From 960a9d7f770087138723fde0216cdae0a8d7e2bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?I=C3=B1aki=20Baz=20Castillo?= Date: Thu, 7 Mar 2024 15:51:33 +0100 Subject: [PATCH] a separate fuzzer for each codec --- .../fuzzer/include/RTC/Codecs/FuzzerH264.hpp | 20 ++++++++++++++++++ .../include/RTC/Codecs/FuzzerH264_SVC.hpp | 20 ++++++++++++++++++ .../fuzzer/include/RTC/Codecs/FuzzerOpus.hpp | 20 ++++++++++++++++++ .../{FuzzerCodecs.hpp => FuzzerVP8.hpp} | 9 +++++--- .../fuzzer/include/RTC/Codecs/FuzzerVP9.hpp | 20 ++++++++++++++++++ ...h-7e7caf72377ad55d353719f28febb5238eadfc9e | 1 + ...k-492806f087e0c9fe99127b57f379ba946befc35c | 1 - ...k-6dcd4ce23d88e2ee9568ba546c007c63d9131c1b | 1 - ...k-b6589fc6ab0dc82cf12099d1c2d40ab994e8410c | 1 - ...k-d54bc342b7d2ee881a9ba853289e831b93375e2d | Bin 4 -> 0 bytes ...k-da4b9237bacccdf19c0760cab7aec4a8359010b0 | 1 - worker/fuzzer/src/RTC/Codecs/FuzzerCodecs.cpp | 15 ------------- worker/fuzzer/src/RTC/Codecs/FuzzerH264.cpp | 14 ++++++++++++ .../fuzzer/src/RTC/Codecs/FuzzerH264_SVC.cpp | 14 ++++++++++++ worker/fuzzer/src/RTC/Codecs/FuzzerOpus.cpp | 14 ++++++++++++ worker/fuzzer/src/RTC/Codecs/FuzzerVP8.cpp | 14 ++++++++++++ worker/fuzzer/src/RTC/Codecs/FuzzerVP9.cpp | 14 ++++++++++++ worker/fuzzer/src/fuzzer.cpp | 14 +++++++++--- worker/meson.build | 6 +++++- 19 files changed, 173 insertions(+), 26 deletions(-) create mode 100644 worker/fuzzer/include/RTC/Codecs/FuzzerH264.hpp create mode 100644 worker/fuzzer/include/RTC/Codecs/FuzzerH264_SVC.hpp create mode 100644 worker/fuzzer/include/RTC/Codecs/FuzzerOpus.hpp rename worker/fuzzer/include/RTC/Codecs/{FuzzerCodecs.hpp => FuzzerVP8.hpp} (51%) create mode 100644 worker/fuzzer/include/RTC/Codecs/FuzzerVP9.hpp create mode 100644 worker/fuzzer/reports/crash-7e7caf72377ad55d353719f28febb5238eadfc9e delete mode 100644 worker/fuzzer/reports/leak-492806f087e0c9fe99127b57f379ba946befc35c delete mode 100644 worker/fuzzer/reports/leak-6dcd4ce23d88e2ee9568ba546c007c63d9131c1b delete mode 100644 worker/fuzzer/reports/leak-b6589fc6ab0dc82cf12099d1c2d40ab994e8410c delete mode 100644 worker/fuzzer/reports/leak-d54bc342b7d2ee881a9ba853289e831b93375e2d delete mode 100644 worker/fuzzer/reports/leak-da4b9237bacccdf19c0760cab7aec4a8359010b0 delete mode 100644 worker/fuzzer/src/RTC/Codecs/FuzzerCodecs.cpp create mode 100644 worker/fuzzer/src/RTC/Codecs/FuzzerH264.cpp create mode 100644 worker/fuzzer/src/RTC/Codecs/FuzzerH264_SVC.cpp create mode 100644 worker/fuzzer/src/RTC/Codecs/FuzzerOpus.cpp create mode 100644 worker/fuzzer/src/RTC/Codecs/FuzzerVP8.cpp create mode 100644 worker/fuzzer/src/RTC/Codecs/FuzzerVP9.cpp