytes_vect.size() < bluetooth::Uuid::kNumBytes128) {
71 bytes_vect.push_back('\0');
72 }
73
74 return bluetooth::Uuid::From128BitBE(bytes_vect.data());
75 }
76
77 #endif // BT_STACK_FUZZ_COMMON_HELPERS_H_
78