From f5c3ba15f0959bc8b29de03d8f2c496daaf63beb Mon Sep 17 00:00:00 2001 From: Alex Loiko Date: Mon, 25 Jun 2018 15:31:37 +0200 Subject: [PATCH] Fuzz more kinds of floats in the APM fuzzer. Previously, the fuzzer read a int16_t and converted to float. That is how float audio samples were generated. This CL changes the fuzzer to read floats directly, and then sanitize them. Bug: webrtc:7820 Change-Id: Icc526611466c10dd4222b19a4d4b4fd26643812a Reviewed-on: https://webrtc-review.googlesource.com/85343 Commit-Queue: Alex Loiko Reviewed-by: Sam Zackrisson Cr-Commit-Position: refs/heads/master@{#24001} --- .../fuzzers/audio_processing_fuzzer_helper.cc | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/test/fuzzers/audio_processing_fuzzer_helper.cc b/test/fuzzers/audio_processing_fuzzer_helper.cc index a1e25b5266..9989111c4d 100644 --- a/test/fuzzers/audio_processing_fuzzer_helper.cc +++ b/test/fuzzers/audio_processing_fuzzer_helper.cc @@ -21,6 +21,10 @@ namespace webrtc { namespace { +bool ValidForApm(float x) { + return std::isfinite(x) && -1.0f <= x && x <= 1.0f; +} + void GenerateFloatFrame(test::FuzzDataHelper* fuzz_data, size_t input_rate, size_t num_channels, @@ -29,10 +33,19 @@ void GenerateFloatFrame(test::FuzzDataHelper* fuzz_data, rtc::CheckedDivExact(input_rate, 100ul); RTC_DCHECK_LE(samples_per_input_channel, 480); for (size_t i = 0; i < num_channels; ++i) { + std::fill(float_frames[i], float_frames[i] + samples_per_input_channel, 0); + const size_t read_bytes = sizeof(float) * samples_per_input_channel; + if (fuzz_data->CanReadBytes(read_bytes)) { + rtc::ArrayView byte_array = + fuzz_data->ReadByteArray(read_bytes); + memmove(float_frames[i], byte_array.begin(), read_bytes); + } + + // Sanitize input. for (size_t j = 0; j < samples_per_input_channel; ++j) { - float_frames[i][j] = - static_cast(fuzz_data->ReadOrDefaultValue(0)) / - static_cast(std::numeric_limits::max()); + if (!ValidForApm(float_frames[i][j])) { + float_frames[i][j] = 0.f; + } } } }