Update packet_buffer_fuzzer to fuzz full packets.
Bug: webrtc:7728
Change-Id: I9d33404470c2ecf8d6f91c57c9dc9fd4dd821a18
Reviewed-on: https://webrtc-review.googlesource.com/77424
Commit-Queue: Philip Eliasson <philipel@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23485}diff --git a/test/fuzzers/BUILD.gn b/test/fuzzers/BUILD.gn
index 27a7425..6375dc3 100644
--- a/test/fuzzers/BUILD.gn
+++ b/test/fuzzers/BUILD.gn
@@ -23,10 +23,23 @@
]
}
+rtc_static_library("fuzz_data_helper") {
+ sources = [
+ "fuzz_data_helper.cc",
+ "fuzz_data_helper.h",
+ ]
+ deps = [
+ "../../api:array_view",
+ "../../modules/rtp_rtcp:rtp_rtcp_format",
+ ]
+ visibility = [ ":*" ] # Only targets in this file can depend on this.
+}
+
template("webrtc_fuzzer_test") {
fuzzer_test(target_name) {
forward_variables_from(invoker, "*")
deps += [
+ ":fuzz_data_helper",
":webrtc_fuzzer_main",
# Link unconditionally with webrtc's TaskQueue, regardless of
@@ -189,7 +202,7 @@
"../../modules/video_coding/",
"../../system_wrappers",
]
- libfuzzer_options = [ "max_len=2000" ]
+ libfuzzer_options = [ "max_len=200000" ]
}
webrtc_fuzzer_test("rtcp_receiver_fuzzer") {
@@ -320,7 +333,6 @@
"audio_encoder_opus_fuzzer.cc",
]
deps = [
- ":fuzz_data_helper",
"../../api:array_view",
"../../api/audio_codecs/opus:audio_encoder_opus",
"../../rtc_base:checks",
@@ -359,7 +371,6 @@
"neteq_signal_fuzzer.cc",
]
deps = [
- ":fuzz_data_helper",
"../../api:array_view",
"../../modules/audio_coding:neteq",
"../../modules/audio_coding:neteq_test_tools",
@@ -457,7 +468,6 @@
]
deps = [
":audio_processing_fuzzer_helper",
- ":fuzz_data_helper",
"../../api/audio:aec3_factory",
"../../modules/audio_processing",
"../../modules/audio_processing/aec3",
@@ -472,25 +482,12 @@
"comfort_noise_decoder_fuzzer.cc",
]
deps = [
- ":fuzz_data_helper",
"../../api:array_view",
"../../modules/audio_coding:cng",
"../../rtc_base:rtc_base_approved",
]
}
-rtc_static_library("fuzz_data_helper") {
- sources = [
- "fuzz_data_helper.cc",
- "fuzz_data_helper.h",
- ]
- deps = [
- "../../api:array_view",
- "../../modules/rtp_rtcp:rtp_rtcp_format",
- ]
- visibility = [ ":*" ] # Only targets in this file can depend on this.
-}
-
webrtc_fuzzer_test("rtp_frame_reference_finder_fuzzer") {
sources = [
"rtp_frame_reference_finder_fuzzer.cc",
diff --git a/test/fuzzers/fuzz_data_helper.h b/test/fuzzers/fuzz_data_helper.h
index b5b916f..4606de1 100644
--- a/test/fuzzers/fuzz_data_helper.h
+++ b/test/fuzzers/fuzz_data_helper.h
@@ -79,8 +79,21 @@
return data_.subview(index_to_return, bytes);
}
+ // If sizeof(T) > BytesLeft then the remaining bytes will be used and the rest
+ // of the object will be zero initialized.
+ template <typename T>
+ void CopyTo(T* object) {
+ memset(object, 0, sizeof(T));
+
+ size_t bytes_to_copy = std::min(BytesLeft(), sizeof(T));
+ memcpy(object, data_.data() + data_ix_, bytes_to_copy);
+ data_ix_ += bytes_to_copy;
+ }
+
size_t BytesRead() const { return data_ix_; }
+ size_t BytesLeft() const { return data_.size() - data_ix_; };
+
private:
rtc::ArrayView<const uint8_t> data_;
size_t data_ix_ = 0;
diff --git a/test/fuzzers/packet_buffer_fuzzer.cc b/test/fuzzers/packet_buffer_fuzzer.cc
index df6baf4..7f116f6 100644
--- a/test/fuzzers/packet_buffer_fuzzer.cc
+++ b/test/fuzzers/packet_buffer_fuzzer.cc
@@ -10,9 +10,9 @@
#include "modules/video_coding/packet_buffer.h"
#include "system_wrappers/include/clock.h"
+#include "test/fuzzers/fuzz_data_helper.h"
namespace webrtc {
-
namespace {
class NullCallback : public video_coding::OnReceivedFrameCallback {
void OnReceivedFrame(std::unique_ptr<video_coding::RtpFrameObject> frame) {}
@@ -20,27 +20,16 @@
} // namespace
void FuzzOneInput(const uint8_t* data, size_t size) {
- // Two bytes for the sequence number,
- // one byte for |is_first_packet_in_frame| and |markerBit|.
- constexpr size_t kMinDataNeeded = 3;
- if (size < kMinDataNeeded) {
- return;
- }
VCMPacket packet;
NullCallback callback;
SimulatedClock clock(0);
rtc::scoped_refptr<video_coding::PacketBuffer> packet_buffer(
video_coding::PacketBuffer::Create(&clock, 8, 1024, &callback));
+ test::FuzzDataHelper helper(rtc::ArrayView<const uint8_t>(data, size));
- size_t i = kMinDataNeeded;
- while (i < size) {
- memcpy(&packet.seqNum, &data[i - kMinDataNeeded], 2);
- packet.is_first_packet_in_frame = data[i] & 1;
- packet.markerBit = data[i] & 2;
- packet_buffer->InsertPacket(&packet);
- i += kMinDataNeeded;
- }
+ while (helper.BytesLeft())
+ helper.CopyTo(&packet);
}
} // namespace webrtc
