This change integrates fuzzing support for RtpDumps in WebRTC. This allows
LibFuzzer to directly fuzz the RTP code path from packet arrival all the way
to actual decoding and rendering. It does this by replaying each RTP packet
in the RTPDump which can be mutated directly by the fuzzer.
For fuzzing support the RtpFileReader needs to support reading from a
buffer instead of an file. The test class requires FILE* for all its
parsing operations and is deeply coupled this way. I chose to solve this
problem at an OS level by using the tmpfile() option and copying the buffer
to the tmpfile(). fmemopen() is no available on most platforms so couldn't
be used as a generic solution. The additional copy isn't ideal but won't
be a bottleneck for the fuzzing.
In the future I plan for the fuzzers to read from a configuration file. But
given the current packaging strategy for fuzzers in WebRTC this isn't easy.
Bug: webrtc:9860
Change-Id: I2560120e82663f9e9fb5b9640e6a6d16f9c1a360
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/126682
Reviewed-by: Niels Moller <nisse@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27151}
Adding an example of a request to send simulcast (from the PC).
Adding an example of a request to receive simulcast (from the SFU).
Bug: webrtc:10409
Change-Id: I13b689621e2f89f8e00b7ee8bc542157ccebb873
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/127621
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Amit Hilbuch <amithi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27116}
This simple fuzzer is intended to detect potential issues in the field trial
parsing code. Since these can be set by the browser it is better to have some
fuzzing coverage around this area.
Bug: webrtc:10395
Change-Id: I1b8b859d2107a0bc99cb7520cf0ef96f3d110547
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/127121
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27087}
Fuzzes the config and audio inputs to GainControlImpl.
Seems able to cover a few hundred lines of code that the APM fuzzer hasn't been able to reach.
Bug: webrtc:9413
Change-Id: I32776505be9c416ec03113c12437a92dcfadd827
Reviewed-on: https://webrtc-review.googlesource.com/84589
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23709}
We found out that
int16_t x = test::FuzzDataHelper::ReadOrDefaultValue(0)
reads 4 bytes from the fuzzer input instead of 2. That means that
almost half the bits in the input data to audio_processing_fuzzer are
ignored. This change adds template arguments to force reading 2 bytes
when we only need 2.
We also add a small manually generated corpus. During local testing we
let the fuzzer run for a few hours on an empty corpus. Adding the
manually-generated files resulted in an immediate coverage increase by
~3%, and then by another 3% over the next few hours.
The manually generated corpus contains a short segment of speech with
real echo. We suspect that triggering Voice Activity Detection or echo
estimation filter convergence can be difficult for an automatic
fuzzer.
We remove the Level Controller config. We read 20 bytes extra after the
config to guard against future configuration changes.
Bug: webrtc:7820
Change-Id: If60c04f53b27c519c349a40bd13664eef7999368
Reviewed-on: https://webrtc-review.googlesource.com/58744
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Commit-Queue: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22269}
Rtp Packets in webrtc expected to be less that 1500,
i.e. way less that 2^16 bytes for extensions block.
This CL explicitly discards longer extension.
Bug: chromium:809046
Change-Id: Ibed33b51bafc3fd4804ec135f66110c6d2796734
Reviewed-on: https://webrtc-review.googlesource.com/48061
Commit-Queue: Danil Chapovalov <danilchap@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21910}
In order to eliminate the WebRTC Subtree mirror in Chromium,
WebRTC is moving the content of the src/webrtc directory up
to the src/ directory.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
TBR=tommi@webrtc.org
Bug: chromium:611808
Change-Id: Iac59c5b51b950f174119565bac87955a7994bc38
Reviewed-on: https://webrtc-review.googlesource.com/1560
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Henrik Kjellander <kjellander@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#19845}
