zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
09ec3cf7c63f25a11679bcc3e01d5a51a4dff073
platform-external-webrtc/test/fuzzers/fuzz_data_helper.h
Alex Loiko 38c15d3995 Template argument and corpora for Audio Processing Fuzzer. 
We found out that

  int16_t x = test::FuzzDataHelper::ReadOrDefaultValue(0)

reads 4 bytes from the fuzzer input instead of 2. That means that
almost half the bits in the input data to audio_processing_fuzzer are
ignored. This change adds template arguments to force reading 2 bytes
when we only need 2.

We also add a small manually generated corpus. During local testing we
let the fuzzer run for a few hours on an empty corpus. Adding the
manually-generated files resulted in an immediate coverage increase by
~3%, and then by another 3% over the next few hours.

The manually generated corpus contains a short segment of speech with
real echo. We suspect that triggering Voice Activity Detection or echo
estimation filter convergence can be difficult for an automatic
fuzzer.

We remove the Level Controller config. We read 20 bytes extra after the
config to guard against future configuration changes.

Bug: webrtc:7820
Change-Id: If60c04f53b27c519c349a40bd13664eef7999368
Reviewed-on: https://webrtc-review.googlesource.com/58744
Reviewed-by: Sam Zackrisson <saza@webrtc.org>
Commit-Queue: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22269}
2018-03-02 14:00:39 +00:00

93 lines
3.0 KiB
C++
Raw Blame History

/*
* Copyright (c) 2017 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef TEST_FUZZERS_FUZZ_DATA_HELPER_H_
#define TEST_FUZZERS_FUZZ_DATA_HELPER_H_
#include <limits>
#include "api/array_view.h"
#include "modules/rtp_rtcp/source/byte_io.h"
namespace webrtc {
namespace test {
// Helper class to take care of the fuzzer input, read from it, and keep track
// of when the end of the data has been reached.
class FuzzDataHelper {
public:
explicit FuzzDataHelper(rtc::ArrayView<const uint8_t> data);
// Returns true if n bytes can be read.
bool CanReadBytes(size_t n) const { return data_ix_ + n <= data_.size(); }
// Reads and returns data of type T.
template <typename T>
T Read() {
RTC_CHECK(CanReadBytes(sizeof(T)));
T x = ByteReader<T>::ReadLittleEndian(&data_[data_ix_]);
data_ix_ += sizeof(T);
return x;
}
// Reads and returns data of type T. Returns default_value if not enough
// fuzzer input remains to read a T.
template <typename T>
T ReadOrDefaultValue(T default_value) {
if (!CanReadBytes(sizeof(T))) {
return default_value;
}
return Read<T>();
}
// Like ReadOrDefaultValue, but replaces the value 0 with default_value.
template <typename T>
T ReadOrDefaultValueNotZero(T default_value) {
static_assert(std::is_integral<T>::value, "");
T x = ReadOrDefaultValue(default_value);
return x == 0 ? default_value : x;
}
// Returns one of the elements from the provided input array. The selection
// is based on the fuzzer input data. If not enough fuzzer data is available,
// the method will return the first element in the input array. The reason for
// not flagging this as an error is to allow the method to be called from
// class constructors, and in constructors we typically do not handle
// errors. The code will work anyway, and the fuzzer will likely see that
// providing more data will actually make this method return something else.
template <typename T, size_t N>
T SelectOneOf(const T (&select_from)[N]) {
static_assert(N <= std::numeric_limits<uint8_t>::max(), "");
// Read an index between 0 and select_from.size() - 1 from the fuzzer data.
uint8_t index = ReadOrDefaultValue<uint8_t>(0) % N;
return select_from[index];
}
rtc::ArrayView<const uint8_t> ReadByteArray(size_t bytes) {
if (!CanReadBytes(bytes)) {
return rtc::ArrayView<const uint8_t>(nullptr, 0);
}
const size_t index_to_return = data_ix_;
data_ix_ += bytes;
return data_.subview(index_to_return, bytes);
}
size_t BytesRead() const { return data_ix_; }
private:
rtc::ArrayView<const uint8_t> data_;
size_t data_ix_ = 0;
};
} // namespace test
} // namespace webrtc
#endif // TEST_FUZZERS_FUZZ_DATA_HELPER_H_
Reference in New Issue View Git Blame Copy Permalink