diff --git a/worker/fuzzer/include/RTC/Codecs/FuzzerH264.hpp b/worker/fuzzer/include/RTC/Codecs/FuzzerH264.hpp new file mode 100644 index 0000000000..21a2364365 --- /dev/null +++ b/worker/fuzzer/include/RTC/Codecs/FuzzerH264.hpp @@ -0,0 +1,20 @@ +#ifndef MS_FUZZER_RTC_CODECS_H264_HPP +#define MS_FUZZER_RTC_CODECS_H264_HPP + +#include "common.hpp" + +namespace Fuzzer +{ + namespace RTC + { + namespace Codecs + { + namespace H264 + { + void Fuzz(const uint8_t* data, size_t len); + } + } // namespace Codecs + } // namespace RTC +} // namespace Fuzzer + +#endif diff --git a/worker/fuzzer/include/RTC/Codecs/FuzzerH264_SVC.hpp b/worker/fuzzer/include/RTC/Codecs/FuzzerH264_SVC.hpp new file mode 100644 index 0000000000..d72125dc5d --- /dev/null +++ b/worker/fuzzer/include/RTC/Codecs/FuzzerH264_SVC.hpp @@ -0,0 +1,20 @@ +#ifndef MS_FUZZER_RTC_CODECS_H264_SVC_HPP +#define MS_FUZZER_RTC_CODECS_H264_SVC_HPP + +#include "common.hpp" + +namespace Fuzzer +{ + namespace RTC + { + namespace Codecs + { + namespace H264_SVC + { + void Fuzz(const uint8_t* data, size_t len); + } + } // namespace Codecs + } // namespace RTC +} // namespace Fuzzer + +#endif diff --git a/worker/fuzzer/include/RTC/Codecs/FuzzerOpus.hpp b/worker/fuzzer/include/RTC/Codecs/FuzzerOpus.hpp new file mode 100644 index 0000000000..2e52616600 --- /dev/null +++ b/worker/fuzzer/include/RTC/Codecs/FuzzerOpus.hpp @@ -0,0 +1,20 @@ +#ifndef MS_FUZZER_RTC_CODECS_OPUS_HPP +#define MS_FUZZER_RTC_CODECS_OPUS_HPP + +#include "common.hpp" + +namespace Fuzzer +{ + namespace RTC + { + namespace Codecs + { + namespace Opus + { + void Fuzz(const uint8_t* data, size_t len); + } + } // namespace Codecs + } // namespace RTC +} // namespace Fuzzer + +#endif diff --git a/worker/fuzzer/include/RTC/Codecs/FuzzerCodecs.hpp b/worker/fuzzer/include/RTC/Codecs/FuzzerVP8.hpp similarity index 51% rename from worker/fuzzer/include/RTC/Codecs/FuzzerCodecs.hpp rename to worker/fuzzer/include/RTC/Codecs/FuzzerVP8.hpp index 456f5803d7..dfa87efec8 100644 --- a/worker/fuzzer/include/RTC/Codecs/FuzzerCodecs.hpp +++ b/worker/fuzzer/include/RTC/Codecs/FuzzerVP8.hpp @@ -1,5 +1,5 @@ -#ifndef MS_FUZZER_RTC_CODECS_HPP -#define MS_FUZZER_RTC_CODECS_HPP +#ifndef MS_FUZZER_RTC_CODECS_VP8_HPP +#define MS_FUZZER_RTC_CODECS_VP8_HPP #include "common.hpp" @@ -9,7 +9,10 @@ namespace Fuzzer { namespace Codecs { - void Fuzz(const uint8_t* data, size_t len); + namespace VP8 + { + void Fuzz(const uint8_t* data, size_t len); + } } // namespace Codecs } // namespace RTC } // namespace Fuzzer diff --git a/worker/fuzzer/include/RTC/Codecs/FuzzerVP9.hpp