1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/*
* Copyright (c) 2015 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#include <memory>
#include "modules/include/module_common_types_public.h"
#include "modules/rtp_rtcp/source/byte_io.h"
#include "modules/rtp_rtcp/source/fec_test_helper.h"
#include "modules/rtp_rtcp/source/ulpfec_generator.h"
#include "rtc_base/checks.h"
#include "rtc_base/copy_on_write_buffer.h"
#include "system_wrappers/include/clock.h"
namespace webrtc {
namespace {
constexpr uint8_t kFecPayloadType = 96;
constexpr uint8_t kRedPayloadType = 97;
} // namespace
void FuzzOneInput(const uint8_t* data, size_t size) {
SimulatedClock clock(1);
UlpfecGenerator generator(kRedPayloadType, kFecPayloadType, &clock);
size_t i = 0;
if (size < 4)
return;
FecProtectionParams params = {
data[i++] % 128, static_cast<int>(data[i++] % 10), kFecMaskBursty};
generator.SetProtectionParameters(params, params);
uint16_t seq_num = data[i++];
uint16_t prev_seq_num = 0;
while (i + 3 < size) {
size_t rtp_header_length = data[i++] % 10 + 12;
size_t payload_size = data[i++] % 10;
if (i + payload_size + rtp_header_length + 2 > size)
break;
rtc::CopyOnWriteBuffer packet(&data[i], payload_size + rtp_header_length);
packet.EnsureCapacity(IP_PACKET_SIZE);
// Write a valid parsable header (version = 2, no padding, no extensions,
// no CSRCs).
ByteWriter<uint8_t>::WriteBigEndian(packet.MutableData(), 2 << 6);
// Make sure sequence numbers are increasing.
ByteWriter<uint16_t>::WriteBigEndian(packet.MutableData() + 2, seq_num++);
i += payload_size + rtp_header_length;
const bool protect = data[i++] % 2 == 1;
// Check the sequence numbers are monotonic. In rare case the packets number
// may loop around and in the same FEC-protected group the packet sequence
// number became out of order.
if (protect && IsNewerSequenceNumber(seq_num, prev_seq_num) &&
seq_num < prev_seq_num + kUlpfecMaxMediaPackets) {
RtpPacketToSend rtp_packet(nullptr);
// Check that we actually have a parsable packet, we want to fuzz FEC
// logic, not RTP header parsing.
RTC_CHECK(rtp_packet.Parse(packet));
generator.AddPacketAndGenerateFec(rtp_packet);
prev_seq_num = seq_num;
}
generator.GetFecPackets();
}
}
} // namespace webrtc
|
