diff --git a/test/fuzzers/BUILD.gn b/test/fuzzers/BUILD.gn index c5c0a70363..69c4d3d29f 100644 --- a/test/fuzzers/BUILD.gn +++ b/test/fuzzers/BUILD.gn @@ -600,6 +600,7 @@ webrtc_fuzzer_test("frame_buffer3_fuzzer") { "../../api:array_view", "../../api/video:encoded_frame", "../../modules/video_coding:frame_buffer", + "../../rtc_base:rtc_numerics", ] } diff --git a/test/fuzzers/frame_buffer3_fuzzer.cc b/test/fuzzers/frame_buffer3_fuzzer.cc index 6fe42ca785..75906ac24e 100644 --- a/test/fuzzers/frame_buffer3_fuzzer.cc +++ b/test/fuzzers/frame_buffer3_fuzzer.cc @@ -11,6 +11,7 @@ #include "api/array_view.h" #include "api/video/encoded_frame.h" #include "modules/video_coding/frame_buffer3.h" +#include "rtc_base/numerics/sequence_number_util.h" #include "test/fuzzers/fuzz_data_helper.h" namespace webrtc { @@ -20,6 +21,9 @@ class FuzzyFrameObject : public EncodedFrame { int64_t ReceivedTime() const override { return 0; } int64_t RenderTime() const override { return 0; } }; + +constexpr int kFrameIdLength = 1 << 15; + } // namespace void FuzzOneInput(const uint8_t* data, size_t size) { @@ -29,6 +33,7 @@ void FuzzOneInput(const uint8_t* data, size_t size) { FrameBuffer buffer(/*max_frame_slots=*/100, /*max_decode_history=*/1000); test::FuzzDataHelper helper(rtc::MakeArrayView(data, size)); + SeqNumUnwrapper unwrapper; while (helper.BytesLeft() > 0) { int action = helper.ReadOrDefaultValue(0) % 7; @@ -61,7 +66,9 @@ void FuzzOneInput(const uint8_t* data, size_t size) { case 6: { auto frame = std::make_unique(); frame->SetTimestamp(helper.ReadOrDefaultValue(0)); - frame->SetId(helper.ReadOrDefaultValue(0)); + int64_t wire_id = + helper.ReadOrDefaultValue(0) & (kFrameIdLength - 1); + frame->SetId(unwrapper.Unwrap(wire_id)); frame->is_last_spatial_layer = helper.ReadOrDefaultValue(false); frame->num_references = helper.ReadOrDefaultValue(0) %