It is possible for the fuzzer to just never deliver packets if the packet delay
is set long enough in the RtpReplayer. This is simply fixed by setting an upper
bound. This change is in the test code setup.
Bug: webrtc:10493,chromium:943420
Change-Id: I54f56e1aa7700f1151e0b58a5a53bc789d032c18
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/130365
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27369}
This change integrates fuzzing support for RtpDumps in WebRTC. This allows
LibFuzzer to directly fuzz the RTP code path from packet arrival all the way
to actual decoding and rendering. It does this by replaying each RTP packet
in the RTPDump which can be mutated directly by the fuzzer.
For fuzzing support the RtpFileReader needs to support reading from a
buffer instead of an file. The test class requires FILE* for all its
parsing operations and is deeply coupled this way. I chose to solve this
problem at an OS level by using the tmpfile() option and copying the buffer
to the tmpfile(). fmemopen() is no available on most platforms so couldn't
be used as a generic solution. The additional copy isn't ideal but won't
be a bottleneck for the fuzzing.
In the future I plan for the fuzzers to read from a configuration file. But
given the current packaging strategy for fuzzers in WebRTC this isn't easy.
Bug: webrtc:9860
Change-Id: I2560120e82663f9e9fb5b9640e6a6d16f9c1a360
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/126682
Reviewed-by: Niels Moller <nisse@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27151}
