webrtc/test/fuzzers/audio_decoder_fuzzer.cc - Issue 1607173003: Fuzzer tests for AudioDecoder's DecodeRedundant and IncomingPacket

Side by Side Diff: webrtc/test/fuzzers/audio_decoder_fuzzer.cc

Issue 1607173003: Fuzzer tests for AudioDecoder's DecodeRedundant and IncomingPacket (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master

Patch Set: Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (c) 2015 The WebRTC project authors. All Rights Reserved.	2 * Copyright (c) 2015 The WebRTC project authors. All Rights Reserved.

3 *	3 *

4 * Use of this source code is governed by a BSD-style license	4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source	5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found	6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may	7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.	8 * be found in the AUTHORS file in the root of the source tree.

9 */	9 */

10	10

11 #include "webrtc/test/fuzzers/audio_decoder_fuzzer.h"	11 #include "webrtc/test/fuzzers/audio_decoder_fuzzer.h"

12	12

13 #include "webrtc/base/checks.h"	13 #include "webrtc/base/checks.h"

	14 #include "webrtc/base/optional.h"

14 #include "webrtc/modules/audio_coding/codecs/audio_decoder.h"	15 #include "webrtc/modules/audio_coding/codecs/audio_decoder.h"

15	16

16 namespace webrtc {	17 namespace webrtc {

17 namespace {	18 namespace {

	19 rtc::Optional<uint64_t> ReadNBytes(const uint8_t* data, size_t size, size_t N) {
	pbos-webrtc 2016/01/20 13:16:36 This sounds like memcpy, can you rename this to "P This sounds like memcpy, can you rename this to "ParseInt" or smth? hlundin-webrtc 2016/01/21 15:18:51 Sure can do. But it is not really memcpy, dependin Show quoted text On 2016/01/20 13:16:36, pbos-webrtc wrote: > This sounds like memcpy, can you rename this to "ParseInt" or smth? Sure can do. But it is not really memcpy, depending on platform endianness, right?
	20 RTC_CHECK_LE(N, sizeof(uint64_t));

	21 RTC_CHECK_GT(N, static_cast<size_t>(0));

	22 if (size < N)

	23 return rtc::Optional<uint64_t>();

	24 uint64_t val = 0;

	25 for (size_t i = 0; i < N; ++i) {

	26 val = (val << 8) + data[i];

	27 }

	28 return rtc::Optional<uint64_t>(val);

	29 }

	30

18 size_t PacketSizeFromTwoBytes(const uint8_t* data, size_t size) {	31 size_t PacketSizeFromTwoBytes(const uint8_t* data, size_t size) {

19 if (size < 2)	32 rtc::Optional<uint64_t> val = ReadNBytes(data, size, 2);

20 return 0;	33 return val ? static_cast<size_t>(*val) : 0;

21 return static_cast<size_t>((data[0] << 8) + data[1]);	34 }

	35

	36 template <typename T>

	37 T ReadTCheckedAndIncrement(const uint8_t** data, size_t* size) {
	pbos-webrtc 2016/01/20 13:16:36 Can we do something like ReadUint? this sounds lik Can we do something like ReadUint? this sounds like it'd read something more generally, like a struct. terelius@: Can we enforce that T is an integer type somehow:? terelius 2016/01/20 13:47:27 You could do a static_assert on std::numeric_limit Show quoted text On 2016/01/20 13:16:36, pbos-webrtc wrote: > Can we do something like ReadUint? this sounds like it'd read something more > generally, like a struct. > > terelius@: Can we enforce that T is an integer type somehow:? You could do a static_assert on std::numeric_limits<T>::is_integer which is true for the built-in integer types including bool, but false for floating point numbers and types which do not explicitly specialize numeric_limits. Depending on what you want to allow and whether the C++11 type_traits library is ok to use, I think std::is_fundamental might be better. As far as I can tell, the existing code would work fine with floating point types too. terelius 2016/01/20 13:50:06 Hm, actually it won't. std::numeric_limits<T>::is_ Show quoted text On 2016/01/20 13:47:27, terelius wrote: > On 2016/01/20 13:16:36, pbos-webrtc wrote: > > Can we do something like ReadUint? this sounds like it'd read something more > > generally, like a struct. > > > > terelius@: Can we enforce that T is an integer type somehow:? > > You could do a static_assert on std::numeric_limits<T>::is_integer which is true > for the built-in integer types including bool, but false for floating point > numbers and types which do not explicitly specialize numeric_limits. > > Depending on what you want to allow and whether the C++11 type_traits library is > ok to use, I think std::is_fundamental might be better. As far as I can tell, > the existing code would work fine with floating point types too. Hm, actually it won't. std::numeric_limits<T>::is_integer is probably the best option then. hlundin-webrtc 2016/01/21 15:18:51 Done. Show quoted text On 2016/01/20 13:50:06, terelius wrote: > On 2016/01/20 13:47:27, terelius wrote: > > On 2016/01/20 13:16:36, pbos-webrtc wrote: > > > Can we do something like ReadUint? this sounds like it'd read something more > > > generally, like a struct. > > > > > > terelius@: Can we enforce that T is an integer type somehow:? > > > > You could do a static_assert on std::numeric_limits<T>::is_integer which is > true > > for the built-in integer types including bool, but false for floating point > > numbers and types which do not explicitly specialize numeric_limits. > > > > Depending on what you want to allow and whether the C++11 type_traits library > is > > ok to use, I think std::is_fundamental might be better. As far as I can tell, > > the existing code would work fine with floating point types too. > > Hm, actually it won't. std::numeric_limits<T>::is_integer is probably the best > option then. Done.
	38 static_assert(sizeof(T) <= sizeof(uint64_t),

