Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/fuzzers/frame_buffer2_fuzzer.cc

Issue 2942613002: Fuzzing for video_coding::FrameBuffer2
Patch Set: Rebase + updated to int64_t picture ids Created 3 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « test/fuzzers/BUILD.gn ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * Copyright (c) 2017 The WebRTC project authors. All Rights Reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include "modules/video_coding/frame_buffer2.h"
12
13 #include "modules/video_coding/jitter_estimator.h"
14 #include "modules/video_coding/timing.h"
15 #include "system_wrappers/include/clock.h"
16
17 namespace webrtc {
18
19 namespace {
20 template <typename T>
21 T ReadNum(const uint8_t* data, size_t* offset, size_t max_size) {
22 RTC_CHECK(*offset + sizeof(T) < max_size);
23 T res = *reinterpret_cast<const T*>(data + *offset);
24 *offset += sizeof(T);
25 return res;
26 }
27 } // namespace
28
29 class FuzzyFrameObject : public video_coding::FrameObject {
30 public:
31 FuzzyFrameObject() {}
32 ~FuzzyFrameObject() {}
33
34 bool GetBitstream(uint8_t* destination) const override { return false; }
35 uint32_t Timestamp() const override { return timestamp; }
36 int64_t ReceivedTime() const override { return 0; }
37 int64_t RenderTime() const override { return _renderTimeMs; }
38 };
39
40 void FuzzOneInput(const uint8_t* data, size_t size) {
41 Clock* clock = Clock::GetRealTimeClock();
42 VCMJitterEstimator jitter_estimator(clock, 0, 0);
43 VCMTiming timing(clock);
44 video_coding::FrameBuffer frame_buffer(clock, &jitter_estimator, &timing,
45 nullptr);
46
47 size_t offset = 0;
48 while (true) {
49 if (offset + 1 >= size)
50 return;
51
52 if (ReadNum<uint8_t>(data, &offset, size) & 1) {
53 if (offset + 14 >= size)
54 return;
55
56 std::unique_ptr<FuzzyFrameObject> frame(new FuzzyFrameObject());
57 frame->picture_id = ReadNum<int64_t>(data, &offset, size);
58 frame->spatial_layer = ReadNum<uint8_t>(data, &offset, size) & 7;
59 frame->timestamp = ReadNum<uint32_t>(data, &offset, size);
60 frame->num_references = ReadNum<uint8_t>(data, &offset, size) % 6;
61
62 if (offset + frame->num_references * 8 >= size)
63 return;
64 for (size_t r = 0; r < frame->num_references; ++r)
65 frame->references[r] = ReadNum<int64_t>(data, &offset, size);
66
67 frame_buffer.InsertFrame(std::move(frame));
68
69 } else {
70 if (offset + 1 >= size)
71 return;
72
73 int64_t wait_ms = ReadNum<uint8_t>(data, &offset, size) & 7;
74 std::unique_ptr<video_coding::FrameObject> frame(new FuzzyFrameObject());
75
76 frame_buffer.NextFrame(wait_ms, &frame);
77 }
78 }
79 }
80
81 } // namespace webrtc
OLDNEW
« no previous file with comments | « test/fuzzers/BUILD.gn ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698