media/base/bit_reader_fuzzertest.cc - Issue 1754523004: media: Add fuzzer test for bit_reader

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: media/base/bit_reader_fuzzertest.cc

Issue 1754523004: media: Add fuzzer test for bit_reader (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <stddef.h>

	6

	7 #include "base/numerics/safe_conversions.h"

	8 #include "media/base/bit_reader.h"

	9

	10 // Given \|value\|, return a number between 1 and 32.

	11 static int DetermineNumBits(uint8_t value) {

	12 return (value % 32) + 1;

	13 }

	14

	15 // Entry point for LibFuzzer.

	16 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

	17 media::BitReader reader(data, base::checked_cast<int>(size));

	18

	19 // Read and skip through the data. Since we want the test to be repeatable

	20 // for a given input, use the values in \|data\| to determine how many bits

	21 // to read/skip until the end of the stream (which should fail).

	22 for (size_t i = 0; i < size && reader.bits_available(); ++i) {
	DaleCurtis 2016/03/03 00:16:35 Why restrict to size here? Seems you want to keep Why restrict to size here? Seems you want to keep reading and just use i/8 for your read or skip check? DetermineNumBits() could also take bits remaining and clamp so that you don't need l.35. to l.39 jrummell 2016/03/03 23:21:37 I was using the bytes in \|data\| to determine the o Show quoted text On 2016/03/03 00:16:35, DaleCurtis wrote: > Why restrict to size here? Seems you want to keep reading and just use i/8 for > your read or skip check? DetermineNumBits() could also take bits remaining and > clamp so that you don't need l.35. to l.39 I was using the bytes in \|data\| to determine the operation to do. I didn't want to read off the end of \|data\|. However, I've switched it to use a random number generator, so this is no longer an issue. Note that now the data bytes are not really used (other than to generate the random number seed).
	23 uint8_t value = data[i];

	24 if (value < 128) {

	25 // Read up to 32 bits. This may fail if there is not enough bits
	DaleCurtis 2016/03/03 00:16:35 Why 32 instead of say 64? Why 32 instead of say 64? jrummell 2016/03/03 23:21:38 Updated to use a bigger range. Show quoted text On 2016/03/03 00:16:35, DaleCurtis wrote: > Why 32 instead of say 64? Updated to use a bigger range.
	26 // remaining, but it doesn't matter (testing for failures is also good).

	27 uint32_t data;

	28 reader.ReadBits(DetermineNumBits(value), &data);

	29 } else {

	30 // Skip up to 32 bits. As above, this may fail.

	31 reader.SkipBits(DetermineNumBits(value));

	32 }

	33 }

	34

	35 // It is possible that we didn't get all the way through the bits, so

	36 // skip over whatever is left.

	37 if (reader.bits_available() > 0)

	38 reader.SkipBits(reader.bits_available());

	39

	40 return 0;

	41 }

OLD	NEW

« no previous file with comments | « media/base/BUILD.gn ('k') | no next file » | no next file with comments »