1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef BT_STACK_FUZZ_COMMON_HELPERS_H_
18 #define BT_STACK_FUZZ_COMMON_HELPERS_H_
19
20 #include <fuzzer/FuzzedDataProvider.h>
21
22 #include <cstring> // For memcpy
23 #include <functional>
24 #include <vector>
25
26 #include "types/bluetooth/uuid.h"
27 #include "types/raw_address.h"
28
29 // Calls a function from the ops_vector
callArbitraryFunction(FuzzedDataProvider * fdp,std::vector<std::function<void (FuzzedDataProvider *)>> ops_vector)30 void callArbitraryFunction(
31 FuzzedDataProvider* fdp,
32 std::vector<std::function<void(FuzzedDataProvider*)>> ops_vector) {
33 // Choose which function we'll be calling
34 uint8_t function_id =
35 fdp->ConsumeIntegralInRange<uint8_t>(0, ops_vector.size() - 1);
36
37 // Call the function we've chosen
38 ops_vector[function_id](fdp);
39 }
40
41 template <class T>
getArbitraryVectorElement(FuzzedDataProvider * fdp,std::vector<T> vect,bool allow_null)42 T getArbitraryVectorElement(FuzzedDataProvider* fdp, std::vector<T> vect,
43 bool allow_null) {
44 // If we're allowing null, give it a 50:50 shot at returning a zero element
45 // (Or if the vector's empty)
46 if (vect.empty() || (allow_null && fdp->ConsumeBool())) {
47 return static_cast<T>(0);
48 }
49
50 // Otherwise, return an element from our vector
51 return vect.at(fdp->ConsumeIntegralInRange<size_t>(0, vect.size() - 1));
52 }
53
generateRawAddress(FuzzedDataProvider * fdp)54 RawAddress generateRawAddress(FuzzedDataProvider* fdp) {
55 RawAddress retval;
56
57 // Zero address
58 for (int i = 0; i < 6; i++) {
59 retval.address[i] = 0;
60 }
61
62 // Read as much as we can from the buffer and copy it in
63 std::vector<uint8_t> bytes = fdp->ConsumeBytes<uint8_t>(retval.kLength);
64 memcpy(retval.address, bytes.data(), bytes.size());
65
66 return retval;
67 }
68
generateArbitraryUuid(FuzzedDataProvider * fdp)69 bluetooth::Uuid generateArbitraryUuid(FuzzedDataProvider* fdp) {
70 std::vector<uint8_t> bytes_vect =
71 fdp->ConsumeBytes<uint8_t>(bluetooth::Uuid::kNumBytes128);
72 // We need it to be the correct size regardless of if fdp ran out of bytes
73 while (bytes_vect.size() < bluetooth::Uuid::kNumBytes128) {
74 bytes_vect.push_back('\0');
75 }
76
77 return bluetooth::Uuid::From128BitBE(bytes_vect.data());
78 }
79
80 #endif // BT_STACK_FUZZ_COMMON_HELPERS_H_
81