diff options
| author | philipel <philipel@webrtc.org> | 2018-05-17 16:44:47 +0200 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2018-06-01 10:00:36 +0000 |
| commit | 0c87e293c9a3c0c46fdd825c3f303e3dd4b0ba93 (patch) | |
| tree | 2ec6d17f149df4492dd87f52a822743363329e87 /test | |
| parent | f2fae875d589ec49d0bd9bb3f8514d5fc3e43efa (diff) | |
| download | webrtc-0c87e293c9a3c0c46fdd825c3f303e3dd4b0ba93.tar.gz | |
Update packet_buffer_fuzzer to fuzz full packets.
Bug: webrtc:7728
Change-Id: I9d33404470c2ecf8d6f91c57c9dc9fd4dd821a18
Reviewed-on: https://webrtc-review.googlesource.com/77424
Commit-Queue: Philip Eliasson <philipel@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23485}
Diffstat (limited to 'test')
| -rw-r--r-- | test/fuzzers/BUILD.gn | 31 | ||||
| -rw-r--r-- | test/fuzzers/fuzz_data_helper.h | 13 | ||||
| -rw-r--r-- | test/fuzzers/packet_buffer_fuzzer.cc | 19 |
3 files changed, 31 insertions, 32 deletions
diff --git a/test/fuzzers/BUILD.gn b/test/fuzzers/BUILD.gn index 27a74255c6..6375dc397e 100644 --- a/test/fuzzers/BUILD.gn +++ b/test/fuzzers/BUILD.gn @@ -23,10 +23,23 @@ rtc_static_library("webrtc_fuzzer_main") { ] } +rtc_static_library("fuzz_data_helper") { + sources = [ + "fuzz_data_helper.cc", + "fuzz_data_helper.h", + ] + deps = [ + "../../api:array_view", + "../../modules/rtp_rtcp:rtp_rtcp_format", + ] + visibility = [ ":*" ] # Only targets in this file can depend on this. +} + template("webrtc_fuzzer_test") { fuzzer_test(target_name) { forward_variables_from(invoker, "*") deps += [ + ":fuzz_data_helper", ":webrtc_fuzzer_main", # Link unconditionally with webrtc's TaskQueue, regardless of @@ -189,7 +202,7 @@ webrtc_fuzzer_test("packet_buffer_fuzzer") { "../../modules/video_coding/", "../../system_wrappers", ] - libfuzzer_options = [ "max_len=2000" ] + libfuzzer_options = [ "max_len=200000" ] } webrtc_fuzzer_test("rtcp_receiver_fuzzer") { @@ -320,7 +333,6 @@ webrtc_fuzzer_test("audio_encoder_opus_fuzzer") { "audio_encoder_opus_fuzzer.cc", ] deps = [ - ":fuzz_data_helper", "../../api:array_view", "../../api/audio_codecs/opus:audio_encoder_opus", "../../rtc_base:checks", @@ -359,7 +371,6 @@ webrtc_fuzzer_test("neteq_signal_fuzzer") { "neteq_signal_fuzzer.cc", ] deps = [ - ":fuzz_data_helper", "../../api:array_view", "../../modules/audio_coding:neteq", "../../modules/audio_coding:neteq_test_tools", @@ -457,7 +468,6 @@ webrtc_fuzzer_test("audio_processing_fuzzer") { ] deps = [ ":audio_processing_fuzzer_helper", - ":fuzz_data_helper", "../../api/audio:aec3_factory", "../../modules/audio_processing", "../../modules/audio_processing/aec3", @@ -472,25 +482,12 @@ webrtc_fuzzer_test("comfort_noise_decoder_fuzzer") { "comfort_noise_decoder_fuzzer.cc", ] deps = [ - ":fuzz_data_helper", "../../api:array_view", "../../modules/audio_coding:cng", "../../rtc_base:rtc_base_approved", ] } -rtc_static_library("fuzz_data_helper") { - sources = [ - "fuzz_data_helper.cc", - "fuzz_data_helper.h", - ] - deps = [ - "../../api:array_view", - "../../modules/rtp_rtcp:rtp_rtcp_format", - ] - visibility = [ ":*" ] # Only targets in this file can depend on this. -} - webrtc_fuzzer_test("rtp_frame_reference_finder_fuzzer") { sources = [ "rtp_frame_reference_finder_fuzzer.cc", diff --git a/test/fuzzers/fuzz_data_helper.h b/test/fuzzers/fuzz_data_helper.h index b5b916fecf..4606de1b26 100644 --- a/test/fuzzers/fuzz_data_helper.h +++ b/test/fuzzers/fuzz_data_helper.h @@ -79,8 +79,21 @@ class FuzzDataHelper { return data_.subview(index_to_return, bytes); } + // If sizeof(T) > BytesLeft then the remaining bytes will be used and the rest + // of the object will be zero initialized. + template <typename T> + void CopyTo(T* object) { + memset(object, 0, sizeof(T)); + + size_t bytes_to_copy = std::min(BytesLeft(), sizeof(T)); + memcpy(object, data_.data() + data_ix_, bytes_to_copy); + data_ix_ += bytes_to_copy; + } + size_t BytesRead() const { return data_ix_; } + size_t BytesLeft() const { return data_.size() - data_ix_; }; + private: rtc::ArrayView<const uint8_t> data_; size_t data_ix_ = 0; diff --git a/test/fuzzers/packet_buffer_fuzzer.cc b/test/fuzzers/packet_buffer_fuzzer.cc index df6baf48e5..7f116f6162 100644 --- a/test/fuzzers/packet_buffer_fuzzer.cc +++ b/test/fuzzers/packet_buffer_fuzzer.cc @@ -10,9 +10,9 @@ #include "modules/video_coding/packet_buffer.h" #include "system_wrappers/include/clock.h" +#include "test/fuzzers/fuzz_data_helper.h" namespace webrtc { - namespace { class NullCallback : public video_coding::OnReceivedFrameCallback { void OnReceivedFrame(std::unique_ptr<video_coding::RtpFrameObject> frame) {} @@ -20,27 +20,16 @@ class NullCallback : public video_coding::OnReceivedFrameCallback { } // namespace void FuzzOneInput(const uint8_t* data, size_t size) { - // Two bytes for the sequence number, - // one byte for |is_first_packet_in_frame| and |markerBit|. - constexpr size_t kMinDataNeeded = 3; - if (size < kMinDataNeeded) { - return; - } VCMPacket packet; NullCallback callback; SimulatedClock clock(0); rtc::scoped_refptr<video_coding::PacketBuffer> packet_buffer( video_coding::PacketBuffer::Create(&clock, 8, 1024, &callback)); + test::FuzzDataHelper helper(rtc::ArrayView<const uint8_t>(data, size)); - size_t i = kMinDataNeeded; - while (i < size) { - memcpy(&packet.seqNum, &data[i - kMinDataNeeded], 2); - packet.is_first_packet_in_frame = data[i] & 1; - packet.markerBit = data[i] & 2; - packet_buffer->InsertPacket(&packet); - i += kMinDataNeeded; - } + while (helper.BytesLeft()) + helper.CopyTo(&packet); } } // namespace webrtc |