From ade5cb82948827b0cf89ea4dd2ce7af6e0afcfed Mon Sep 17 00:00:00 2001 From: Benjamin Wright Date: Tue, 12 Mar 2019 10:56:05 -0700 Subject: [PATCH] Field trial fuzzer. This simple fuzzer is intended to detect potential issues in the field trial parsing code. Since these can be set by the browser it is better to have some fuzzing coverage around this area. Bug: webrtc:10395 Change-Id: I1b8b859d2107a0bc99cb7520cf0ef96f3d110547 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/127121 Commit-Queue: Benjamin Wright Reviewed-by: Qingsi Wang Cr-Commit-Position: refs/heads/master@{#27087} --- test/fuzzers/BUILD.gn | 10 ++++++++ .../corpora/field_trial-corpus/field-trial-0 | 1 + .../corpora/field_trial-corpus/field-trial-1 | 1 + .../corpora/field_trial-corpus/field-trial-2 | 1 + test/fuzzers/field_trial_fuzzer.cc | 25 +++++++++++++++++++ 5 files changed, 38 insertions(+) create mode 100644 test/fuzzers/corpora/field_trial-corpus/field-trial-0 create mode 100644 test/fuzzers/corpora/field_trial-corpus/field-trial-1 create mode 100644 test/fuzzers/corpora/field_trial-corpus/field-trial-2 create mode 100644 test/fuzzers/field_trial_fuzzer.cc diff --git a/test/fuzzers/BUILD.gn b/test/fuzzers/BUILD.gn index aeb79a1330..acd0a3b3a4 100644 --- a/test/fuzzers/BUILD.gn +++ b/test/fuzzers/BUILD.gn @@ -558,3 +558,13 @@ webrtc_fuzzer_test("url_decode_fuzzer") { "../../rtc_base:rtc_base_approved", ] } + +webrtc_fuzzer_test("field_trial_fuzzer") { + sources = [ + "field_trial_fuzzer.cc", + ] + deps = [ + "../../system_wrappers:field_trial", + ] + seed_corpus = "corpora/field_trial-corpus" +} diff --git a/test/fuzzers/corpora/field_trial-corpus/field-trial-0 b/test/fuzzers/corpora/field_trial-corpus/field-trial-0 new file mode 100644 index 0000000000..73e1d22f10 --- /dev/null +++ b/test/fuzzers/corpora/field_trial-corpus/field-trial-0 @@ -0,0 +1 @@ +WebRTC-DecoderDataDumpDirectory/Enabled/ diff --git a/test/fuzzers/corpora/field_trial-corpus/field-trial-1 b/test/fuzzers/corpora/field_trial-corpus/field-trial-1 new file mode 100644 index 0000000000..997888a6fd --- /dev/null +++ b/test/fuzzers/corpora/field_trial-corpus/field-trial-1 @@ -0,0 +1 @@ +WebRTC-DecoderDataDumpDirectory/Disabled/ diff --git a/test/fuzzers/corpora/field_trial-corpus/field-trial-2 b/test/fuzzers/corpora/field_trial-corpus/field-trial-2 new file mode 100644 index 0000000000..7e897a418d --- /dev/null +++ b/test/fuzzers/corpora/field_trial-corpus/field-trial-2 @@ -0,0 +1 @@ +WebRTC-DecoderDataDumpDirectory/Disabled/WebRTC-IPv6Default/Enabled/ diff --git a/test/fuzzers/field_trial_fuzzer.cc b/test/fuzzers/field_trial_fuzzer.cc new file mode 100644 index 0000000000..34a0d4ae23 --- /dev/null +++ b/test/fuzzers/field_trial_fuzzer.cc @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2019 The WebRTC project authors. All Rights Reserved. + * + * Use of this source code is governed by a BSD-style license + * that can be found in the LICENSE file in the root of the source + * tree. An additional intellectual property rights grant can be found + * in the file PATENTS. All contributing project authors may + * be found in the AUTHORS file in the root of the source tree. + */ + +#include +#include +#include + +#include "system_wrappers/include/field_trial.h" + +namespace webrtc { + +void FuzzOneInput(const uint8_t* data, size_t size) { + std::string field_trial(reinterpret_cast(data), size); + field_trial::InitFieldTrialsFromString(field_trial.c_str()); + field_trial::FindFullName(field_trial); +} + +} // namespace webrtc