commit 9aa870a2d107560864f8e78a438789534f777734
author Chen Xing <chxg@google.com> Fri Jun 21 08:48:59 2019
committer Commit Bot <commit-bot@chromium.org> Mon Jun 24 07:42:31 2019
tree 50660fff1feeeea539fae5fc555baad9cd177a50
parent 214f54365ec210db76218a35ead66c9ce23e068e

Fixing fuzzer by backing up and restoring `packet_info`.

This change fixes `packet_buffer_fuzzer` so that it doesn't attempt to fuzz `std::vector`.

Bug: chromium:977309 chromium:977411 chromium:977421 chromium:977422 chromium:977454 chromium:977455 chromium:977477 chromium:977457
Change-Id: I0845d7f53008606c2a8b5943ef58fd35a9eb1085
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/143171
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Chen Xing <chxg@google.com>
Cr-Commit-Position: refs/heads/master@{#28344}

test/fuzzers/packet_buffer_fuzzer.cc

diff --git a/test/fuzzers/packet_buffer_fuzzer.cc b/test/fuzzers/packet_buffer_fuzzer.cc
index 709c14c..f8067b7 100644
--- a/test/fuzzers/packet_buffer_fuzzer.cc
+++ b/test/fuzzers/packet_buffer_fuzzer.cc
@@ -32,23 +32,27 @@
   test::FuzzDataHelper helper(rtc::ArrayView<const uint8_t>(data, size));
 
   while (helper.BytesLeft()) {
-    // The RTPVideoHeader is a complex type, so overwriting it with random data
-    // will put it in an invalid state. Therefore we save/restore it.
+    // Complex types (e.g. non-POD-like types) can't be bit-wise fuzzed with
+    // random data or it will put them in an invalid state. We therefore backup
+    // their byte-patterns before the fuzzing and restore them after.
     uint8_t video_header_backup[sizeof(packet.video_header)];
     memcpy(&video_header_backup, &packet.video_header,
            sizeof(packet.video_header));
-
     uint8_t generic_descriptor_backup[sizeof(packet.generic_descriptor)];
     memcpy(&generic_descriptor_backup, &packet.generic_descriptor,
            sizeof(packet.generic_descriptor));
+    uint8_t packet_info_backup[sizeof(packet.packet_info)];
+    memcpy(&packet_info_backup, &packet.packet_info,
+           sizeof(packet.packet_info));
 
     helper.CopyTo(&packet);
 
     memcpy(&packet.video_header, &video_header_backup,
            sizeof(packet.video_header));
-
     memcpy(&packet.generic_descriptor, &generic_descriptor_backup,
            sizeof(packet.generic_descriptor));
+    memcpy(&packet.packet_info, &packet_info_backup,
+           sizeof(packet.packet_info));
 
     // The packet buffer owns the payload of the packet.
     uint8_t payload_size;