cras/src/fuzz/cras_hfp_slc.cc - platform/external/adhd - Git at Google

 /* Copyright 2020 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */

 #include <assert.h>
 #include <fuzzer/FuzzedDataProvider.h>
 #include <stddef.h>
 #include <stdint.h>

 extern "C" {
 #include "cras_bt_device.h"
 #include "cras_bt_log.h"
 #include "cras_hfp_slc.h"
 #include "cras_iodev_list.h"
 #include "cras_mix.h"
 #include "cras_observer.h"
 #include "cras_shm.h"
 #include "cras_system_state.h"

 struct cras_bt_event_log* btlog;
 }

 int disconnect_cb(struct hfp_slc_handle*) {
   return 0;
 }

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   FuzzedDataProvider data_provider(data, size);
   bool is_hsp = data_provider.ConsumeIntegralInRange(0, 1);
   int ag_supported_features = data_provider.ConsumeIntegral<int>();
   std::string command = data_provider.ConsumeRemainingBytesAsString();
   int fd = open("/dev/null", O_RDWR);

   struct cras_bt_device* bt_dev = cras_bt_device_create(NULL, "");
   struct hfp_slc_handle* handle = hfp_slc_create(
       fd, is_hsp, ag_supported_features, bt_dev, NULL, &disconnect_cb);
   if (!handle)
     return 0;

   handle_at_command_for_test(handle, command.c_str());

   hfp_slc_destroy(handle);
   cras_bt_device_remove(bt_dev);
   return 0;
 }

 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
   char* shm_name;
   if (asprintf(&shm_name, "/cras-%d", getpid()) < 0)
     exit(-ENOMEM);
   struct cras_server_state* exp_state =
       (struct cras_server_state*)calloc(1, sizeof(*exp_state));
   if (!exp_state)
     exit(-1);
   int rw_shm_fd = open("/dev/null", O_RDWR);
   int ro_shm_fd = open("/dev/null", O_RDONLY);
   cras_system_state_init("/tmp", shm_name, rw_shm_fd, ro_shm_fd, exp_state,
                          sizeof(*exp_state));
   free(shm_name);
   cras_observer_server_init();
   cras_mix_init(0);
   cras_iodev_list_init();
   btlog = cras_bt_event_log_init();
   return 0;
 }
	/* Copyright 2020 The Chromium OS Authors. All rights reserved.
	* Use of this source code is governed by a BSD-style license that can be
	* found in the LICENSE file.
	*/

	#include <assert.h>
	#include <fuzzer/FuzzedDataProvider.h>
	#include <stddef.h>
	#include <stdint.h>

	extern "C" {
	#include "cras_bt_device.h"
	#include "cras_bt_log.h"
	#include "cras_hfp_slc.h"
	#include "cras_iodev_list.h"
	#include "cras_mix.h"
	#include "cras_observer.h"
	#include "cras_shm.h"
	#include "cras_system_state.h"

	struct cras_bt_event_log* btlog;
	}

	int disconnect_cb(struct hfp_slc_handle*) {
	return 0;
	}

	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
	FuzzedDataProvider data_provider(data, size);
	bool is_hsp = data_provider.ConsumeIntegralInRange(0, 1);
	int ag_supported_features = data_provider.ConsumeIntegral<int>();
	std::string command = data_provider.ConsumeRemainingBytesAsString();
	int fd = open("/dev/null", O_RDWR);

	struct cras_bt_device* bt_dev = cras_bt_device_create(NULL, "");
	struct hfp_slc_handle* handle = hfp_slc_create(
	fd, is_hsp, ag_supported_features, bt_dev, NULL, &disconnect_cb);
	if (!handle)
	return 0;

	handle_at_command_for_test(handle, command.c_str());

	hfp_slc_destroy(handle);
	cras_bt_device_remove(bt_dev);
	return 0;
	}

	extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
	char* shm_name;
	if (asprintf(&shm_name, "/cras-%d", getpid()) < 0)
	exit(-ENOMEM);
	struct cras_server_state* exp_state =
	(struct cras_server_state)calloc(1, sizeof(exp_state));
	if (!exp_state)
	exit(-1);
	int rw_shm_fd = open("/dev/null", O_RDWR);
	int ro_shm_fd = open("/dev/null", O_RDONLY);
	cras_system_state_init("/tmp", shm_name, rw_shm_fd, ro_shm_fd, exp_state,
	sizeof(*exp_state));
	free(shm_name);
	cras_observer_server_init();
	cras_mix_init(0);
	cras_iodev_list_init();
	btlog = cras_bt_event_log_init();
	return 0;
	}