b/worker/fuzzer/include/RTC/Codecs/FuzzerVP9.hpp new file mode 100644 index 0000000000..93743cbeae --- /dev/null +++ b/worker/fuzzer/include/RTC/Codecs/FuzzerVP9.hpp @@ -0,0 +1,20 @@ +#ifndef MS_FUZZER_RTC_CODECS_VP9_HPP +#define MS_FUZZER_RTC_CODECS_VP9_HPP + +#include "common.hpp" + +namespace Fuzzer +{ + namespace RTC + { + namespace Codecs + { + namespace VP9 + { + void Fuzz(const uint8_t* data, size_t len); + } + } // namespace Codecs + } // namespace RTC +} // namespace Fuzzer + +#endif diff --git a/worker/fuzzer/reports/crash-7e7caf72377ad55d353719f28febb5238eadfc9e b/worker/fuzzer/reports/crash-7e7caf72377ad55d353719f28febb5238eadfc9e new file mode 100644 index 0000000000..e570989278 --- /dev/null +++ b/worker/fuzzer/reports/crash-7e7caf72377ad55d353719f28febb5238eadfc9e @@ -0,0 +1 @@ +88t \ No newline at end of file diff --git a/worker/fuzzer/reports/leak-492806f087e0c9fe99127b57f379ba946befc35c b/worker/fuzzer/reports/leak-492806f087e0c9fe99127b57f379ba946befc35c deleted file mode 100644 index a7f01535ab..0000000000 --- a/worker/fuzzer/reports/leak-492806f087e0c9fe99127b57f379ba946befc35c +++ /dev/null @@ -1 +0,0 @@ -ƒÎ \ No newline at end of file diff --git a/worker/fuzzer/reports/leak-6dcd4ce23d88e2ee9568ba546c007c63d9131c1b b/worker/fuzzer/reports/leak-6dcd4ce23d88e2ee9568ba546c007c63d9131c1b deleted file mode 100644 index 8c7e5a667f..0000000000 --- a/worker/fuzzer/reports/leak-6dcd4ce23d88e2ee9568ba546c007c63d9131c1b +++ /dev/null @@ -1 +0,0 @@ -A \ No newline at end of file diff --git a/worker/fuzzer/reports/leak-b6589fc6ab0dc82cf12099d1c2d40ab994e8410c b/worker/fuzzer/reports/leak-b6589fc6ab0dc82cf12099d1c2d40ab994e8410c deleted file mode 100644 index c227083464..0000000000 --- a/worker/fuzzer/reports/leak-b6589fc6ab0dc82cf12099d1c2d40ab994e8410c +++ /dev/null @@ -1 +0,0 @@ -0 \ No newline at end of file diff --git a/worker/fuzzer/reports/leak-d54bc342b7d2ee881a9ba853289e831b93375e2d b/worker/fuzzer/reports/leak-d54bc342b7d2ee881a9ba853289e831b93375e2d deleted file mode 100644 index 943cf8d7dfd854bb291e0d81dbb826b6fd7c63aa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4 LcmZoU$G`vp1bzWi diff --git a/worker/fuzzer/reports/leak-da4b9237bacccdf19c0760cab7aec4a8359010b0 b/worker/fuzzer/reports/leak-da4b9237bacccdf19c0760cab7aec4a8359010b0 deleted file mode 100644 index d8263ee986..0000000000 --- a/worker/fuzzer/reports/leak-da4b9237bacccdf19c0760cab7aec4a8359010b0 +++ /dev/null @@ -1 +0,0 @@ -2 \ No newline at end of file diff --git a/worker/fuzzer/src/RTC/Codecs/FuzzerCodecs.cpp b/worker/fuzzer/src/RTC/Codecs/FuzzerCodecs.cpp deleted file mode 100644 