media: Add fuzzer test for bit_reader

media/base/bit_reader_fuzzertest.cc

Index: media/base/bit_reader_fuzzertest.cc
diff --git a/media/base/bit_reader_fuzzertest.cc b/media/base/bit_reader_fuzzertest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..ce7853952d179864d235119eab5371d8821136de
--- /dev/null
+++ b/media/base/bit_reader_fuzzertest.cc
@@ -0,0 +1,36 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>

[mmoroz, 2016/03/09 10:20:48]

Could you please include <stdint.h> too? May be it looks a sort of redundant,
but we try to do it for all fuzzers to have |size_t| and |uint8_t| defined
independently on other headers included.

[jrummell, 2016/03/09 19:08:21]

Done.

+
+#include "base/hash.h"
+#include "base/numerics/safe_conversions.h"
+#include "media/base/bit_reader.h"
+#include "media/base/test_random.h"
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  media::BitReader reader(data, base::checked_cast<int>(size));
+
+  // Need a simple random number generator to generate the number of bits to
+  // read/skip in a reproducible way (given the same |data|). Using Hash() to
+  // ensure the seed varies significantly over minor changes in |data|.
+  media::TestRandom rnd(base::Hash(reinterpret_cast<const char*>(data), size));
+
+  // Read and skip through the data in |reader|.
+  while (reader.bits_available() > 0) {
+    if (rnd.Rand() & 1) {
+      // Read up to 64 bits. This may fail if there is not enough bits
+      // remaining, but it doesn't matter (testing for failures is also good).
+      uint64_t value;
+      if (!reader.ReadBits(rnd.Rand() % 64 + 1, &value))
+        break;
+    } else {
+      // Skip up to 128 bits. As above, this may fail.
+      if (!reader.SkipBits(rnd.Rand() % 128 + 1))
+        break;
+    }
+  }
+  return 0;
+}