From c71cd6c31d2712cea0cd15a22ade2b6764f7794b Mon Sep 17 00:00:00 2001 From: philipel Date: Wed, 3 Oct 2018 15:22:51 +0200 Subject: [PATCH] Don't ovewrite complex member VCMPacket::generic_descriptor when fuzzing. In https://webrtc-review.googlesource.com/c/src/+/102720 a new complex member was added to VCMPacket. This member was overwritten with random data in the fuzzer, which put it in an invalid state. To avoid that we save/restore it. Bug: chromium:891597 Change-Id: I7b489afa727a028a542fbec55a4ee27ac54fa698 Reviewed-on: https://webrtc-review.googlesource.com/c/103462 Reviewed-by: Alex Loiko Commit-Queue: Philip Eliasson Cr-Commit-Position: refs/heads/master@{#24972} --- test/fuzzers/packet_buffer_fuzzer.cc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/fuzzers/packet_buffer_fuzzer.cc b/test/fuzzers/packet_buffer_fuzzer.cc index b500f92b40..8ad21e1417 100644 --- a/test/fuzzers/packet_buffer_fuzzer.cc +++ b/test/fuzzers/packet_buffer_fuzzer.cc @@ -34,11 +34,18 @@ void FuzzOneInput(const uint8_t* data, size_t size) { memcpy(&video_header_backup, &packet.video_header, sizeof(packet.video_header)); + uint8_t generic_descriptor_backup[sizeof(packet.generic_descriptor)]; + memcpy(&generic_descriptor_backup, &packet.generic_descriptor, + sizeof(packet.generic_descriptor)); + helper.CopyTo(&packet); memcpy(&packet.video_header, &video_header_backup, sizeof(packet.video_header)); + memcpy(&packet.generic_descriptor, &generic_descriptor_backup, + sizeof(packet.generic_descriptor)); + // The packet buffer owns the payload of the packet. uint8_t payload_size; helper.CopyTo(&payload_size);