1 /*
2  *  Copyright (c) 2017 The WebRTC project authors. All Rights Reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef TEST_FUZZERS_FUZZ_DATA_HELPER_H_
12 #define TEST_FUZZERS_FUZZ_DATA_HELPER_H_
13 
14 #include <limits>
15 
16 #include "api/array_view.h"
17 #include "modules/rtp_rtcp/source/byte_io.h"
18 
19 namespace webrtc {
20 namespace test {
21 
22 // Helper class to take care of the fuzzer input, read from it, and keep track
23 // of when the end of the data has been reached.
24 class FuzzDataHelper {
25  public:
26   explicit FuzzDataHelper(rtc::ArrayView<const uint8_t> data);
27 
28   // Returns true if n bytes can be read.
CanReadBytes(size_t n)29   bool CanReadBytes(size_t n) const { return data_ix_ + n <= data_.size(); }
30 
31   // Reads and returns data of type T.
32   template <typename T>
Read()33   T Read() {
34     RTC_CHECK(CanReadBytes(sizeof(T)));
35     T x = ByteReader<T>::ReadLittleEndian(&data_[data_ix_]);
36     data_ix_ += sizeof(T);
37     return x;
38   }
39 
40   // Reads and returns data of type T. Returns default_value if not enough
41   // fuzzer input remains to read a T.
42   template <typename T>
ReadOrDefaultValue(T default_value)43   T ReadOrDefaultValue(T default_value) {
44     if (!CanReadBytes(sizeof(T))) {
45       return default_value;
46     }
47     return Read<T>();
48   }
49 
50   // Like ReadOrDefaultValue, but replaces the value 0 with default_value.
51   template <typename T>
ReadOrDefaultValueNotZero(T default_value)52   T ReadOrDefaultValueNotZero(T default_value) {
53     static_assert(std::is_integral<T>::value, "");
54     T x = ReadOrDefaultValue(default_value);
55     return x == 0 ? default_value : x;
56   }
57 
58   // Returns one of the elements from the provided input array. The selection
59   // is based on the fuzzer input data. If not enough fuzzer data is available,
60   // the method will return the first element in the input array. The reason for
61   // not flagging this as an error is to allow the method to be called from
62   // class constructors, and in constructors we typically do not handle
63   // errors. The code will work anyway, and the fuzzer will likely see that
64   // providing more data will actually make this method return something else.
65   template <typename T, size_t N>
SelectOneOf(const T (& select_from)[N])66   T SelectOneOf(const T (&select_from)[N]) {
67     static_assert(N <= std::numeric_limits<uint8_t>::max(), "");
68     // Read an index between 0 and select_from.size() - 1 from the fuzzer data.
69     uint8_t index = ReadOrDefaultValue<uint8_t>(0) % N;
70     return select_from[index];
71   }
72 
ReadByteArray(size_t bytes)73   rtc::ArrayView<const uint8_t> ReadByteArray(size_t bytes) {
74     if (!CanReadBytes(bytes)) {
75       return rtc::ArrayView<const uint8_t>(nullptr, 0);
76     }
77     const size_t index_to_return = data_ix_;
78     data_ix_ += bytes;
79     return data_.subview(index_to_return, bytes);
80   }
81 
82   // If sizeof(T) > BytesLeft then the remaining bytes will be used and the rest
83   // of the object will be zero initialized.
84   template <typename T>
CopyTo(T * object)85   void CopyTo(T* object) {
86     memset(object, 0, sizeof(T));
87 
88     size_t bytes_to_copy = std::min(BytesLeft(), sizeof(T));
89     memcpy(object, data_.data() + data_ix_, bytes_to_copy);
90     data_ix_ += bytes_to_copy;
91   }
92 
BytesRead()93   size_t BytesRead() const { return data_ix_; }
94 
BytesLeft()95   size_t BytesLeft() const { return data_.size() - data_ix_; }
96 
97  private:
98   rtc::ArrayView<const uint8_t> data_;
99   size_t data_ix_ = 0;
100 };
101 
102 }  // namespace test
103 }  // namespace webrtc
104 
105 #endif  // TEST_FUZZERS_FUZZ_DATA_HELPER_H_
106