Index: media/base/bit_reader_fuzzertest.cc |
diff --git a/media/base/bit_reader_fuzzertest.cc b/media/base/bit_reader_fuzzertest.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..6599b7eeb148b91794393df097e77c9e2793c3f1 |
--- /dev/null |
+++ b/media/base/bit_reader_fuzzertest.cc |
@@ -0,0 +1,41 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include <stddef.h> |
+ |
+#include "base/numerics/safe_conversions.h" |
+#include "media/base/bit_reader.h" |
+ |
+// Given |value|, return a number between 1 and 32. |
+static int DetermineNumBits(uint8_t value) { |
+ return (value % 32) + 1; |
+} |
+ |
+// Entry point for LibFuzzer. |
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
+ media::BitReader reader(data, base::checked_cast<int>(size)); |
+ |
+ // Read and skip through the data. Since we want the test to be repeatable |
+ // for a given input, use the values in |data| to determine how many bits |
+ // to read/skip until the end of the stream (which should fail). |
+ for (size_t i = 0; i < size && reader.bits_available(); ++i) { |
DaleCurtis
2016/03/03 00:16:35
Why restrict to size here? Seems you want to keep
jrummell
2016/03/03 23:21:37
I was using the bytes in |data| to determine the o
|
+ uint8_t value = data[i]; |
+ if (value < 128) { |
+ // Read up to 32 bits. This may fail if there is not enough bits |
DaleCurtis
2016/03/03 00:16:35
Why 32 instead of say 64?
jrummell
2016/03/03 23:21:38
Updated to use a bigger range.
|
+ // remaining, but it doesn't matter (testing for failures is also good). |
+ uint32_t data; |
+ reader.ReadBits(DetermineNumBits(value), &data); |
+ } else { |
+ // Skip up to 32 bits. As above, this may fail. |
+ reader.SkipBits(DetermineNumBits(value)); |
+ } |
+ } |
+ |
+ // It is possible that we didn't get all the way through the bits, so |
+ // skip over whatever is left. |
+ if (reader.bits_available() > 0) |
+ reader.SkipBits(reader.bits_available()); |
+ |
+ return 0; |
+} |