Fuzzing for video_coding::FrameBuffer2.

Bug: webrtc:7728 Change-Id: I712289a82d408dde1db73a1cc44f0c69a6b639ff Reviewed-on: https://webrtc-review.googlesource.com/31841 Commit-Queue: Philip Eliasson <philipel@webrtc.org> Reviewed-by: Stefan Holmer <stefan@webrtc.org> Reviewed-by: Niels Moller <nisse@webrtc.org> Cr-Commit-Position: refs/heads/master@{#23282}
author: philipel <philipel@webrtc.org> 2018-05-17 13:34:53 +0200
committer: Commit Bot <commit-bot@chromium.org> 2018-05-17 12:41:41 +0000
commit: 1e9cf7faf8c979066679307a77c753f7cab597eb (patch)
tree: 62983d4610a0be0c3ee57f833454fd63b22c4e81 /test
parent: 8b7ca4abb20179a952669cb123a1bdfac5ba89c8 (diff)
download: webrtc-1e9cf7faf8c979066679307a77c753f7cab597eb.tar.gz
2 files changed, 110 insertions, 0 deletions
diff --git a/test/fuzzers/BUILD.gn b/test/fuzzers/BUILD.gn
index 2e7ea0ffdc..89d9d1b8ae 100644
--- a/test/fuzzers/BUILD.gn
+++ b/test/fuzzers/BUILD.gn
@@ -501,3 +501,14 @@ webrtc_fuzzer_test("rtp_frame_reference_finder_fuzzer") {
   ]
   libfuzzer_options = [ "max_len=20000" ]
 }
+
+webrtc_fuzzer_test("frame_buffer2_fuzzer") {
+  sources = [
+    "frame_buffer2_fuzzer.cc",
+  ]
+  deps = [
+    "../../modules/video_coding/",
+    "../../system_wrappers:system_wrappers",
+  ]
+  libfuzzer_options = [ "max_len=10000" ]
+}
diff --git a/test/fuzzers/frame_buffer2_fuzzer.cc b/test/fuzzers/frame_buffer2_fuzzer.cc
new file mode 100644
index 0000000000..57f0c74a7e
--- /dev/null
+++ b/test/fuzzers/frame_buffer2_fuzzer.cc
@@ -0,0 +1,99 @@
+/*
+ *  Copyright (c) 2017 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#include "modules/video_coding/frame_buffer2.h"
+
+#include "modules/video_coding/jitter_estimator.h"
+#include "modules/video_coding/timing.h"
+#include "system_wrappers/include/clock.h"
+
+namespace webrtc {
+
+namespace {
+
+// When DataReader runs out of data provided in the constructor it will
+// just set/return 0 instead.
+struct DataReader {
+  DataReader(const uint8_t* data, size_t size) : data_(data), size_(size) {}
+
+  void CopyTo(void* destination, size_t dest_size) {
+    memset(destination, 0, dest_size);
+
+    size_t bytes_to_copy = std::min(size_ - offset_, dest_size);
+    memcpy(destination, data_ + offset_, bytes_to_copy);
+    offset_ += bytes_to_copy;
+  }
+
+  template <typename T>
+  T GetNum() {
+    T res;
+    if (offset_ + sizeof(res) < size_) {
+      memcpy(&res, data_ + offset_, sizeof(res));
+      offset_ += sizeof(res);
+      return res;
+    }
+
+    offset_ = size_;
+    return T(0);
+  }
+
+  bool MoreToRead() { return offset_ < size_; }
+
+  const uint8_t* const data_;
+  size_t size_;
+  size_t offset_ = 0;
+};
+
+class FuzzyFrameObject : public video_coding::EncodedFrame {
+ public:
+  FuzzyFrameObject() {}
+  ~FuzzyFrameObject() {}
+
+  bool GetBitstream(uint8_t* destination) const override { return false; }
+  uint32_t Timestamp() const override { return timestamp; }
+  int64_t ReceivedTime() const override { return 0; }
+  int64_t RenderTime() const override { return _renderTimeMs; }
+};
+}  // namespace
+
+void FuzzOneInput(const uint8_t* data, size_t size) {
+  DataReader reader(data, size);
+  Clock* clock = Clock::GetRealTimeClock();
+  VCMJitterEstimator jitter_estimator(clock, 0, 0);
+  VCMTiming timing(clock);
+  video_coding::FrameBuffer frame_buffer(clock, &jitter_estimator, &timing,
+                                         nullptr);
+
+  while (reader.MoreToRead()) {
+    if (reader.GetNum<uint8_t>() & 1) {
+      std::unique_ptr<FuzzyFrameObject> frame(new FuzzyFrameObject());
+      frame->id.picture_id = reader.GetNum<int64_t>();
+      frame->id.spatial_layer = reader.GetNum<uint8_t>();
+      frame->timestamp = reader.GetNum<uint32_t>();
+      frame->num_references = reader.GetNum<uint8_t>() %
+                              video_coding::EncodedFrame::kMaxFrameReferences;
+
+      for (size_t r = 0; r < frame->num_references; ++r)
+        frame->references[r] = reader.GetNum<int64_t>();
+
+      frame_buffer.InsertFrame(std::move(frame));
+    } else {
+      // Since we are not trying to trigger race conditions it does not make
+      // sense to have a wait time > 0.
+      const int kWaitTimeMs = 0;
+
+      std::unique_ptr<video_coding::EncodedFrame> frame(new FuzzyFrameObject());
+      bool keyframe_required = reader.GetNum<uint8_t>() % 2;
+      frame_buffer.NextFrame(kWaitTimeMs, &frame, keyframe_required);
+    }
+  }
+}
+
+}  // namespace webrtc
author	philipel <philipel@webrtc.org>	2018-05-17 13:34:53 +0200
committer	Commit Bot <commit-bot@chromium.org>	2018-05-17 12:41:41 +0000
commit	1e9cf7faf8c979066679307a77c753f7cab597eb (patch)
tree	62983d4610a0be0c3ee57f833454fd63b22c4e81 /test
parent	8b7ca4abb20179a952669cb123a1bdfac5ba89c8 (diff)
download	webrtc-1e9cf7faf8c979066679307a77c753f7cab597eb.tar.gz