From 9410217413ecbef9d2828e272dc0fed40f0c937b Mon Sep 17 00:00:00 2001
From: Victor Boivie <boivie@webrtc.org>
Date: Thu, 8 Apr 2021 16:50:06 +0200
Subject: [PATCH] dcsctp: Add SCTP packet fuzzer

This fuzzer explores the SCTP parsing, as well as the individual
chunks, as a successfully parsed packet will have its chunks iterated
over and formatted using ToString.

Bug: webrtc:12614
Change-Id: I88f703c5f79e4775a069b1d5439d413870f6a629
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/214490
Reviewed-by: Tommi <tommi@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#33670}
---
 test/fuzzers/BUILD.gn                |  9 +++++++++
 test/fuzzers/DEPS                    |  1 +
 test/fuzzers/dcsctp_packet_fuzzer.cc | 29 ++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 test/fuzzers/dcsctp_packet_fuzzer.cc

diff --git a/test/fuzzers/BUILD.gn b/test/fuzzers/BUILD.gn
index e08ba3cd99..5627a1befc 100644
--- a/test/fuzzers/BUILD.gn
+++ b/test/fuzzers/BUILD.gn
@@ -613,6 +613,15 @@ webrtc_fuzzer_test("sctp_utils_fuzzer") {
   ]
 }
 
+webrtc_fuzzer_test("dcsctp_packet_fuzzer") {
+  sources = [ "dcsctp_packet_fuzzer.cc" ]
+  deps = [
+    "../../net/dcsctp/packet:chunk",
+    "../../net/dcsctp/packet:sctp_packet",
+    "../../rtc_base:rtc_base_approved",
+  ]
+}
+
 webrtc_fuzzer_test("rtp_header_parser_fuzzer") {
   sources = [ "rtp_header_parser_fuzzer.cc" ]
   deps = [ "../:rtp_test_utils" ]
diff --git a/test/fuzzers/DEPS b/test/fuzzers/DEPS
index 82631c4a1b..50b1c8adce 100644
--- a/test/fuzzers/DEPS
+++ b/test/fuzzers/DEPS
@@ -1,4 +1,5 @@
 include_rules = [
   "+audio",
   "+pc",
+  "+net/dcsctp",
 ]
diff --git a/test/fuzzers/dcsctp_packet_fuzzer.cc b/test/fuzzers/dcsctp_packet_fuzzer.cc
new file mode 100644
index 0000000000..2fc3fe10f1
--- /dev/null
+++ b/test/fuzzers/dcsctp_packet_fuzzer.cc
@@ -0,0 +1,29 @@
+/*
+ *  Copyright (c) 2021 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+#include "net/dcsctp/packet/chunk/chunk.h"
+#include "net/dcsctp/packet/sctp_packet.h"
+
+namespace webrtc {
+using dcsctp::SctpPacket;
+
+void FuzzOneInput(const uint8_t* data, size_t size) {
+  absl::optional<SctpPacket> c =
+      SctpPacket::Parse(rtc::ArrayView<const uint8_t>(data, size),
+                        /*disable_checksum_verification=*/true);
+
+  if (!c.has_value()) {
+    return;
+  }
+
+  for (const SctpPacket::ChunkDescriptor& desc : c->descriptors()) {
+    dcsctp::DebugConvertChunkToString(desc.data);
+  }
+}
+}  // namespace webrtc