APM has historically allowed sample rates not divisible by 100, but there is also code that explicitly states that such rates are not supported.
It is unclear how well rates like 22050 are handled in practice.
This CL adds support for fuzzing more sample rates, to help find issues.
We usually preserve fuzzer data reads to avoid invalidating unresolved fuzzer-found issues, but to make the code a little more readable this CL removes the discarded reads. This renders the only currently open bug non-reproducible, crbug.com/1299393.
Bug: webrtc:9413, chromium:1299393
Change-Id: I98ac1c653627c20adc73b8edede02f1526d80d9d
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/264504
Reviewed-by: Alessio Bazzica <alessiob@webrtc.org>
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#37114}
Unlike ReadBits, ConsumeBits doesn't limit number of bits it may advance,
and thus should work when that number is close to the integer limit
Bug: chromium:1250730
Change-Id: Ia7847869ef9d3fc16450d572c9e2be6e1aa36741
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/232332
Reviewed-by: Erik Språng <sprang@webrtc.org>
Reviewed-by: Tommi <tommi@webrtc.org>
Commit-Queue: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#35042}
This is tested by a simple unit test and a new fuzzer that verify that all that can be parsed also can be written.
Bug: webrtc:12000
Change-Id: I461aedf97d3dec6e8916e72110fa097c3b31c27f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/231642
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Commit-Queue: Per Kjellander <perkj@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#34986}
The VP9 encoder may drop a frame internally which will not advance the
frame pattern. Consider the following scenario where only spatial layer
0 and temporal layer 0 is active:
1. Key frame encoded
2. Spatial layer 1 is activated
3. Delta T0 dropped
4. Delta T0 encoded
No S1T0 frame is encoded in (1) since it's not active. When
NextFrameConfig is called in (3) it will say that future frames may
reference T0 on both S0 and S1, but it's then dropped.
On step (4), the SVC controller essentially thinks it's encoding a new
picture and will happily reference the T0 on what it thinks is the first
delta frame. However, this is actually still the key frame and since
there was no S1T0 frame produced it will reference an invalid buffer.
To fix this, only say it's possible to reference a T0 frame after it has
been successfully encoded.
Bug: webrtc:11999, webrtc:13142, chromium:1178444
Change-Id: Iab3d2042ce0b3fa7d952b2831d1a36b1a6613a86
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/231695
Reviewed-by: Erik Språng <sprang@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Commit-Queue: Emil Lundmark <lndmrk@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#34982}
Each file is a SCTP packet (without any additional headers), all
extracted from a few Wireshark dumps that have been manually recorded.
Bug: webrtc:12614
Change-Id: I64bef0c563f1d83ae22735d702c8abafec6429b9
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/214701
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Reviewed-by: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#33675}
This change integrates fuzzing support for RtpDumps in WebRTC. This allows
LibFuzzer to directly fuzz the RTP code path from packet arrival all the way
to actual decoding and rendering. It does this by replaying each RTP packet
in the RTPDump which can be mutated directly by the fuzzer.
For fuzzing support the RtpFileReader needs to support reading from a
buffer instead of an file. The test class requires FILE* for all its
parsing operations and is deeply coupled this way. I chose to solve this
problem at an OS level by using the tmpfile() option and copying the buffer
to the tmpfile(). fmemopen() is no available on most platforms so couldn't
be used as a generic solution. The additional copy isn't ideal but won't
be a bottleneck for the fuzzing.
In the future I plan for the fuzzers to read from a configuration file. But
given the current packaging strategy for fuzzers in WebRTC this isn't easy.
Bug: webrtc:9860
Change-Id: I2560120e82663f9e9fb5b9640e6a6d16f9c1a360
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/126682
Reviewed-by: Niels Moller <nisse@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27151}
Adding an example of a request to send simulcast (from the PC).
Adding an example of a request to receive simulcast (from the SFU).
Bug: webrtc:10409
Change-Id: I13b689621e2f89f8e00b7ee8bc542157ccebb873
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/127621
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Amit Hilbuch <amithi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27116}
This simple fuzzer is intended to detect potential issues in the field trial
parsing code. Since these can be set by the browser it is better to have some
fuzzing coverage around this area.
Bug: webrtc:10395
Change-Id: I1b8b859d2107a0bc99cb7520cf0ef96f3d110547
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/127121
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27087}
Fuzzes the config and audio inputs to GainControlImpl.
Seems able to cover a few hundred lines of code that the APM fuzzer hasn't been able to reach.
Bug: webrtc:9413
Change-Id: I32776505be9c416ec03113c12437a92dcfadd827
Reviewed-on: https://webrtc-review.googlesource.com/84589
Commit-Queue: Sam Zackrisson <saza@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23709}
We found out that
int16_t x = test::FuzzDataHelper::ReadOrDefaultValue(0)
reads 4 bytes from the fuzzer input instead of 2. That means that
almost half the bits in the input data to audio_processing_fuzzer are
ignored. This change adds template arguments to force reading 2 bytes
when we only need 2.
We also add a small manually generated corpus. During local testing we
let the fuzzer run for a few hours on an empty corpus. Adding the
manually-generated files resulted in an immediate coverage increase by
~3%, and then by another 3% over the next few hours.
The manually generated corpus contains a short segment of speech with
real echo. We suspect that triggering Voice Activity Detection or echo
estimation filter convergence can be difficult for an automatic
fuzzer.
We remove the Level Controller config. We read 20 bytes extra after the
config to guard against future configuration changes.
Bug: webrtc:7820
Change-Id: If60c04f53b27c519c349a40bd13664eef7999368
Reviewed-on: https://webrtc-review.googlesource.com/58744
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Commit-Queue: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22269}
Rtp Packets in webrtc expected to be less that 1500,
i.e. way less that 2^16 bytes for extensions block.
This CL explicitly discards longer extension.
Bug: chromium:809046
Change-Id: Ibed33b51bafc3fd4804ec135f66110c6d2796734
Reviewed-on: https://webrtc-review.googlesource.com/48061
Commit-Queue: Danil Chapovalov <danilchap@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21910}
In order to eliminate the WebRTC Subtree mirror in Chromium,
WebRTC is moving the content of the src/webrtc directory up
to the src/ directory.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
TBR=tommi@webrtc.org
Bug: chromium:611808
Change-Id: Iac59c5b51b950f174119565bac87955a7994bc38
Reviewed-on: https://webrtc-review.googlesource.com/1560
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Henrik Kjellander <kjellander@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#19845}
