Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Unified Diff: test/fuzzers/frame_buffer2_fuzzer.cc

Issue 2942613002: Fuzzing for video_coding::FrameBuffer2
Patch Set: Rebase + updated to int64_t picture ids Created 3 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « test/fuzzers/BUILD.gn ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: test/fuzzers/frame_buffer2_fuzzer.cc
diff --git a/test/fuzzers/frame_buffer2_fuzzer.cc b/test/fuzzers/frame_buffer2_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..526b8ed490d5d852e022e689a7fd3271db618928
--- /dev/null
+++ b/test/fuzzers/frame_buffer2_fuzzer.cc
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2017 The WebRTC project authors. All Rights Reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+#include "modules/video_coding/frame_buffer2.h"
+
+#include "modules/video_coding/jitter_estimator.h"
+#include "modules/video_coding/timing.h"
+#include "system_wrappers/include/clock.h"
+
+namespace webrtc {
+
+namespace {
+template <typename T>
+T ReadNum(const uint8_t* data, size_t* offset, size_t max_size) {
+ RTC_CHECK(*offset + sizeof(T) < max_size);
+ T res = *reinterpret_cast<const T*>(data + *offset);
+ *offset += sizeof(T);
+ return res;
+}
+} // namespace
+
+class FuzzyFrameObject : public video_coding::FrameObject {
+ public:
+ FuzzyFrameObject() {}
+ ~FuzzyFrameObject() {}
+
+ bool GetBitstream(uint8_t* destination) const override { return false; }
+ uint32_t Timestamp() const override { return timestamp; }
+ int64_t ReceivedTime() const override { return 0; }
+ int64_t RenderTime() const override { return _renderTimeMs; }
+};
+
+void FuzzOneInput(const uint8_t* data, size_t size) {
+ Clock* clock = Clock::GetRealTimeClock();
+ VCMJitterEstimator jitter_estimator(clock, 0, 0);
+ VCMTiming timing(clock);
+ video_coding::FrameBuffer frame_buffer(clock, &jitter_estimator, &timing,
+ nullptr);
+
+ size_t offset = 0;
+ while (true) {
+ if (offset + 1 >= size)
+ return;
+
+ if (ReadNum<uint8_t>(data, &offset, size) & 1) {
+ if (offset + 14 >= size)
+ return;
+
+ std::unique_ptr<FuzzyFrameObject> frame(new FuzzyFrameObject());
+ frame->picture_id = ReadNum<int64_t>(data, &offset, size);
+ frame->spatial_layer = ReadNum<uint8_t>(data, &offset, size) & 7;
+ frame->timestamp = ReadNum<uint32_t>(data, &offset, size);
+ frame->num_references = ReadNum<uint8_t>(data, &offset, size) % 6;
+
+ if (offset + frame->num_references * 8 >= size)
+ return;
+ for (size_t r = 0; r < frame->num_references; ++r)
+ frame->references[r] = ReadNum<int64_t>(data, &offset, size);
+
+ frame_buffer.InsertFrame(std::move(frame));
+
+ } else {
+ if (offset + 1 >= size)
+ return;
+
+ int64_t wait_ms = ReadNum<uint8_t>(data, &offset, size) & 7;
+ std::unique_ptr<video_coding::FrameObject> frame(new FuzzyFrameObject());
+
+ frame_buffer.NextFrame(wait_ms, &frame);
+ }
+ }
+}
+
+} // namespace webrtc
« no previous file with comments | « test/fuzzers/BUILD.gn ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698