| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (c) 2015 The WebRTC project authors. All Rights Reserved. | 2 * Copyright (c) 2015 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include "webrtc/test/fuzzers/audio_decoder_fuzzer.h" | 11 #include "webrtc/test/fuzzers/audio_decoder_fuzzer.h" |
| 12 | 12 |
| 13 #include <limits> |
| 14 |
| 13 #include "webrtc/base/checks.h" | 15 #include "webrtc/base/checks.h" |
| 16 #include "webrtc/base/optional.h" |
| 14 #include "webrtc/modules/audio_coding/codecs/audio_decoder.h" | 17 #include "webrtc/modules/audio_coding/codecs/audio_decoder.h" |
| 18 #include "webrtc/modules/rtp_rtcp/source/byte_io.h" |
| 15 | 19 |
| 16 namespace webrtc { | 20 namespace webrtc { |
| 17 namespace { | 21 namespace { |
| 18 size_t PacketSizeFromTwoBytes(const uint8_t* data, size_t size) { | 22 template <typename T, unsigned int B = sizeof(T)> |
| 19 if (size < 2) | 23 bool ParseInt(const uint8_t** data, size_t* remaining_size, T* value) { |
| 20 return 0; | 24 static_assert(std::numeric_limits<T>::is_integer, "Type must be an integer."); |
| 21 return static_cast<size_t>((data[0] << 8) + data[1]); | 25 static_assert(sizeof(T) <= sizeof(uint64_t), |
| 26 "Cannot read wider than uint64_t."); |
| 27 static_assert(B <= sizeof(T), "T must be at least B bytes wide."); |
| 28 if (B > *remaining_size) |
| 29 return false; |
| 30 uint64_t val = ByteReader<uint64_t, B>::ReadBigEndian(*data); |
| 31 *data += B; |
| 32 *remaining_size -= B; |
| 33 *value = static_cast<T>(val); |
| 34 return true; |
| 22 } | 35 } |
| 23 } // namespace | 36 } // namespace |
| 24 | 37 |
| 25 // This function reads two bytes from the beginning of |data|, interprets them | 38 // This function reads two bytes from the beginning of |data|, interprets them |
| 26 // as the first packet length, and reads this many bytes if available. The | 39 // as the first packet length, and reads this many bytes if available. The |
| 27 // payload is inserted into the decoder, and the process continues until no more | 40 // payload is inserted into the decoder, and the process continues until no more |
| 28 // data is available. | 41 // data is available. Either AudioDecoder::Decode or |
| 29 void FuzzAudioDecoder(const uint8_t* data, | 42 // AudioDecoder::DecodeRedundant is used, depending on the value of |
| 43 // |decode_type|. |
| 44 void FuzzAudioDecoder(DecoderFunctionType decode_type, |
| 45 const uint8_t* data, |
| 30 size_t size, | 46 size_t size, |
| 31 AudioDecoder* decoder, | 47 AudioDecoder* decoder, |
| 32 int sample_rate_hz, | 48 int sample_rate_hz, |
| 33 size_t max_decoded_bytes, | 49 size_t max_decoded_bytes, |
| 34 int16_t* decoded) { | 50 int16_t* decoded) { |
| 35 const uint8_t* data_ptr = data; | 51 const uint8_t* data_ptr = data; |
| 36 size_t remaining_size = size; | 52 size_t remaining_size = size; |
| 37 size_t packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size); | 53 size_t packet_len; |
| 38 while (packet_len != 0 && packet_len <= remaining_size - 2) { | 54 while (ParseInt<size_t, 2>(&data_ptr, &remaining_size, &packet_len) && |
| 39 data_ptr += 2; | 55 packet_len <= remaining_size) { |
| 40 remaining_size -= 2; | |
| 41 AudioDecoder::SpeechType speech_type; | 56 AudioDecoder::SpeechType speech_type; |
| 42 decoder->Decode(data_ptr, packet_len, sample_rate_hz, max_decoded_bytes, | 57 switch (decode_type) { |
| 43 decoded, &speech_type); | 58 case DecoderFunctionType::kNormalDecode: |
| 59 decoder->Decode(data_ptr, packet_len, sample_rate_hz, max_decoded_bytes, |
| 60 decoded, &speech_type); |
| 61 break; |
| 62 case DecoderFunctionType::kRedundantDecode: |
| 63 decoder->DecodeRedundant(data_ptr, packet_len, sample_rate_hz, |
| 64 max_decoded_bytes, decoded, &speech_type); |
| 65 break; |
| 66 } |
| 44 data_ptr += packet_len; | 67 data_ptr += packet_len; |
| 45 remaining_size -= packet_len; | 68 remaining_size -= packet_len; |
| 46 packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size); | 69 } |
| 70 } |
| 71 |
| 72 // This function is similar to FuzzAudioDecoder, but also reads fuzzed data into |
| 73 // RTP header values. The fuzzed data and values are sent to the decoder's |
| 74 // IncomingPacket method. |
| 75 void FuzzAudioDecoderIncomingPacket(const uint8_t* data, |
| 76 size_t size, |
| 77 AudioDecoder* decoder) { |
| 78 const uint8_t* data_ptr = data; |
| 79 size_t remaining_size = size; |
| 80 size_t packet_len; |
| 81 while (ParseInt<size_t, 2>(&data_ptr, &remaining_size, &packet_len)) { |
| 82 uint16_t rtp_sequence_number; |
| 83 if (!ParseInt(&data_ptr, &remaining_size, &rtp_sequence_number)) |
| 84 break; |
| 85 uint32_t rtp_timestamp; |
| 86 if (!ParseInt(&data_ptr, &remaining_size, &rtp_timestamp)) |
| 87 break; |
| 88 uint32_t arrival_timestamp; |
| 89 if (!ParseInt(&data_ptr, &remaining_size, &arrival_timestamp)) |
| 90 break; |
| 91 if (remaining_size < packet_len) |
| 92 break; |
| 93 decoder->IncomingPacket(data_ptr, packet_len, rtp_sequence_number, |
| 94 rtp_timestamp, arrival_timestamp); |
| 95 data_ptr += packet_len; |
| 96 remaining_size -= packet_len; |
| 47 } | 97 } |
| 48 } | 98 } |
| 49 } // namespace webrtc | 99 } // namespace webrtc |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1607173003:
Fuzzer tests for AudioDecoder's DecodeRedundant and IncomingPacket (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master