xref: /aosp_15_r20/external/openscreen/cast/streaming/compound_rtcp_parser_fuzzer.cc (revision 3f982cf4871df8771c9d4abe6e9a6f8d829b2736) 
1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include <stdint.h>
6 
7 #include "cast/streaming/compound_rtcp_parser.h"
8 #include "cast/streaming/frame_id.h"
9 #include "cast/streaming/rtcp_session.h"
10 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)11 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12   using openscreen::cast::CompoundRtcpParser;
13   using openscreen::cast::FrameId;
14   using openscreen::cast::RtcpSession;
15   using openscreen::cast::Ssrc;
16 
17   constexpr Ssrc kSenderSsrcInSeedCorpus = 1;
18   constexpr Ssrc kReceiverSsrcInSeedCorpus = 2;
19 
20   class ClientThatIgnoresEverything : public CompoundRtcpParser::Client {
21    public:
22     ClientThatIgnoresEverything() = default;
23     ~ClientThatIgnoresEverything() override = default;
24   };
25   // Allocate the RtcpSession and CompoundRtcpParser statically (i.e., one-time
26   // init) to improve the fuzzer's execution rate. This is because RtcpSession
27   // also contains a NtpTimeConverter, which samples the system clock at
28   // construction time. There is no reason to re-construct these objects for
29   // each fuzzer test input.
30 #pragma clang diagnostic push
31 #pragma clang diagnostic ignored "-Wexit-time-destructors"
32   static RtcpSession session(kSenderSsrcInSeedCorpus, kReceiverSsrcInSeedCorpus,
33                              openscreen::Clock::time_point{});
34   static ClientThatIgnoresEverything client_that_ignores_everything;
35   static CompoundRtcpParser parser(&session, &client_that_ignores_everything);
36 #pragma clang diagnostic pop
37 
38   const auto max_feedback_frame_id = FrameId::first() + 100;
39   parser.Parse(absl::Span<const uint8_t>(data, size), max_feedback_frame_id);
40 
41   return 0;
42 }
43 
44 #if defined(NEEDS_MAIN_TO_CALL_FUZZER_DRIVER)
45 
46 // Forward declarations of Clang's built-in libFuzzer driver.
47 namespace fuzzer {
48 using TestOneInputCallback = int (*)(const uint8_t* data, size_t size);
49 int FuzzerDriver(int* argc, char*** argv, TestOneInputCallback callback);
50 }  // namespace fuzzer
51 
main(int argc,char * argv[])52 int main(int argc, char* argv[]) {
53   return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput);
54 }
55 
56 #endif  // defined(NEEDS_MAIN_TO_CALL_FUZZER_DRIVER)
57