Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1757603002:
media: Add media pipeline fuzzer test. (Closed)
Descriptionmedia: Add media pipeline fuzzer test.
BUG=584119
TEST=Add a fuzzer test.
Committed: https://crrev.com/2fe13fa6192debf74dc920d02a3396d8f3529574
Cr-Commit-Position: refs/heads/master@{#378679}
Patch Set 1 #Patch Set 2 : rebase only #
Total comments: 10
Patch Set 3 : comments addressed #
Messages
Total messages: 20 (3 generated)
rebase only
xhwang@chromium.org changed reviewers: + dalecurtis@chromium.org, kcc@chromium.org
kcc: Please review from fuzzer's perspective. dalecurtis: Please review from media's perspective. jrummell: FYI https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... File testing/libfuzzer/fuzzers/BUILD.gn (right): https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/BUILD.gn:97: "//ui/gfx:test_support", Dale: Without //ui/gfx:test_support, I am getting the following error: ../../testing/gtest/include/gtest/gtest-printers.h:707: error: undefined reference to 'gfx::PrintTo(gfx::Size const&, std::__1::basic_ostream<char, std::__1::char_traits<char> >*)' Any idea where this is coming from? https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... File testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc (right): https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:1: // Copyright 2016 The Chromium Authors. All rights reserved. What's the recommendation about the location of this file? Shall I put it here so it's together with all fuzzer tests, or shall I put it in media/ same as jrummell@ did for media/base/container_names_fuzzertest.cc?
Yeah I think this should just go in "media/test/pipeline_integration_fuzzertest.cc" lgtm if you switch to that file name and location.
https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... File testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc (right): https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:1: // Copyright 2016 The Chromium Authors. All rights reserved. My recommendation is to keep the fuzzing targets closer to their code (i.e. in media/) https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:21: DVLOG(1) << "Start"; No logging please -- it just slows down fuzzing.
I heard from jrummell@ that there's file size limit of about 10kB. But given the nature of this test, our test media files are typically way over 10kB (see https://chrome-internal.googlesource.com/chrome/data/media#). Also many of these files caused security issues before so we can't simply reencode them. What's the recommended way to work around the file size limit?
On 2016/03/02 01:01:09, xhwang wrote: > I heard from jrummell@ that there's file size limit of about 10kB. But given the > nature of this test, our test media files are typically way over 10kB (see > https://chrome-internal.googlesource.com/chrome/data/media). Also many of these > files caused security issues before so we can't simply reencode them. What's the > recommended way to work around the file size limit? 10kb is just the default size limit, we can use any limit we like (but with very large limits fuzzing is slower). ochang@ should know better about ClusterFuzz's size limits. Also, do you have a corpus of input files for this target somewhere in the repository?
https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... File testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc (right): https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:17: base::CommandLine::Init(0, NULL); nullptr ? https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:34: test.Seek(base::TimeDelta::FromMilliseconds(0)); Also just base::TimeDelta() here.
On 2016/03/02 01:03:24, kcc2 wrote: > On 2016/03/02 01:01:09, xhwang wrote: > > I heard from jrummell@ that there's file size limit of about 10kB. But given > the > > nature of this test, our test media files are typically way over 10kB (see > > https://chrome-internal.googlesource.com/chrome/data/media). Also many of > these > > files caused security issues before so we can't simply reencode them. What's > the > > recommended way to work around the file size limit? > > 10kb is just the default size limit, we can use any limit we like (but with very > large limits fuzzing is slower). > ochang@ should know better about ClusterFuzz's size limits. > > Also, do you have a corpus of input files for this target somewhere in the > repository? This is an internal repo where we keep: https://chrome-internal.googlesource.com/chrome/data/media To get it, see: https://code.google.com/p/chromium/codesearch#chromium/src/media/ffmpeg/ffmpe... We can also use some files in media/test/data. It's TBD which file(s) we want to pick.
On 2016/03/02 01:05:57, xhwang wrote: > On 2016/03/02 01:03:24, kcc2 wrote: > > On 2016/03/02 01:01:09, xhwang wrote: > > > I heard from jrummell@ that there's file size limit of about 10kB. But given > > the > > > nature of this test, our test media files are typically way over 10kB (see > > > https://chrome-internal.googlesource.com/chrome/data/media). Also many of > > these > > > files caused security issues before so we can't simply reencode them. What's > > the > > > recommended way to work around the file size limit? > > > > 10kb is just the default size limit, we can use any limit we like (but with > very > > large limits fuzzing is slower). > > ochang@ should know better about ClusterFuzz's size limits. > > > > Also, do you have a corpus of input files for this target somewhere in the > > repository? > > This is an internal repo where we keep: > https://chrome-internal.googlesource.com/chrome/data/media > > To get it, see: > https://code.google.com/p/chromium/codesearch#chromium/src/media/ffmpeg/ffmpe... > > We can also use some files in media/test/data. It's TBD which file(s) we want to > pick. SGTM wrt corpus. We still don't have a good way to indicate the corpus files in the .gn file anyway.
comments addressed
PTAL again! https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... File testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc (right): https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:1: // Copyright 2016 The Chromium Authors. All rights reserved. On 2016/03/02 01:00:11, kcc2 wrote: > My recommendation is to keep the fuzzing targets closer to their code (i.e. in > media/) Done. https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:17: base::CommandLine::Init(0, NULL); On 2016/03/02 01:05:39, DaleCurtis wrote: > nullptr ? Done. https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:21: DVLOG(1) << "Start"; On 2016/03/02 01:00:11, kcc2 wrote: > No logging please -- it just slows down fuzzing. Done. https://chromiumcodereview.appspot.com/1757603002/diff/20001/testing/libfuzze... testing/libfuzzer/fuzzers/media_pipeline_fuzzer.cc:34: test.Seek(base::TimeDelta::FromMilliseconds(0)); On 2016/03/02 01:05:39, DaleCurtis wrote: > Also just base::TimeDelta() here. Done.
lgtm
lgtm
The CQ bit was checked by xhwang@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1757603002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1757603002/40001
Message was sent while issue was closed.
Committed patchset #3 (id:40001)
Message was sent while issue was closed.
Description was changed from ========== media: Add media pipeline fuzzer test. BUG=584119 TEST=Add a fuzzer test. ========== to ========== media: Add media pipeline fuzzer test. BUG=584119 TEST=Add a fuzzer test. Committed: https://crrev.com/2fe13fa6192debf74dc920d02a3396d8f3529574 Cr-Commit-Position: refs/heads/master@{#378679} ==========
Message was sent while issue was closed.
Patchset 3 (id:??) landed as https://crrev.com/2fe13fa6192debf74dc920d02a3396d8f3529574 Cr-Commit-Position: refs/heads/master@{#378679} |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
