a5d952f4be
Reland with fixes for fuzzer found crashes. This refactoring helps to reduce unnecessary memcpy calls on the receive side. This CL replaces |uint8 data[IP_PACKET_SIZE]| with |rtc::CopyOnWriteBuffer data| in Packet class, removes |length| field there, and does necessary changes. Original Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/145332 Bug: webrtc:10750 Change-Id: I6775a701bcb2ae25ec1666e1db90041cd49013b7 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/151131 Reviewed-by: Rasmus Brandt <brandtr@webrtc.org> Reviewed-by: Stefan Holmer <stefan@webrtc.org> Reviewed-by: Ilya Nikolaevskiy <ilnik@webrtc.org> Commit-Queue: Ilya Nikolaevskiy <ilnik@webrtc.org> Cr-Commit-Position: refs/heads/master@{#29116}
67 lines
2.4 KiB
C++
67 lines
2.4 KiB
C++
/*
|
|
* Copyright (c) 2015 The WebRTC project authors. All Rights Reserved.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license
|
|
* that can be found in the LICENSE file in the root of the source
|
|
* tree. An additional intellectual property rights grant can be found
|
|
* in the file PATENTS. All contributing project authors may
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
*/
|
|
|
|
#include <memory>
|
|
|
|
#include "modules/include/module_common_types_public.h"
|
|
#include "modules/rtp_rtcp/source/byte_io.h"
|
|
#include "modules/rtp_rtcp/source/fec_test_helper.h"
|
|
#include "modules/rtp_rtcp/source/ulpfec_generator.h"
|
|
#include "rtc_base/checks.h"
|
|
#include "rtc_base/copy_on_write_buffer.h"
|
|
|
|
namespace webrtc {
|
|
|
|
namespace {
|
|
constexpr uint8_t kFecPayloadType = 96;
|
|
constexpr uint8_t kRedPayloadType = 97;
|
|
} // namespace
|
|
|
|
void FuzzOneInput(const uint8_t* data, size_t size) {
|
|
UlpfecGenerator generator;
|
|
size_t i = 0;
|
|
if (size < 4)
|
|
return;
|
|
FecProtectionParams params = {
|
|
data[i++] % 128, static_cast<int>(data[i++] % 10), kFecMaskBursty};
|
|
generator.SetFecParameters(params);
|
|
uint16_t seq_num = data[i++];
|
|
uint16_t prev_seq_num = 0;
|
|
while (i + 3 < size) {
|
|
size_t rtp_header_length = data[i++] % 10 + 12;
|
|
size_t payload_size = data[i++] % 10;
|
|
if (i + payload_size + rtp_header_length + 2 > size)
|
|
break;
|
|
rtc::CopyOnWriteBuffer packet(&data[i], payload_size + rtp_header_length);
|
|
packet.EnsureCapacity(IP_PACKET_SIZE);
|
|
// Make sure sequence numbers are increasing.
|
|
ByteWriter<uint16_t>::WriteBigEndian(&packet[2], seq_num++);
|
|
i += payload_size + rtp_header_length;
|
|
const bool protect = data[i++] % 2 == 1;
|
|
|
|
// Check the sequence numbers are monotonic. In rare case the packets number
|
|
// may loop around and in the same FEC-protected group the packet sequence
|
|
// number became out of order.
|
|
if (protect && IsNewerSequenceNumber(seq_num, prev_seq_num) &&
|
|
seq_num < prev_seq_num + kUlpfecMaxMediaPackets) {
|
|
generator.AddRtpPacketAndGenerateFec(packet, rtp_header_length);
|
|
prev_seq_num = seq_num;
|
|
}
|
|
const size_t num_fec_packets = generator.NumAvailableFecPackets();
|
|
if (num_fec_packets > 0) {
|
|
std::vector<std::unique_ptr<RedPacket>> fec_packets =
|
|
generator.GetUlpfecPacketsAsRed(kRedPayloadType, kFecPayloadType,
|
|
100);
|
|
RTC_CHECK_EQ(num_fec_packets, fec_packets.size());
|
|
}
|
|
}
|
|
}
|
|
} // namespace webrtc
|