This is a collection of corpora for various WebRTC fuzzers. To use
them, the gn targets define seed_corpus=$corpus_dir, which causes the
ClusterFuzz upload bot to bundle $corpus_dir and upload it.
The format is simple: one file per test case. Specific notes are
included below.
### SDP ###
This corpus was initially assembled manually from the following
sources:
- curl --silent https://www.ietf.org/rfc/rfc4317.txt | grep '^[ a-z]*=[^=]*$' | sed 's/^[[:space:]]*//' | awk -v RS='(^|\n)v=' '/./ {print "v="$0 > NR".sdp"}'
- all the SDPs used in the parser unit tests
- some manually gathered SDPs from Firefox and Opera
The SDP tokens come from:
- grep "^static const " webrtc/api/webrtcsdp.cc | cut -d'=' -f2 | cut -d ';' -f1 | tr -d '"' | tr -d "'" | tr -d ' ' | sort -u | grep -v '^(\n|\r|\r\n)$|^$' | sed -e 's/^/"/' -e 's/$/"/' | tail -n +2
### STUN ###
This corpus was initially assembled from the STUN unit tests, together
with a crash that it found relatively quickly.
### RT(C)P ###
This corpus was initially assembled from the unittests. RTCP was
minimised first.
There is also rt(c?)p-corpus-with-extra-byte, in which each sample is
prefixed by the byte 0xff. Some of the rtp fuzzers need to decide
which header extensions to enable, and the first byte of the fuzz data
is used for this.
### PseudoTCP ###
Very small corpus minimised from the unit tests.
38c15d3995