admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update fuzzer max input length handling

Browse Source 
The docs have been updated. max_len is libfuzzer specific, new way is
fuzzer agnostic.

Docs:
https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/getting_started.md#improving-your-fuzz-target

Bug: chromium:895082
Test: flexfec_sender_fuzzer input size still converges at <=200 after running locally for 5-10 minutes.
Change-Id: I7a5ce95cb4d8b8ca461f6e502b81b599daa855f9
Reviewed-on: https://webrtc-review.googlesource.com/c/107883
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25361}
This commit is contained in:
Sam Zackrisson 2018-10-25 13:46:26 +02:00 committed by Commit Bot
parent ddc84e9819
commit 262047055d
17 changed files with 41 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
test/fuzzers/BUILD.gn
View File

@ -125,7 +125,6 @@ webrtc_fuzzer_test("forward_error_correction_fuzzer") {
"../../modules/rtp_rtcp:rtp_rtcp_format",
"../../rtc_base:rtc_base_approved",
]
libfuzzer_options = [ "max_len=5000" ]
}
webrtc_fuzzer_test("flexfec_header_reader_fuzzer") {
@ -148,7 +147,6 @@ webrtc_fuzzer_test("flexfec_sender_fuzzer") {
"../../modules/rtp_rtcp:rtp_rtcp_format",
"../../system_wrappers",
]
libfuzzer_options = [ "max_len=200" ]
}
webrtc_fuzzer_test("ulpfec_header_reader_fuzzer") {
@ -186,7 +184,6 @@ webrtc_fuzzer_test("ulpfec_receiver_fuzzer") {
"../../modules/rtp_rtcp:rtp_rtcp_format",
"../../rtc_base:rtc_base_approved",
]
libfuzzer_options = [ "max_len=2000" ]
}
webrtc_fuzzer_test("flexfec_receiver_fuzzer") {
@ -198,7 +195,6 @@ webrtc_fuzzer_test("flexfec_receiver_fuzzer") {
"../../modules/rtp_rtcp:rtp_rtcp_format",
"../../rtc_base:rtc_base_approved",
]
libfuzzer_options = [ "max_len=2000" ]
}
webrtc_fuzzer_test("packet_buffer_fuzzer") {
@ -209,7 +205,6 @@ webrtc_fuzzer_test("packet_buffer_fuzzer") {
"../../modules/video_coding/",
"../../system_wrappers",
]
libfuzzer_options = [ "max_len=200000" ]
}
webrtc_fuzzer_test("rtcp_receiver_fuzzer") {
@ -283,8 +278,6 @@ webrtc_fuzzer_test("audio_decoder_ilbc_fuzzer") {
":audio_decoder_fuzzer",
"../../modules/audio_coding:ilbc",
]
libfuzzer_options = [ "max_len=10000" ]
}
webrtc_fuzzer_test("audio_decoder_isac_fuzzer") {
@ -295,8 +288,6 @@ webrtc_fuzzer_test("audio_decoder_isac_fuzzer") {
":audio_decoder_fuzzer",
"../../modules/audio_coding:isac",
]
libfuzzer_options = [ "max_len=20000" ]
}
webrtc_fuzzer_test("audio_decoder_isac_incoming_packet_fuzzer") {
@ -307,8 +298,6 @@ webrtc_fuzzer_test("audio_decoder_isac_incoming_packet_fuzzer") {
":audio_decoder_fuzzer",
"../../modules/audio_coding:isac",
]
libfuzzer_options = [ "max_len=20000" ]
}
webrtc_fuzzer_test("audio_decoder_isacfix_fuzzer") {
@ -319,8 +308,6 @@ webrtc_fuzzer_test("audio_decoder_isacfix_fuzzer") {
":audio_decoder_fuzzer",
"../../modules/audio_coding:isac_fix",
]
libfuzzer_options = [ "max_len=20000" ]
}
webrtc_fuzzer_test("audio_decoder_opus_fuzzer") {
@ -379,8 +366,6 @@ webrtc_fuzzer_test("neteq_rtp_fuzzer") {
"../../rtc_base:rtc_base_approved",
"../../rtc_base:rtc_base_tests_utils",
]
libfuzzer_options = [ "max_len=100000" ]
}
webrtc_fuzzer_test("neteq_signal_fuzzer") {
@ -396,8 +381,6 @@ webrtc_fuzzer_test("neteq_signal_fuzzer") {
"../../rtc_base:rtc_base_approved",
"../../rtc_base:rtc_base_tests_utils",
]
libfuzzer_options = [ "max_len=90000" ]
}
webrtc_fuzzer_test("residual_echo_detector_fuzzer") {
@ -420,7 +403,6 @@ webrtc_fuzzer_test("sdp_parser_fuzzer") {
"../../pc:libjingle_peerconnection",
]
seed_corpus = "corpora/sdp-corpus"
libfuzzer_options = [ "max_len=16384" ]
}
webrtc_fuzzer_test("stun_parser_fuzzer") {
@ -527,7 +509,6 @@ webrtc_fuzzer_test("agc_fuzzer") {
]
seed_corpus = "corpora/agc-corpus"
libfuzzer_options = [ "max_len=200000" ]
}
webrtc_fuzzer_test("comfort_noise_decoder_fuzzer") {
@ -539,8 +520,6 @@ webrtc_fuzzer_test("comfort_noise_decoder_fuzzer") {
"../../modules/audio_coding:cng",
"../../rtc_base:rtc_base_approved",
]
libfuzzer_options = [ "max_len=5000" ]
}
webrtc_fuzzer_test("rtp_frame_reference_finder_fuzzer") {
@ -553,7 +532,6 @@ webrtc_fuzzer_test("rtp_frame_reference_finder_fuzzer") {
"../../system_wrappers",
"//third_party/abseil-cpp/absl/memory",
]
libfuzzer_options = [ "max_len=20000" ]
}
webrtc_fuzzer_test("frame_buffer2_fuzzer") {
@ -564,5 +542,4 @@ webrtc_fuzzer_test("frame_buffer2_fuzzer") {
"../../modules/video_coding/",
"../../system_wrappers:system_wrappers",
]
libfuzzer_options = [ "max_len=10000" ]
}

