Fuzzing nfc ndef

[N3ur0sis]

Description

Add a fuzzing harness for NFC NDEF parsing and fix an out-of-bounds read in os_parse_ndef by validating input buffer length before parsing.

Changes include

• Bugfix (non-breaking change that solves an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (change that is not backwards-compatible and/or changes current functionality)
• Tests
• Documentation
• Other (for changes that might not fit in any category)

Breaking changes

os_parse_ndef now takes an additional in_buffer_length parameter.

Auto cherry-pick in API_LEVEL

If requested to port the commits from this PR on a dedicated API_LEVEL branch,
select the targeted one(s), or add new references if not listed:

[ ] TARGET_API_LEVEL: API_LEVEL_25
[ ] TARGET_API_LEVEL: API_LEVEL_26

This will only create the PR with cherry-picks, ready to be reviewed and merged.

Remember:

• The merge will ALWAYS be a manual operation.
• It is possible the cherry-picks don't apply correctly, mainly if previous commits have been forgotten.
• In case of failure, there is no other solution than redo the operation manually...

[Copilot]

Pull request overview

Adds bounds checking to os_parse_ndef by introducing an in_buffer_length parameter, fixing an out-of-bounds read vulnerability. Also adds a libFuzzer harness to fuzz the NFC NDEF parsing path.

Changes:

• Added in_buffer_length parameter to os_parse_ndef with input validation checks before each buffer access
• Added fuzzing harness (fuzzer_nfc_ndef.c) and CMake config for NFC NDEF parsing

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
lib_nfc/src/nfc_ndef.c	Added length parameter and bounds checks to prevent OOB reads
lib_nfc/include/nfc_ndef.h	Updated function signature
fuzzing/harness/fuzzer_nfc_ndef.c	New libFuzzer harness for os_parse_ndef and os_ndef_to_string
fuzzing/extra/nfc_ndef.cmake	CMake build config for the fuzzer

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.82%. Comparing base (5138195) to head (901e3e0).
⚠️ Report is 13 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1463   +/-   ##
=======================================
  Coverage   91.82%   91.82%           
=======================================
  Files          37       37           
  Lines        4244     4244           
  Branches      521      521           
=======================================
  Hits         3897     3897           
  Misses        257      257           
  Partials       90       90           

Flag	Coverage Δ
unittests	91.82% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.