index 1d950a4786..0000000000 --- a/worker/fuzzer/src/RTC/Codecs/FuzzerCodecs.cpp +++ /dev/null @@ -1,15 +0,0 @@ -#include "RTC/Codecs/FuzzerCodecs.hpp" -#include "RTC/Codecs/Opus.hpp" -#include "RTC/Codecs/VP8.hpp" -#include "RTC/Codecs/VP9.hpp" -#include "RTC/Codecs/H264.hpp" -#include "RTC/Codecs/H264_SVC.hpp" - -void Fuzzer::RTC::Codecs::Fuzz(const uint8_t* data, size_t len) -{ - ::RTC::Codecs::Opus::Parse(data, len); - ::RTC::Codecs::VP8::Parse(data, len); - ::RTC::Codecs::VP9::Parse(data, len); - ::RTC::Codecs::H264::Parse(data, len); - ::RTC::Codecs::H264_SVC::Parse(data, len); -} diff --git a/worker/fuzzer/src/RTC/Codecs/FuzzerH264.cpp b/worker/fuzzer/src/RTC/Codecs/FuzzerH264.cpp new file mode 100644 index 0000000000..48404e41e8 --- /dev/null +++ b/worker/fuzzer/src/RTC/Codecs/FuzzerH264.cpp @@ -0,0 +1,14 @@ +#include "RTC/Codecs/FuzzerH264.hpp" +#include "RTC/Codecs/H264.hpp" + +void Fuzzer::RTC::Codecs::H264::Fuzz(const uint8_t* data, size_t len) +{ + ::RTC::Codecs::H264::PayloadDescriptor* descriptor = ::RTC::Codecs::H264::Parse(data, len); + + if (!descriptor) + { + return; + } + + delete descriptor; +} diff --git a/worker/fuzzer/src/RTC/Codecs/FuzzerH264_SVC.cpp b/worker/fuzzer/src/RTC/Codecs/FuzzerH264_SVC.cpp new file mode 100644 index 0000000000..b0af2e6012 --- /dev/null +++ b/worker/fuzzer/src/RTC/Codecs/FuzzerH264_SVC.cpp @@ -0,0 +1,14 @@ +#include "RTC/Codecs/FuzzerH264_SVC.hpp" +#include "RTC/Codecs/H264_SVC.hpp" + +void Fuzzer::RTC::Codecs::H264_SVC::Fuzz(const uint8_t* data, size_t len) +{ + ::RTC::Codecs::H264_SVC::PayloadDescriptor* descriptor = ::RTC::Codecs::H264_SVC::Parse(data, len); + + if (!descriptor) + { + return; + } + + delete descriptor; +} diff --git a/worker/fuzzer/src/RTC/Codecs/FuzzerOpus.cpp b/worker/fuzzer/src/RTC/Codecs/FuzzerOpus.cpp new file mode 100644 index 0000000000..188762c8b8 --- /dev/null +++ b/worker/fuzzer/src/RTC/Codecs/FuzzerOpus.cpp @@ -0,0 +1,14 @@ +#include "RTC/Codecs/FuzzerOpus.hpp" +#include "RTC/Codecs/Opus.hpp" + +void Fuzzer::RTC::Codecs::Opus::Fuzz(const uint8_t* data, size_t len) +{ + ::RTC::Codecs::Opus::PayloadDescriptor* descriptor = ::RTC::Codecs::Opus::Parse(data, len); + + if (!descriptor) + { + return; + } + + delete descriptor; +} diff --git a/worker/fuzzer/src/RTC/Codecs/FuzzerVP8.cpp b/worker/fuzzer/src/RTC/Codecs/FuzzerVP8.cpp new file mode 100644 index 0000000000..a628bd5e11 --- /dev/null +++ b/worker/fuzzer/src/RTC/Codecs/FuzzerVP8.cpp @@ -0,0 +1,14 @@ +#include "RTC/Codecs/FuzzerVP8.hpp" +#include "RTC/Codecs/VP8.hpp" + +void Fuzzer::RTC::Codecs::VP8::Fuzz(const uint8_t* data, size_t