diff options
| author | Antoine SOULIER <103120622+asoulier@users.noreply.github.com> | 2023-07-07 10:39:48 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-07 10:39:48 -0700 |
| commit | a3c99d4664630f27414e3e4603a381627bda1c9c (patch) | |
| tree | ce409d8291b0de9bcd384dce0ebf77531c570c60 | |
| parent | 3d769309ffacb3c18b4a0bdd6b46544eb26bbfb2 (diff) | |
| parent | 5383f439caaf580393d1b39a3d3455690dbc54e2 (diff) | |
| download | liblc3-a3c99d4664630f27414e3e4603a381627bda1c9c.tar.gz | |
Merge pull request #32 from google/fuzzing
feature: Add fuzzing
| -rw-r--r-- | Makefile | 20 | ||||
| -rw-r--r-- | fuzz/dfuzz.cc | 64 | ||||
| -rw-r--r-- | fuzz/efuzz.cc | 117 | ||||
| -rw-r--r-- | fuzz/makefile.mk | 52 | ||||
| -rw-r--r-- | include/lc3_cpp.h | 1 |
5 files changed, 250 insertions, 4 deletions
@@ -61,13 +61,15 @@ endef define set-target $(eval $(1)_obj ?= $(patsubst %.c,%.o,$(filter %.c,$($(1)_src))) \ - $(patsubst %.s,%.o,$(filter %.s,$($(1)_src)))) + $(patsubst %.s,%.o,$(filter %.s,$($(1)_src))) \ + $(patsubst %.cc,%.o,$(filter %.cc,$($(1)_src)))) $(eval $(1)_obj := $(addprefix $(BUILD_DIR)/,$($(1)_obj))) $(eval $(1)_lib := $(foreach lib, $($(1)_lib), $($(lib)_bin))) - $($(1)_obj): INCLUDE += $($(1)_include) - $($(1)_obj): DEFINE += $($(1)_define) - $($(1)_obj): CFLAGS += $($(1)_cflags) + $($(1)_obj): INCLUDE += $($(1)_include) + $($(1)_obj): DEFINE += $($(1)_define) + $($(1)_obj): CFLAGS += $($(1)_cflags) + $($(1)_obj): CXXFLAGS += $($(1)_cxxflags) -include $($(1)_obj:.o=.d) @@ -94,6 +96,9 @@ TOOLS_DIR = tools TEST_DIR := test -include $(TEST_DIR)/makefile.mk +FUZZ_DIR := fuzz +-include $(FUZZ_DIR)/makefile.mk + # # Rules @@ -118,6 +123,13 @@ $(BUILD_DIR)/%.o: %.s $(MAKEFILE_DEPS) $(addprefix -I,$(INCLUDE)) \ $(addprefix -D,$(DEFINE)) -MMD -MF $(@:.o=.d) -o $@ +$(BUILD_DIR)/%.o: %.cc $(MAKEFILE_DEPS) + @echo " CXX $(notdir $<)" + $(V)mkdir -p $(dir $@) + $(V)$(CXX) $< -c $(CXXFLAGS) \ + $(addprefix -I,$(INCLUDE)) \ + $(addprefix -D,$(DEFINE)) -MMD -MF $(@:.o=.d) -o $@ + $(LIB): $(MAKEFILE_DEPS) @echo " AR $(notdir $@)" $(V)mkdir -p $(dir $@) diff --git a/fuzz/dfuzz.cc b/fuzz/dfuzz.cc new file mode 100644 index 0000000..c926d61 --- /dev/null +++ b/fuzz/dfuzz.cc @@ -0,0 +1,64 @@ +/****************************************************************************** + * + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + ******************************************************************************/ + +#include <lc3_cpp.h> +#include <fuzzer/FuzzedDataProvider.h> + +using namespace lc3; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + const int dt_list[] = { 7500, 10000 }; + const int sr_list[] = { 8000, 16000, 24000, 32000, 48000 }; + + FuzzedDataProvider fdp(data, size); + + int dt_us = fdp.PickValueInArray(dt_list); + int sr_hz = fdp.PickValueInArray(sr_list); + int nchannels =fdp.PickValueInArray({1, 2}); + + int sr_pcm_hz = fdp.PickValueInArray(sr_list); + if (sr_pcm_hz < sr_hz) + sr_pcm_hz = 0; + + Decoder dec(dt_us, sr_hz, sr_pcm_hz, nchannels); + + int frame_size = fdp.ConsumeIntegralInRange( + LC3_MIN_FRAME_BYTES, LC3_MAX_FRAME_BYTES); + + PcmFormat fmt = fdp.PickValueInArray( + { PcmFormat::kS16, PcmFormat::kS24, + PcmFormat::kS24In3Le, PcmFormat::kF32 }); + + int frame_samples = dec.GetFrameSamples(); + + int sample_bytes = + fmt == PcmFormat::kS16 ? sizeof(int16_t) : + fmt == PcmFormat::kS24 ? sizeof(int32_t) : + fmt == PcmFormat::kS24In3Le ? sizeof(uint8_t) * 3 : + fmt == PcmFormat::kF32 ? sizeof(float) : 0; + + if (fdp.remaining_bytes() < frame_size * nchannels) + return -1; + + dec.Decode( + fdp.ConsumeBytes<uint8_t>(nchannels * frame_size).data(), frame_size, + fmt, std::vector<uint8_t>(nchannels * frame_samples * sample_bytes).data()); + + return 0; +} diff --git a/fuzz/efuzz.cc b/fuzz/efuzz.cc new file mode 100644 index 0000000..e79ef9c --- /dev/null +++ b/fuzz/efuzz.cc @@ -0,0 +1,117 @@ +/****************************************************************************** + * + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + ******************************************************************************/ + +#include <lc3_cpp.h> +#include <fuzzer/FuzzedDataProvider.h> + +using namespace lc3; + +template <typename T> +T ConsumeInRange(FuzzedDataProvider &fdp, T min, T max) { + return fdp.ConsumeIntegralInRange<T>(min, max); +} + +template <> +float ConsumeInRange(FuzzedDataProvider &fdp, float min, float max) { + return fdp.ConsumeFloatingPointInRange<float>(min, max); +} + +template <typename T> +int encode(Encoder &e, int nchannels, int frame_size, FuzzedDataProvider &fdp, + T min = std::numeric_limits<T>::min(), T max = std::numeric_limits<T>::max()) +{ + int pcm_samples = nchannels * e.GetFrameSamples(); + if (fdp.remaining_bytes() < pcm_samples * sizeof(T)) + return -1; + + std::vector<T> pcm(pcm_samples); + for (auto &s: pcm) + s = ConsumeInRange<T>(fdp, min, max); + + e.Encode(pcm.data(), + frame_size, std::vector<uint8_t>(nchannels * frame_size).data()); + + return 0; +} + +int encode(Encoder &e, int frame_size, int nchannels, + PcmFormat fmt, FuzzedDataProvider &fdp) +{ + int sample_bytes = + fmt == PcmFormat::kS16 ? sizeof(int16_t) : + fmt == PcmFormat::kS24 ? sizeof(int32_t) : + fmt == PcmFormat::kS24In3Le ? sizeof(uint8_t) * 3 : + fmt == PcmFormat::kF32 ? sizeof(float) : 0; + + int pcm_bytes = nchannels * e.GetFrameSamples() * sample_bytes; + if (fdp.remaining_bytes() < pcm_bytes) + return -1; + + e.Encode(fmt, fdp.ConsumeBytes<uint8_t>(pcm_bytes).data(), + frame_size, std::vector<uint8_t>(nchannels * frame_size).data()); + + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + const int dt_list[] = { 7500, 10000 }; + const int sr_list[] = { 8000, 16000, 24000, 32000, 48000 }; + + FuzzedDataProvider fdp(data, size); + + int dt_us = fdp.PickValueInArray(dt_list); + int sr_hz = fdp.PickValueInArray(sr_list); + int nchannels = fdp.PickValueInArray({1, 2}); + + int sr_pcm_hz = fdp.PickValueInArray(sr_list); + if (sr_pcm_hz < sr_hz) + sr_pcm_hz = 0; + + Encoder enc(dt_us, sr_hz, sr_pcm_hz, nchannels); + + PcmFormat fmt = fdp.PickValueInArray( + { PcmFormat::kS16, PcmFormat::kS24, + PcmFormat::kS24In3Le, PcmFormat::kF32 }); + + int frame_size = fdp.ConsumeIntegralInRange( + LC3_MIN_FRAME_BYTES, LC3_MAX_FRAME_BYTES); + + switch (fmt) { + + case PcmFormat::kS16: + return encode<int16_t>(enc, nchannels, frame_size, fdp); + + case PcmFormat::kS24: { + const int32_t s24_min = -(1 << 23); + const int32_t s24_max = (1 << 23) - 1; + return encode<int32_t>(enc, nchannels, frame_size, fdp, s24_min, s24_max); + } + + case PcmFormat::kF32: { + const float f32_min = -1.0; + const float f32_max = 1.0; + return encode<float>(enc, nchannels, frame_size, fdp, f32_min, f32_max); + } + + case PcmFormat::kS24In3Le: + return encode(enc, nchannels, frame_size, fmt, fdp); + } + + return 0; +} diff --git a/fuzz/makefile.mk b/fuzz/makefile.mk new file mode 100644 index 0000000..4c83de2 --- /dev/null +++ b/fuzz/makefile.mk @@ -0,0 +1,52 @@ +# +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +efuzz_src += \ + $(FUZZ_DIR)/efuzz.cc + +efuzz_lib += liblc3 +efuzz_ldlibs += m + +$(eval $(call add-bin,efuzz)) + + +dfuzz_src += \ + $(FUZZ_DIR)/dfuzz.cc + +dfuzz_lib += liblc3 +dfuzz_ldlibs += m + +$(eval $(call add-bin,dfuzz)) + + +.PHONY: fuzz dfuzz efuzz + +efuzz dfuzz: CC = clang +efuzz dfuzz: CXX = clang++ +efuzz dfuzz: LD = clang + +FUZZER_SANITIZE := -fsanitize=fuzzer,address +efuzz dfuzz: CFLAGS += $(FUZZER_SANITIZE) +efuzz dfuzz: CXXFLAGS += $(FUZZER_SANITIZE) +efuzz dfuzz: LDFLAGS += $(FUZZER_SANITIZE) + +dfuzz: + $(V)$(dfuzz_bin) -runs=1000000 + +efuzz: + $(V)$(efuzz_bin) -runs=1000000 + +fuzz: efuzz dfuzz diff --git a/include/lc3_cpp.h b/include/lc3_cpp.h index 1aac6d8..acd3d0b 100644 --- a/include/lc3_cpp.h +++ b/include/lc3_cpp.h @@ -26,6 +26,7 @@ #include <cassert> #include <memory> #include <vector> +#include <stdlib.h> #include "lc3.h" |