1 #ifndef __FUZZ_CMN_H__ 2 #define __FUZZ_CMN_H__ 3 4 #include <android-base/logging.h> 5 #include <android-base/stringprintf.h> 6 #include <errno.h> 7 #include <nfc_api.h> 8 #include <nfc_int.h> 9 #include <semaphore.h> 10 11 #include <map> 12 #include <vector> 13 using android::base::StringAppendF; 14 using android::base::StringPrintf; 15 16 #define FUZZLOG(...) LOG(VERBOSE) << __func__ << ":" << StringPrintf(__VA_ARGS__); 17 18 typedef std::vector<uint8_t> bytes_t; 19 20 std::string BytesToHex(const uint8_t* data, size_t size); 21 std::string BytesToHex(const bytes_t& data); 22 bytes_t FuzzSeqGen(size_t minLen, size_t maxLen); 23 24 extern void GKI_shutdown(); 25 26 extern "C" int LLVMFuzzerInitialize(int*, char***); 27 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size); 28 extern "C" size_t LLVMFuzzerMutate(uint8_t* Data, size_t Size, size_t MaxSize); 29 30 extern "C" void __gcov_flush(void) __attribute__((weak)); 31 32 class Fuzz_Context { 33 std::vector<std::unique_ptr<uint8_t[]>> _ScratchPtrs; 34 35 public: 36 uint8_t SubType; 37 const std::vector<bytes_t> Data; 38 39 public: Fuzz_Context(uint8_t FuzzSubType,const std::vector<bytes_t> & Packets)40 Fuzz_Context(uint8_t FuzzSubType, const std::vector<bytes_t>& Packets) 41 : SubType(FuzzSubType), Data(Packets) {} 42 43 uint8_t* GetBuffer(size_t size, const void* init_data = nullptr) { 44 auto ptr = std::make_unique<uint8_t[]>(size); 45 uint8_t* p = (uint8_t*)ptr.get(); 46 if (init_data) { 47 memcpy(p, init_data, size); 48 } else { 49 memset(p, 0, size); 50 } 51 52 _ScratchPtrs.push_back(std::move(ptr)); 53 return p; 54 } 55 ~Fuzz_Context()56 ~Fuzz_Context() {} 57 }; 58 59 extern const char fuzzer_name[]; 60 extern void Fuzz_FixPackets(std::vector<bytes_t>& Packets, uint Seed); 61 extern void Fuzz_RunPackets(const std::vector<bytes_t>& Packets); 62 63 #endif 64