Snap for 10453563 from c24e1fb8be95bff2d48fc61e0c090e6519a11662 to mainline-sdkext-releaseaml_sdk_341510000aml_sdk_341410000aml_sdk_341110080aml_sdk_341110000aml_sdk_341010000aml_sdk_340912010android14-mainline-sdkext-release

Change-Id: If1f1e8f2fc6adc12c6dc4624dfa99ac2c810c3b8

4 files changed, 166 insertions, 2 deletions

diff --git a/Android.bp b/Android.bp
index 69f35a1..bccd1fc 100644
--- a/Android.bp
+++ b/Android.bp
@@ -45,9 +45,10 @@ cc_library {
     min_sdk_version: "Tiramisu",
     apex_available: [
         "//apex_available:platform",
-        "com.android.bluetooth",
+        "com.android.btservices",
     ],
     visibility: [
+        "//external/libldac/fuzzer",
         "//external/oss-fuzz",
         "//packages/modules/Bluetooth:__subpackages__",
         "//packages/modules/vndk/apex",
@@ -74,7 +75,7 @@ cc_library {
     min_sdk_version: "Tiramisu",
     apex_available: [
         "//apex_available:platform",
-        "com.android.bluetooth",
+        "com.android.btservices",
     ],
     visibility: [
         "//packages/modules/Bluetooth:__subpackages__",
diff --git a/fuzzer/Android.bp b/fuzzer/Android.bp
new file mode 100644
index 0000000..01f586d
--- /dev/null
+++ b/fuzzer/Android.bp
@@ -0,0 +1,26 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+    default_applicable_licenses: ["external_libldac_license"],
+}
+
+cc_fuzz {
+    name: "libldac-encode_fuzzer",
+    static_libs: ["libldacBT_enc"],
+    srcs: ["libldac_encode_fuzzer.cc"],
+    fuzz_config: {
+        componentid: 27441
+    },
+}
diff --git a/fuzzer/libldac_encode_fuzzer.cc b/fuzzer/libldac_encode_fuzzer.cc
new file mode 100644
index 0000000..501d177
--- /dev/null
+++ b/fuzzer/libldac_encode_fuzzer.cc
@@ -0,0 +1,110 @@
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stdint.h>
+#include <stddef.h>
+#include "ldacBT.h"
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <vector>
+
+constexpr LDACBT_SMPL_FMT_T kFormat[] = {
+    LDACBT_SMPL_FMT_S16, LDACBT_SMPL_FMT_S24, LDACBT_SMPL_FMT_S32,
+    LDACBT_SMPL_FMT_F32};
+constexpr int32_t kEqmidValue[] = {LDACBT_EQMID_HQ, LDACBT_EQMID_SQ,
+                                   LDACBT_EQMID_MQ};
+constexpr int32_t kChannel[] = {LDACBT_CHANNEL_MODE_STEREO,
+                                LDACBT_CHANNEL_MODE_DUAL_CHANNEL,
+                                LDACBT_CHANNEL_MODE_MONO};
+constexpr int32_t kSamplingFrequency[] = {44100, 48000, 2 * 44100, 2 * 48000};
+constexpr int32_t kLdacBtRequiredMtu = 679;
+constexpr int32_t kMaxWlValue = 4;
+constexpr int32_t kMinChValue = 1;
+constexpr int32_t kMaxChValue = 2;
+constexpr int32_t kOutputSize = 1024;
+
+class Codec {
+public:
+  Codec(const uint8_t *data, size_t size) : mFdp(data, size){};
+  ~Codec() { deInitEncoder(); }
+  bool initEncoder();
+  void deInitEncoder();
+  void encodeFrames(const uint8_t *data, size_t size);
+  void getSamplingFrequeny();
+  void getBitrate();
+  void getVersion();
+  FuzzedDataProvider mFdp;
+
+private:
+  int32_t mChannel;
+  LDACBT_SMPL_FMT_T mFormat;
+  HANDLE_LDAC_BT mHandleLdacBt;
+};
+
+bool Codec::initEncoder() {
+  mHandleLdacBt = ldacBT_get_handle();
+
+  mChannel = mFdp.PickValueInArray(kChannel);
+  mFormat = mFdp.PickValueInArray(kFormat);
+  int32_t status = ldacBT_init_handle_encode(
+      mHandleLdacBt, kLdacBtRequiredMtu, mFdp.PickValueInArray(kEqmidValue),
+      mChannel, mFormat, mFdp.PickValueInArray(kSamplingFrequency));
+  if (!status) {
+    return true;
+  }
+  return false;
+}
+
+void Codec::encodeFrames(const uint8_t *data, size_t size) {
+  int32_t pcmUsed, streamSize, frameNum;
+  unsigned char pStream[kOutputSize];
+  int32_t ch, wl, frameSize;
+  ch = (mChannel == LDAC_CCI_MONO) ? kMinChValue : kMaxChValue;
+  wl = mFormat > kMaxWlValue ? kMaxWlValue : mFormat;
+  frameSize = LDACBT_ENC_LSU * ch * wl;
+  std::vector<uint8_t> tmpData(frameSize);
+  uint8_t *readPointer = const_cast<uint8_t *>(data);
+  while (size > 0) {
+    if (size < frameSize) {
+      memcpy(tmpData.data(), data, size);
+      size = frameSize;
+      readPointer = tmpData.data();
+    }
+    ldacBT_encode(mHandleLdacBt, readPointer, &pcmUsed, pStream, &streamSize,
+                  &frameNum);
+    readPointer += frameSize;
+    size -= frameSize;
+  }
+}
+
+void Codec::getSamplingFrequeny() { ldacBT_get_sampling_freq(mHandleLdacBt); }
+
+void Codec::getBitrate() { ldacBT_get_bitrate(mHandleLdacBt); }
+
+void Codec::getVersion() { ldacBT_get_version(); }
+
+void Codec::deInitEncoder() {
+  ldacBT_close_handle(mHandleLdacBt);
+  ldacBT_free_handle(mHandleLdacBt);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t size) {
+  Codec codec(buf, size);
+  /* initEncoder() initializes mHandleLdacBt and is supposed to be called before
+     encoding begins. Hence initEncoder() is not included in the lambda
+     construct. */
+  if (codec.initEncoder()) {
+    while (codec.mFdp.remaining_bytes() > 0) {
+      auto executeFunction =
+          codec.mFdp.PickValueInArray<const std::function<void()>>({
+              [&]() { codec.encodeFrames(buf, size); },
+              [&]() { codec.getSamplingFrequeny(); },
+              [&]() { codec.getBitrate(); },
+              [&]() { codec.getVersion(); },
+          });
+      executeFunction();
+    }
+  }
+  return 0;
+}
diff --git a/fuzzer/ossfuzz.sh b/fuzzer/ossfuzz.sh
new file mode 100644
index 0000000..75b4658
--- /dev/null
+++ b/fuzzer/ossfuzz.sh
@@ -0,0 +1,27 @@
+# Copyright (C) 2022 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+$CC $CFLAGS -Iinc -c fuzzer/libldac_encode_fuzzer.cc -o libldac_encode_fuzzer.o
+$CC $CFLAGS -Iinc -c src/ldaclib.c -o src/ldaclib.o
+$CC $CFLAGS -Iinc -c src/ldacBT.c -o src/ldacBT.o
+
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE \
+    libldac_encode_fuzzer.o \
+    src/ldaclib.o \
+    src/ldacBT.o \
+    -o $OUT/libldac_encode_fuzzer
+
+zip -q $OUT/libldac_encode_fuzzer_seed_corpus.zip $SRC/corpora/*