admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing fuzzer by backing up and restoring packet_info.

Browse Source 
This change fixes `packet_buffer_fuzzer` so that it doesn't attempt to fuzz `std::vector`.

Bug: chromium:977309 chromium:977411 chromium:977421 chromium:977422 chromium:977454 chromium:977455 chromium:977477 chromium:977457
Change-Id: I0845d7f53008606c2a8b5943ef58fd35a9eb1085
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/143171
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Chen Xing <chxg@google.com>
Cr-Commit-Position: refs/heads/master@{#28344}
This commit is contained in:
Chen Xing 2019-06-21 10:48:59 +02:00 committed by Commit Bot
parent 214f54365e
commit 9aa870a2d1
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
test/fuzzers/packet_buffer_fuzzer.cc
View File

@ -32,23 +32,27 @@ void FuzzOneInput(const uint8_t* data, size_t size) {
test::FuzzDataHelper helper(rtc::ArrayView<const uint8_t>(data, size));
while (helper.BytesLeft()) {
// The RTPVideoHeader is a complex type, so overwriting it with random data
// will put it in an invalid state. Therefore we save/restore it.
// Complex types (e.g. non-POD-like types) can't be bit-wise fuzzed with
// random data or it will put them in an invalid state. We therefore backup
// their byte-patterns before the fuzzing and restore them after.
uint8_t video_header_backup[sizeof(packet.video_header)];
memcpy(&video_header_backup, &packet.video_header,
sizeof(packet.video_header));
uint8_t generic_descriptor_backup[sizeof(packet.generic_descriptor)];
memcpy(&generic_descriptor_backup, &packet.generic_descriptor,
sizeof(packet.generic_descriptor));
uint8_t packet_info_backup[sizeof(packet.packet_info)];
memcpy(&packet_info_backup, &packet.packet_info,
sizeof(packet.packet_info));
helper.CopyTo(&packet);
memcpy(&packet.video_header, &video_header_backup,
sizeof(packet.video_header));
memcpy(&packet.generic_descriptor, &generic_descriptor_backup,
sizeof(packet.generic_descriptor));
memcpy(&packet.packet_info, &packet_info_backup,
sizeof(packet.packet_info));
// The packet buffer owns the payload of the packet.
uint8_t payload_size;