3
test/fuzzers/agc_fuzzer.cc
View File

@ -109,6 +109,9 @@ void FuzzGainController(test::FuzzDataHelper* fuzz_data, GainControlImpl* gci) {
} // namespace
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 200000) {
return;
}
test::FuzzDataHelper fuzz_data(rtc::ArrayView<const uint8_t>(data, size));
rtc::CriticalSection crit_capture;
rtc::CriticalSection crit_render;

3
test/fuzzers/audio_decoder_ilbc_fuzzer.cc
View File

@ -13,6 +13,9 @@
namespace webrtc {
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 10000) {
return;
}
AudioDecoderIlbcImpl dec;
static const int kSampleRateHz = 8000;
static const size_t kAllocatedOuputSizeSamples = kSampleRateHz / 10;

3
test/fuzzers/audio_decoder_isac_fuzzer.cc
View File

@ -13,6 +13,9 @@
namespace webrtc {
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 20000) {
return;
}
const int sample_rate_hz = size % 2 == 0 ? 16000 : 32000; // 16 or 32 kHz.
static const size_t kAllocatedOuputSizeSamples = 32000 / 10; // 100 ms.
int16_t output[kAllocatedOuputSizeSamples];

3
test/fuzzers/audio_decoder_isac_incoming_packet_fuzzer.cc
View File

@ -13,6 +13,9 @@
namespace webrtc {
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 20000) {
return;
}
AudioDecoderIsacFloatImpl dec(16000);
FuzzAudioDecoderIncomingPacket(data, size, &dec);
}

3
test/fuzzers/audio_decoder_isacfix_fuzzer.cc
View File

@ -13,6 +13,9 @@
namespace webrtc {
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 20000) {
return;
}
static const int kSampleRateHz = 16000;
static const size_t kAllocatedOuputSizeSamples = 16000 / 10; // 100 ms.
int16_t output[kAllocatedOuputSizeSamples];

