blob: 523bb8faacd212f292f98c0ab0b330336fa11c83 [file] [log] [blame]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "basic_mode_rx_engine.h"
#include "src/connectivity/bluetooth/core/bt-host/common/byte_buffer.h"
#include "src/connectivity/bluetooth/core/bt-host/hci/hci.h"
#include "src/connectivity/bluetooth/core/bt-host/l2cap/fragmenter.h"
BT_DECLARE_FAKE_DRIVER();
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
constexpr bt::hci::ConnectionHandle kTestHandle = 0x0001;
constexpr bt::l2cap::ChannelId kTestChannelId = 0x0001;
bt::l2cap::Fragmenter fragmenter(kTestHandle);
bt::l2cap::internal::BasicModeRxEngine rx_engine;
// The use of a fragmenter, to build a PDU for the receive engine, is
// admittedly counterintuitive. (In actual operation, we use a Fragmenter on
// the transmit path, and a Recombiner on the receive path.) Pragmatically,
// however, the Fragmenter is the easiest way to build a PDU.
//
// Note that using a Fragmenter to build the PDU doesn't decrease the efficacy
// of fuzzing, because the only guarantees provided by the Fragmenter are
// those that are preconditions for RxEngine::ProcessPdu().
rx_engine.ProcessPdu(fragmenter.BuildBasicFrame(
kTestChannelId, bt::BufferView(data, size)));
return 0;
}