1 /*
2  * Copyright 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define PACKET_FUZZ_TESTING
18 #include "l2cap/l2cap_packets.h"
19 
20 #include <memory>
21 
22 #include "os/log.h"
23 #include "packet/bit_inserter.h"
24 #include "packet/raw_builder.h"
25 
26 using bluetooth::packet::BitInserter;
27 using bluetooth::packet::RawBuilder;
28 using std::vector;
29 
30 namespace bluetooth {
31 namespace l2cap {
32 
33 std::vector<void (*)(const uint8_t*, size_t)> l2cap_packet_fuzz_tests;
34 
35 DEFINE_AND_REGISTER_ExtendedInformationStartFrameReflectionFuzzTest(l2cap_packet_fuzz_tests);
36 
37 DEFINE_AND_REGISTER_StandardInformationFrameWithFcsReflectionFuzzTest(l2cap_packet_fuzz_tests);
38 
39 DEFINE_AND_REGISTER_StandardSupervisoryFrameWithFcsReflectionFuzzTest(l2cap_packet_fuzz_tests);
40 
41 DEFINE_AND_REGISTER_GroupFrameReflectionFuzzTest(l2cap_packet_fuzz_tests);
42 
43 DEFINE_AND_REGISTER_ConfigurationRequestReflectionFuzzTest(l2cap_packet_fuzz_tests);
44 
45 }  // namespace l2cap
46 }  // namespace bluetooth
47 
RunL2capPacketFuzzTest(const uint8_t * data,size_t size)48 void RunL2capPacketFuzzTest(const uint8_t* data, size_t size) {
49   if (data == nullptr || size > 65536 /* Max ACL packet size */) return;
50   for (auto test_function : bluetooth::l2cap::l2cap_packet_fuzz_tests) {
51     test_function(data, size);
52   }
53 }