The fuzzer can either pass random utf-8 into the SDP parser or swap lines in the generated SDP offer or answer. I've tried to implement the fuzzer so that all random choices are coded into the javascript page so that the sole source of randomness is in the fuzzer program. I initially tried to load stored sample SDP offers and fuzz them in the fuzzer program, but it didn't work since the SDP message seems to contain some magic checksum that causes the parser to choke quickly.
There's a lot of ideas for follow up patches:
- Fuzz ALL input parameters to ALL functions, not just SDP
- Swap letters/words in SDP messages
- Insert random location.reload() anywhere in the call sequence
- Swap lines in the call sequence itself
BUG=
Review URL: https://webrtc-codereview.appspot.com/784004
git-svn-id: http://webrtc.googlecode.com/svn/trunk@2772 4adac7df-926f-26a2-2b94-8c16560cd09d