3
test/fuzzers/comfort_noise_decoder_fuzzer.cc
View File

@ -50,6 +50,9 @@ void FuzzOneInputTest(rtc::ArrayView<const uint8_t> data) {
} // namespace test
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 5000) {
return;
}
test::FuzzOneInputTest(rtc::ArrayView<const uint8_t>(data, size));
}

2
test/fuzzers/flexfec_receiver_fuzzer.cc
View File

@ -25,7 +25,7 @@ class DummyCallback : public RecoveredPacketReceiver {
void FuzzOneInput(const uint8_t* data, size_t size) {
constexpr size_t kMinDataNeeded = 12;
if (size < kMinDataNeeded) {
if (size < kMinDataNeeded || size > 2000) {
return;
}

3
test/fuzzers/flexfec_sender_fuzzer.cc
View File

@ -31,10 +31,9 @@ const std::vector<RtpExtensionSize> kNoRtpHeaderExtensionSizes;
void FuzzOneInput(const uint8_t* data, size_t size) {
size_t i = 0;
if (size < 5) {
if (size < 5 || size > 200) {
return;
}
SimulatedClock clock(1 + data[i++]);
FlexfecSender sender(kFlexfecPayloadType, kFlexfecSsrc, kMediaSsrc, kNoMid,
kNoRtpHeaderExtensions, kNoRtpHeaderExtensionSizes,

3
test/fuzzers/forward_error_correction_fuzzer.cc
View File

@ -26,6 +26,9 @@ constexpr size_t kMaxPacketsInBuffer = 48;
} // namespace
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 5000) {
return;
}
// Object under test.
std::unique_ptr<ForwardErrorCorrection> fec =
ForwardErrorCorrection::CreateFlexfec(kFecSsrc, kMediaSsrc);

3
test/fuzzers/frame_buffer2_fuzzer.cc
View File

@ -63,6 +63,9 @@ class FuzzyFrameObject : public video_coding::EncodedFrame {
} // namespace
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 10000) {
return;
}
DataReader reader(data, size);
Clock* clock = Clock::GetRealTimeClock();
VCMJitterEstimator jitter_estimator(clock, 0, 0);

3
test/fuzzers/neteq_rtp_fuzzer.cc
View File

@ -146,6 +146,9 @@ void FuzzOneInputTest(const uint8_t* data, size_t size) {
} // namespace test
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 100000) {
return;
}
test::FuzzOneInputTest(data, size);
}

3
test/fuzzers/neteq_signal_fuzzer.cc
View File

@ -140,8 +140,9 @@ class FuzzSignalInput : public NetEqInput {
} // namespace
void FuzzOneInputTest(const uint8_t* data, size_t size) {
if (size < 1)
if (size < 1 || size > 90000) {
return;
}
FuzzDataHelper fuzz_data(rtc::ArrayView<const uint8_t>(data, size));

3
test/fuzzers/packet_buffer_fuzzer.cc
View File

@ -21,6 +21,9 @@ class NullCallback : public video_coding::OnReceivedFrameCallback {
} // namespace
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 200000) {
return;
}
VCMPacket packet;
NullCallback callback;
SimulatedClock clock(0);

3
test/fuzzers/rtp_frame_reference_finder_fuzzer.cc
View File

@ -101,6 +101,9 @@ class FuzzyPacketBuffer : public video_coding::PacketBuffer {
} // namespace
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 20000) {
return;
}
DataReader reader(data, size);
rtc::scoped_refptr<FuzzyPacketBuffer> pb(new FuzzyPacketBuffer(&reader));
NullCallback cb;

3
test/fuzzers/sdp_parser_fuzzer.cc
View File

@ -15,6 +15,9 @@
namespace webrtc {
void FuzzOneInput(const uint8_t* data, size_t size) {
if (size > 16384) {
return;
}
std::string message(reinterpret_cast<const char*>(data), size);
webrtc::SdpParseError error;

2
test/fuzzers/ulpfec_receiver_fuzzer.cc
View File

@ -25,7 +25,7 @@ class DummyCallback : public RecoveredPacketReceiver {
void FuzzOneInput(const uint8_t* data, size_t size) {
constexpr size_t kMinDataNeeded = 12;
if (size < kMinDataNeeded) {
if (size < kMinDataNeeded || size > 2000) {
return;
}