len) +{ + ::RTC::Codecs::VP8::PayloadDescriptor* descriptor = ::RTC::Codecs::VP8::Parse(data, len); + + if (!descriptor) + { + return; + } + + delete descriptor; +} diff --git a/worker/fuzzer/src/RTC/Codecs/FuzzerVP9.cpp b/worker/fuzzer/src/RTC/Codecs/FuzzerVP9.cpp new file mode 100644 index 0000000000..c10a177a79 --- /dev/null +++ b/worker/fuzzer/src/RTC/Codecs/FuzzerVP9.cpp @@ -0,0 +1,14 @@ +#include "RTC/Codecs/FuzzerVP9.hpp" +#include "RTC/Codecs/VP9.hpp" + +void Fuzzer::RTC::Codecs::VP9::Fuzz(const uint8_t* data, size_t len) +{ + ::RTC::Codecs::VP9::PayloadDescriptor* descriptor = ::RTC::Codecs::VP9::Parse(data, len); + + if (!descriptor) + { + return; + } + + delete descriptor; +} diff --git a/worker/fuzzer/src/fuzzer.cpp b/worker/fuzzer/src/fuzzer.cpp index e8e2b24d4d..d51422b103 100644 --- a/worker/fuzzer/src/fuzzer.cpp +++ b/worker/fuzzer/src/fuzzer.cpp @@ -9,7 +9,11 @@ #include "LogLevel.hpp" #include "Settings.hpp" #include "Utils.hpp" -#include "RTC/Codecs/FuzzerCodecs.hpp" +#include "RTC/Codecs/FuzzerH264.hpp" +#include "RTC/Codecs/FuzzerH264_SVC.hpp" +#include "RTC/Codecs/FuzzerOpus.hpp" +#include "RTC/Codecs/FuzzerVP8.hpp" +#include "RTC/Codecs/FuzzerVP9.hpp" #include "RTC/DtlsTransport.hpp" #include "RTC/FuzzerDtlsTransport.hpp" #include "RTC/FuzzerRtpPacket.hpp" @@ -66,7 +70,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) if (fuzzCodecs) { - Fuzzer::RTC::Codecs::Fuzz(data, len); + Fuzzer::RTC::Codecs::Opus::Fuzz(data, len); + Fuzzer::RTC::Codecs::VP8::Fuzz(data, len); + Fuzzer::RTC::Codecs::VP9::Fuzz(data, len); + Fuzzer::RTC::Codecs::H264::Fuzz(data, len); + Fuzzer::RTC::Codecs::H264_SVC::Fuzz(data, len); } if (fuzzUtils) @@ -137,7 +145,7 @@ int Init() fuzzUtils = true; } - if (!fuzzStun && !fuzzDtls && !fuzzRtcp && !fuzzRtp && !fuzzUtils) + if (!fuzzStun && !fuzzDtls && !fuzzRtp && !fuzzRtcp && !fuzzCodecs && !fuzzUtils) { std::cout << "[fuzzer] all fuzzers enabled" << std::endl; diff --git a/worker/meson.build b/worker/meson.build index cb7ccc7e56..f4d24f5958 100644 --- a/worker/meson.build +++ b/worker/meson.build @@ -438,7 +438,11 @@ executable( 'fuzzer/src/RTC/FuzzerSeqManager.cpp', 'fuzzer/src/RTC/FuzzerStunPacket.cpp', 'fuzzer/src/RTC/FuzzerTrendCalculator.cpp', - 'fuzzer/src/RTC/Codecs/FuzzerCodecs.cpp', + 'fuzzer/src/RTC/Codecs/FuzzerOpus.cpp', + 'fuzzer/src/RTC/Codecs/FuzzerVP8.cpp', + 'fuzzer/src/RTC/Codecs/FuzzerVP9.cpp', + 'fuzzer/src/RTC/Codecs/FuzzerH264.cpp', + 'fuzzer/src/RTC/Codecs/FuzzerH264_SVC.cpp', 'fuzzer/src/RTC/RTCP/FuzzerBye.cpp', 'fuzzer/src/RTC/RTCP/FuzzerFeedbackPs.cpp', 'fuzzer/src/RTC/RTCP/FuzzerFeedbackPsAfb.cpp',