int main(int argc, char *argv[])
{
otInstance *instance;
#if OPENTHREAD_EXAMPLES_POSIX
if (setjmp(gResetJump))
{
alarm(0);
#if OPENTHREAD_ENABLE_COVERAGE
__gcov_flush();
#endif
execvp(argv[0], argv);
}
#endif
#if OPENTHREAD_ENABLE_MULTIPLE_INSTANCES
size_t otInstanceBufferLength = 0;
uint8_t *otInstanceBuffer = NULL;
#endif
pseudo_reset:
otSysInit(argc, argv);
#if OPENTHREAD_ENABLE_MULTIPLE_INSTANCES
// Call to query the buffer size
(void)otInstanceInit(NULL, &otInstanceBufferLength);
// Call to allocate the buffer
otInstanceBuffer = (uint8_t *)malloc(otInstanceBufferLength);
assert(otInstanceBuffer);
// Initialize OpenThread with the buffer
instance = otInstanceInit(otInstanceBuffer, &otInstanceBufferLength);
#else
instance = otInstanceInitSingle();
#endif
assert(instance);
otCliUartInit(instance);
#if OPENTHREAD_ENABLE_DIAG
otDiagInit(instance);
#endif
while (!otSysPseudoResetWasRequested())
{
otTaskletsProcess(instance);
otSysProcessDrivers(instance);
}
otInstanceFinalize(instance);
#if OPENTHREAD_ENABLE_MULTIPLE_INSTANCES
free(otInstanceBuffer);
#endif
goto pseudo_reset;
return 0;
}
int main(int argc, char *argv[])
{
otInstance *sInstance;
#if OPENTHREAD_ENABLE_MULTIPLE_INSTANCES
size_t otInstanceBufferLength = 0;
uint8_t *otInstanceBuffer = NULL;
#endif
pseudo_reset:
PlatformInit(argc, argv);
#if OPENTHREAD_ENABLE_MULTIPLE_INSTANCES
// Call to query the buffer size
(void)otInstanceInit(NULL, &otInstanceBufferLength);
// Call to allocate the buffer
otInstanceBuffer = (uint8_t *)malloc(otInstanceBufferLength);
assert(otInstanceBuffer);
// Initialize OpenThread with the buffer
sInstance = otInstanceInit(otInstanceBuffer, &otInstanceBufferLength);
#else
sInstance = otInstanceInitSingle();
#endif
assert(sInstance);
otNcpInit(sInstance);
#if OPENTHREAD_ENABLE_DIAG
otDiagInit(sInstance);
#endif
while (!PlatformPseudoResetWasRequested())
{
otTaskletsProcess(sInstance);
PlatformProcessDrivers(sInstance);
}
otInstanceFinalize(sInstance);
#if OPENTHREAD_ENABLE_MULTIPLE_INSTANCES
free(otInstanceBuffer);
#endif
goto pseudo_reset;
return 0;
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
const otPanId panId = 0xdead;
otInstance * instance = NULL;
otMessage * message = NULL;
otError error = OT_ERROR_NONE;
otMessageSettings settings;
VerifyOrExit(size > 0);
FuzzerPlatformInit();
instance = otInstanceInitSingle();
otLinkSetPanId(instance, panId);
otIp6SetEnabled(instance, true);
otThreadSetEnabled(instance, true);
otThreadBecomeLeader(instance);
settings.mLinkSecurityEnabled = (data[0] & 0x1) != 0;
settings.mPriority = OT_MESSAGE_PRIORITY_NORMAL;
message = otIp6NewMessage(instance, &settings);
VerifyOrExit(message != NULL, error = OT_ERROR_NO_BUFS);
error = otMessageAppend(message, data + 1, static_cast<uint16_t>(size - 1));
SuccessOrExit(error);
error = otIp6Send(instance, message);
message = NULL;
exit:
if (message != NULL)
{
otMessageFree(message);
}
if (instance != NULL)
{
otInstanceFinalize(instance);
