| Index: webrtc/test/fuzzers/transport_feedback_packet_loss_tracker_fuzzer.cc
|
| diff --git a/webrtc/test/fuzzers/transport_feedback_packet_loss_tracker_fuzzer.cc b/webrtc/test/fuzzers/transport_feedback_packet_loss_tracker_fuzzer.cc
|
| index 762813385632171397377dc6845808a22cc3495b..94b916c6c54bc62eb6a6fb5c2585d4bfa0980c53 100644
|
| --- a/webrtc/test/fuzzers/transport_feedback_packet_loss_tracker_fuzzer.cc
|
| +++ b/webrtc/test/fuzzers/transport_feedback_packet_loss_tracker_fuzzer.cc
|
| @@ -19,6 +19,15 @@ namespace webrtc {
|
|
|
| namespace {
|
|
|
| +template <typename T>
|
| +T FuzzInput(const uint8_t*& data, size_t& size) {
|
| + RTC_CHECK(size >= sizeof(T));
|
| + T rc = ByteReader<T>::ReadBigEndian(data);
|
| + data += sizeof(T);
|
| + size -= sizeof(T);
|
| + return rc;
|
| +}
|
| +
|
| using TransportFeedback = rtcp::TransportFeedback;
|
|
|
| class FuzzTransportFeedback final : public rtcp::TransportFeedbackInterface {
|
| @@ -116,25 +125,33 @@ class FuzzTransportFeedback final : public rtcp::TransportFeedbackInterface {
|
| } // namespace
|
|
|
| void FuzzOneInput(const uint8_t* data, size_t size) {
|
| - if (size < sizeof(uint32_t)) {
|
| + if (size < 3 * sizeof(uint16_t)) {
|
| return;
|
| }
|
| constexpr size_t kSeqNumHalf = 0x8000u;
|
| +
|
| + // Produce min-window, max-window and min_pairs_num_for_rplr, such that:
|
| + // a. min <= max <= kSeqNumHalf
|
| + // b. 1 <= min_pairs_num_for_rplr <= max - 1 (fencepost)
|
| + // Because of /b/, both min and max can't be below 2.
|
| +
|
| const size_t window_size_1 = std::min(
|
| kSeqNumHalf,
|
| - static_cast<size_t>(std::max(static_cast<uint16_t>(1),
|
| - ByteReader<uint16_t>::ReadBigEndian(data))));
|
| - data += sizeof(uint16_t);
|
| + static_cast<size_t>(std::max(static_cast<uint16_t>(2),
|
| + FuzzInput<uint16_t>(data, size))));
|
| const size_t window_size_2 = std::min(
|
| kSeqNumHalf,
|
| + static_cast<size_t>(std::max(static_cast<uint16_t>(2),
|
| + FuzzInput<uint16_t>(data, size))));
|
| + const size_t min_window_size = std::min(window_size_1, window_size_2);
|
| + const size_t max_window_size = std::max(window_size_1, window_size_2);
|
| + const size_t min_pairs_num_for_rplr = std::min(
|
| + max_window_size - 1,
|
| static_cast<size_t>(std::max(static_cast<uint16_t>(1),
|
| - ByteReader<uint16_t>::ReadBigEndian(data))));
|
| - data += sizeof(uint16_t);
|
| - size -= 2 * sizeof(uint16_t);
|
| + FuzzInput<uint16_t>(data, size))));
|
|
|
| TransportFeedbackPacketLossTracker tracker(
|
| - std::min(window_size_1, window_size_2),
|
| - std::max(window_size_1, window_size_2));
|
| + min_window_size, max_window_size, min_pairs_num_for_rplr);
|
| FuzzTransportFeedback feedback(rtc::ArrayView<const uint8_t>(data, size));
|
| while (!feedback.ended()) {
|
| tracker.OnReceivedTransportFeedback(feedback);
|
|
|
Chromium Code Reviews
Issue 2629883003:
First-order-FEC recoverability calculation (Closed)