	39 "Cannot read wider than uint64_t.");

	40 const size_t N = sizeof(T);

	41 rtc::Optional<uint64_t> val = ReadNBytes(data, size, N);

	42 RTC_CHECK(val);

	43 *data += N;

	44 RTC_DCHECK_GE(size, N); // Make extra sure we don't wrap size.

	45 *size -= N;

	46 return static_cast<T>(*val);

22 }	47 }

23 } // namespace	48 } // namespace

24	49

25 // This function reads two bytes from the beginning of \|data\|, interprets them	50 // This function reads two bytes from the beginning of \|data\|, interprets them

26 // as the first packet length, and reads this many bytes if available. The	51 // as the first packet length, and reads this many bytes if available. The

27 // payload is inserted into the decoder, and the process continues until no more	52 // payload is inserted into the decoder, and the process continues until no more

28 // data is available.	53 // data is available.

29 void FuzzAudioDecoder(const uint8_t* data,	54 void FuzzAudioDecoder(const uint8_t* data,

30 size_t size,	55 size_t size,

31 AudioDecoder* decoder,	56 AudioDecoder* decoder,

32 int sample_rate_hz,	57 int sample_rate_hz,

33 size_t max_decoded_bytes,	58 size_t max_decoded_bytes,

34 int16_t* decoded) {	59 int16_t* decoded) {

35 const uint8_t* data_ptr = data;	60 const uint8_t* data_ptr = data;

36 size_t remaining_size = size;	61 size_t remaining_size = size;

37 size_t packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);	62 size_t packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);

38 while (packet_len != 0 && packet_len <= remaining_size - 2) {	63 while (packet_len != 0 && packet_len + 2 <= remaining_size) {
	hlundin-webrtc 2016/01/20 12:24:59 (Turned out to be a bad idea to subtract from a si (Turned out to be a bad idea to subtract from a size_t before knowing the value of it...) pbos-webrtc 2016/01/20 13:16:36 :D Show quoted text On 2016/01/20 12:24:59, hlundin-webrtc wrote: > (Turned out to be a bad idea to subtract from a size_t before knowing the value > of it...) :D
39 data_ptr += 2;	64 data_ptr += 2;

40 remaining_size -= 2;	65 remaining_size -= 2;

41 AudioDecoder::SpeechType speech_type;	66 AudioDecoder::SpeechType speech_type;

42 decoder->Decode(data_ptr, packet_len, sample_rate_hz, max_decoded_bytes,	67 decoder->Decode(data_ptr, packet_len, sample_rate_hz, max_decoded_bytes,

43 decoded, &speech_type);	68 decoded, &speech_type);

44 data_ptr += packet_len;	69 data_ptr += packet_len;

45 remaining_size -= packet_len;	70 remaining_size -= packet_len;

46 packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);	71 packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);

47 }	72 }

48 }	73 }

	74

	75 // This function is identical to FuzzAudioDecoder above, with the distinction

	76 // that it call DecodeRedundant instead of Decode.

	77 void FuzzAudioDecoderRedundant(const uint8_t* data,

	78 size_t size,

	79 AudioDecoder* decoder,

	80 int sample_rate_hz,

	81 size_t max_decoded_bytes,

	82 int16_t* decoded) {

	83 const uint8_t* data_ptr = data;

	84 size_t remaining_size = size;

	85 size_t packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);

	86 while (packet_len != 0 && packet_len + 2 <= remaining_size) {

	87 data_ptr += 2;

	88 remaining_size -= 2;

	89 AudioDecoder::SpeechType speech_type;

	90 decoder->DecodeRedundant(data_ptr, packet_len, sample_rate_hz,

	91 max_decoded_bytes, decoded, &speech_type);

	92 data_ptr += packet_len;

	93 remaining_size -= packet_len;

	94 packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);

	95 }

	96 }

	97

	98 // This function is similar to FuzzAudioDecoder, but also reads fuzzed data into

	99 // RTP header values. The fuzzed data and values are sent to the decoder's

	100 // IncomingPacket method.

	101 void FuzzAudioDecoderIncomingPacket(const uint8_t* data,

	102 size_t size,

	103 AudioDecoder* decoder) {

	104 const uint8_t* data_ptr = data;

	105 size_t remaining_size = size;

	106 size_t packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);

	107 // Sum length of rtp_sequence_number, rtp_timestamp, and arrival_timestamp.

	108 const size_t header_len = sizeof(uint16_t) + 2 * sizeof(uint32_t);

	109 while (packet_len != 0 && packet_len + 2 + header_len <= remaining_size) {

	110 data_ptr += 2;

	111 remaining_size -= 2;

	112 const uint16_t rtp_sequence_number =

	113 ReadTCheckedAndIncrement<uint16_t>(&data_ptr, &remaining_size);

	114 const uint32_t rtp_timestamp =

	115 ReadTCheckedAndIncrement<uint32_t>(&data_ptr, &remaining_size);

	116 const uint32_t arrival_timestamp =

	117 ReadTCheckedAndIncrement<uint32_t>(&data_ptr, &remaining_size);

	118 decoder->IncomingPacket(data_ptr, packet_len, rtp_sequence_number,

	119 rtp_timestamp, arrival_timestamp);

	120 data_ptr += packet_len;

	121 remaining_size -= packet_len;

	122 packet_len = PacketSizeFromTwoBytes(data_ptr, remaining_size);

	123 }

	124 }

49 } // namespace webrtc	125 } // namespace webrtc

OLD	NEW

« no previous file with comments | « webrtc/test/fuzzers/audio_decoder_fuzzer.h ('k') | webrtc/test/fuzzers/audio_decoder_isac_incoming_packet_fuzzer.cc » ('j') | no next file with comments »