}
return 0;
}
void TestFuzz(uint32_t aSeconds)
{
// Set the radio capabilities to disable any Mac related timer dependencies
g_testPlatRadioCaps = (otRadioCaps)(kRadioCapsAckTimeout | kRadioCapsTransmitRetries);
// Set the platform function pointers
g_TransmitRadioPacket.mPsdu = g_TransmitPsdu;
g_testPlatRadioIsEnabled = testFuzzRadioIsEnabled;
g_testPlatRadioEnable = testFuzzRadioEnable;
g_testPlatRadioDisable = testFuzzRadioDisable;
g_testPlatRadioReceive = testFuzzRadioReceive;
g_testPlatRadioTransmit = testFuzzRadioTransmit;
g_testPlatRadioGetTransmitBuffer = testFuzztRadioGetTransmitBuffer;
// Initialize our timing variables
uint32_t tStart = otPlatAlarmGetNow();
uint32_t tEnd = tStart + (aSeconds * 1000);
otInstance *aInstance;
#ifdef _WIN32
uint32_t seed = (uint32_t)time(NULL);
srand(seed);
Log("Initialized seed = 0x%X", seed);
#endif
#ifdef OPENTHREAD_MULTIPLE_INSTANCE
size_t otInstanceBufferLength = 0;
uint8_t *otInstanceBuffer = NULL;
// Call to query the buffer size
(void)otInstanceInit(NULL, &otInstanceBufferLength);
// Call to allocate the buffer
otInstanceBuffer = (uint8_t *)malloc(otInstanceBufferLength);
VerifyOrQuit(otInstanceBuffer != NULL, "Failed to allocate otInstance");
memset(otInstanceBuffer, 0, otInstanceBufferLength);
// Initialize Openthread with the buffer
aInstance = otInstanceInit(otInstanceBuffer, &otInstanceBufferLength);
#else
aInstance = otInstanceInit();
#endif
VerifyOrQuit(aInstance != NULL, "Failed to initialize otInstance");
// Start the Thread network
otSetPanId(aInstance, (otPanId)0xFACE);
otInterfaceUp(aInstance);
otThreadStart(aInstance);
uint32_t countRecv = 0;
while (otPlatAlarmGetNow() < tEnd)
{
otProcessQueuedTasklets(aInstance);
if (g_testPlatAlarmSet && otPlatAlarmGetNow() >= g_testPlatAlarmNext)
{
g_testPlatAlarmSet = false;
otPlatAlarmFired(aInstance);
}
if (g_fRadioEnabled)
{
if (g_fTransmit)
{
g_fTransmit = false;
otPlatRadioTransmitDone(aInstance, &g_TransmitRadioPacket, true, kThreadError_None);
#ifdef DBG_FUZZ
Log("<== transmit");
#endif
}
if (g_RecvChannel != 0)
{
uint8_t fuzzRecvBuff[128];
RadioPacket fuzzPacket;
// Initialize the radio packet with a random length
memset(&fuzzPacket, 0, sizeof(fuzzPacket));
fuzzPacket.mPsdu = fuzzRecvBuff;
fuzzPacket.mChannel = g_RecvChannel;
fuzzPacket.mLength = (uint8_t)(otPlatRandomGet() % 127);
// Populate the length with random
for (uint8_t i = 0; i < fuzzPacket.mLength; i++)
{
fuzzRecvBuff[i] = (uint8_t)otPlatRandomGet();
}
// Clear the global flag
g_RecvChannel = 0;
// Indicate the receive complete
otPlatRadioReceiveDone(aInstance, &fuzzPacket, kThreadError_None);
countRecv++;
#ifdef DBG_FUZZ
Log("<== receive (%llu, %u bytes)", countRecv, fuzzPacket.mLength);
#endif
// Hack to get a receive poll immediately
otSetChannel(aInstance, 11);
}
}
}
Log("%u packets received", countRecv);
// Clean up the instance
otInstanceFinalize(aInstance);
#ifdef OPENTHREAD_MULTIPLE_INSTANCE
free(otInstanceBuffer);
#endif
}
