Implement fuzzing of VP9 depacketization.

Provides an example for how to use fuzzing within the webrtc tree. BUG=webrtc:4771 R=aizatsky@chromium.org, asapersson@webrtc.org, kjellander@webrtc.org Review URL: https://codereview.webrtc.org/1463523002 . Cr-Commit-Position: refs/heads/master@{#10752}
2015-11-23 15:12:06 +01:00
parent ee37de3c13
commit 62e9bda7bf
6 changed files with 97 additions and 4 deletions
--- a/webrtc/BUILD.gn
+++ b/webrtc/BUILD.gn
@ -9,6 +9,7 @@
 # TODO(kjellander): Rebase this to webrtc/build/common.gypi changes after r6330.

 import("//build/config/linux/pkg_config.gni")
+import("//build/config/sanitizers/sanitizers.gni")
 import("build/webrtc.gni")
 import("//third_party/protobuf/proto_library.gni")

@ -177,8 +178,8 @@ source_set("webrtc") {
  public_configs = [ ":common_inherited_config" ]

  deps = [
-    "audio",
    ":webrtc_common",
+    "audio",
    "base:rtc_base",
    "call",
    "common_audio",
@ -218,8 +219,8 @@ if (!build_with_chromium) {
    testonly = true
    deps = [
      ":webrtc",
-      "modules/video_render:video_render_internal_impl",
      "modules/video_capture:video_capture_internal_impl",
+      "modules/video_render:video_render_internal_impl",
      "test",
    ]
  }
@ -278,3 +279,12 @@ source_set("rtc_event_log") {
    configs -= [ "//build/config/clang:find_bad_constructs" ]
  }
 }
+
+if (use_libfuzzer) {
+  group("webrtc_fuzzers") {
+    testonly = true
+    deps = [
+      "test/fuzzers:vp9_depacketizer_fuzzer",
+    ]
+  }
+}
--- a/webrtc/test/BUILD.gn
+++ b/webrtc/test/BUILD.gn
@ -70,10 +70,10 @@ source_set("test_support") {
  ]

  deps = [
-    "//testing/gmock",
-    "//testing/gtest",
    "..:gtest_prod",
    "../system_wrappers",
+    "//testing/gmock",
+    "//testing/gtest",
  ]

  if (is_android) {
--- a/webrtc/test/fuzzers/BUILD.gn
+++ b/webrtc/test/fuzzers/BUILD.gn
@ -0,0 +1,35 @@
+# Copyright (c) 2015 The WebRTC project authors. All Rights Reserved.
+#
+# Use of this source code is governed by a BSD-style license
+# that can be found in the LICENSE file in the root of the source
+# tree. An additional intellectual property rights grant can be found
+# in the file PATENTS.  All contributing project authors may
+# be found in the AUTHORS file in the root of the source tree.
+
+import("//build/config/features.gni")
+import("//testing/test.gni")
+
+static_library("webrtc_fuzzer_main") {
+  sources = [
+    "webrtc_fuzzer_main.cc",
+  ]
+  deps = [
+    "..:field_trial",
+    "//testing/libfuzzer:libfuzzer_main",
+  ]
+}
+
+test("vp9_depacketizer_fuzzer") {
+  sources = [
+    "vp9_depacketizer_fuzzer.cc",
+  ]
+  deps = [
+    ":webrtc_fuzzer_main",
+    "../../modules/rtp_rtcp",
+  ]
+  if (is_clang) {
+    # Suppress warnings from Chrome's Clang plugins.
+    # See http://code.google.com/p/webrtc/issues/detail?id=163 for details.
+    configs -= [ "//build/config/clang:find_bad_constructs" ]
+  }
+}
--- a/webrtc/test/fuzzers/OWNERS
+++ b/webrtc/test/fuzzers/OWNERS
@ -0,0 +1 @@
+pbos@webrtc.org
--- a/webrtc/test/fuzzers/vp9_depacketizer_fuzzer.cc
+++ b/webrtc/test/fuzzers/vp9_depacketizer_fuzzer.cc
@ -0,0 +1,18 @@
+/*
+ *  Copyright (c) 2015 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+#include "webrtc/modules/rtp_rtcp/source/rtp_format_vp9.h"
+
+namespace webrtc {
+void FuzzOneInput(const uint8_t* data, size_t size) {
+  RtpDepacketizerVp9 depacketizer;
+  RtpDepacketizer::ParsedPayload parsed_payload;
+  depacketizer.Parse(&parsed_payload, data, size);
+}
+}  // namespace webrtc
--- a/webrtc/test/fuzzers/webrtc_fuzzer_main.cc
+++ b/webrtc/test/fuzzers/webrtc_fuzzer_main.cc
@ -0,0 +1,29 @@
+/*
+ *  Copyright (c) 2015 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+#include "webrtc/base/logging.h"
+
+// This file is intended to provide a common interface for fuzzing functions, so
+// whether we're running fuzzing under libFuzzer or DrFuzz the webrtc functions
+// can remain the same.
+// TODO(pbos): Implement FuzzOneInput() for more than one platform (currently
+// libFuzzer).
+
+namespace webrtc {
+extern void FuzzOneInput(const uint8_t* data, size_t size);
+}  // namespace webrtc
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size) {
+  // TODO(pbos): Figure out whether this can be moved to common startup code and
+  // not be done per-input.
+  // Remove default logging to prevent huge slowdowns.
+  rtc::LogMessage::LogToDebug(rtc::LS_NONE);
+  webrtc::FuzzOneInput(data, size);
+  return 0;
+}