Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 71cdbdcf authored by Ayushi Khopkar's avatar Ayushi Khopkar
Browse files

Added mpeg2ps_extractor_fuzzer and mpeg2ts_extractor_fuzzer 

Test: ./mpeg2ps_extractor_fuzzer
Test: ./mpeg2ts_extractor_fuzzer
Bug: 151789773

Change-Id: I9450d6a2302c9d46176b9f82e068a41bb02eff64
parent ca7174de

media/extractors/fuzzers/Android.bp

+82 −0
Original line number Diff line number Diff line
@@ -201,6 +201,88 @@ cc_fuzz { 
    dictionary: "ogg_extractor_fuzzer.dict",

}



cc_fuzz {

    name: "mpeg2ps_extractor_fuzzer",



    srcs: [

        "mpeg2_extractor_fuzzer.cpp",

    ],



    include_dirs: [

        "frameworks/av/media/extractors/mpeg2",

        "frameworks/av/media/libstagefright",

    ],



    static_libs: [

        "liblog",

        "libstagefright_foundation_without_imemory",

        "libmedia",

        "libextractorfuzzerbase",

        "libstagefright_mpeg2support",

        "libstagefright_mpeg2extractor",

        "libstagefright_esds",

        "libmpeg2extractor",

    ],



    cflags: [

        "-DMPEG2PS",

    ],



    shared_libs: [

        "libutils",

        "libmediandk",

        "libbinder",

        "android.hardware.cas@1.0",

        "android.hardware.cas.native@1.0",

        "android.hidl.token@1.0-utils",

        "android.hidl.allocator@1.0",

        "libcrypto",

        "libhidlmemory",

        "libhidlbase",

    ],



    dictionary: "mpeg2ps_extractor_fuzzer.dict",

}



cc_fuzz {

    name: "mpeg2ts_extractor_fuzzer",



    srcs: [

        "mpeg2_extractor_fuzzer.cpp",

    ],



    include_dirs: [

        "frameworks/av/media/extractors/mpeg2",

        "frameworks/av/media/libstagefright",

    ],



    static_libs: [

        "liblog",

        "libstagefright_foundation_without_imemory",

        "libmedia",

        "libextractorfuzzerbase",

        "libstagefright_mpeg2support",

        "libstagefright_mpeg2extractor",

        "libstagefright_esds",

        "libmpeg2extractor",

    ],



    shared_libs: [

        "libutils",

        "libmediandk",

        "libbinder",

        "android.hardware.cas@1.0",

        "android.hardware.cas.native@1.0",

        "android.hidl.token@1.0-utils",

        "android.hidl.allocator@1.0",

        "libcrypto",

        "libhidlmemory",

        "libhidlbase",

    ],



    dictionary: "mpeg2ts_extractor_fuzzer.dict",

}



cc_fuzz {

    name: "mp3_extractor_fuzzer",

media/extractors/fuzzers/README.md

+42 −0
Original line number Diff line number Diff line
@@ -7,6 +7,7 @@ 
+ [libamrextractor](#amrExtractorFuzzer)

+ [libmkvextractor](#mkvExtractorFuzzer)

+ [liboggextractor](#oggExtractorFuzzer)

+ [libmpeg2extractor](#mpeg2ExtractorFuzzer)

+ [libmp3extractor](#mp3ExtractorFuzzer)

+ [libaacextractor](#aacExtractorFuzzer)
@@ -186,6 +187,47 @@ To run on device 
  $ adb shell /data/fuzz/arm64/ogg_extractor_fuzzer/ogg_extractor_fuzzer CORPUS_DIR

```



# <a name="mpeg2ExtractorFuzzer"></a> Fuzzer for libmpeg2extractor



## Plugin Design Considerations

The fuzzer plugins for MPEG2-PS and MPEG2-TS extractor use the `ExtractorFuzzerBase` class and

implement only the `createExtractor` to create the MPEG2-PS or MPEG2-TS extractor

object respectively.



##### Maximize code coverage

Dict files (dictionary files) are created for MPEG2-PS and MPEG2-TS to ensure that the

required start bytes are present in every input file that goes to the fuzzer.

This ensures that larger code gets covered.



##### Other considerations

Two fuzzer binaries - mpeg2ps_extractor_fuzzer and mpeg2ts_extractor_fuzzer are

generated based on the presence of a flag - `MPEG2PS`





## Build



This describes steps to build mpeg2ps_extractor_fuzzer and mpeg2ts_extractor_fuzzer binary.



### Android



#### Steps to build

Build the fuzzer

```

  $ mm -j$(nproc) mpeg2ps_extractor_fuzzer

  $ mm -j$(nproc) mpeg2ts_extractor_fuzzer

```



#### Steps to run

Create a directory CORPUS_DIR and copy some mpeg2 files to that folder

Push this directory to device.



To run on device

```

  $ adb sync data

  $ adb shell /data/fuzz/arm64/mpeg2ps_extractor_fuzzer/mpeg2ps_extractor_fuzzer CORPUS_DIR

  $ adb shell /data/fuzz/arm64/mpeg2ts_extractor_fuzzer/mpeg2ts_extractor_fuzzer CORPUS_DIR

```



# <a name="mp3ExtractorFuzzer"></a> Fuzzer for libmp3extractor



## Plugin Design Considerations

media/extractors/fuzzers/mpeg2_extractor_fuzzer.cpp

0 → 100644
+70 −0
Original line number Diff line number Diff line 
/******************************************************************************

 *

 * Copyright (C) 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at:

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 *

 *****************************************************************************

 * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore

 */



#include "ExtractorFuzzerBase.h"



#ifdef MPEG2PS

#include "MPEG2PSExtractor.h"

#else

#include "MPEG2TSExtractor.h"

#endif



using namespace android;



class MPEG2Extractor : public ExtractorFuzzerBase {

 public:

  MPEG2Extractor() = default;

  ~MPEG2Extractor() = default;



  bool createExtractor();

};



bool MPEG2Extractor::createExtractor() {

#ifdef MPEG2PS

  mExtractor = new MPEG2PSExtractor(new DataSourceHelper(mDataSource->wrap()));

#else

  mExtractor = new MPEG2TSExtractor(new DataSourceHelper(mDataSource->wrap()));

#endif

  if (!mExtractor) {

    return false;

  }

  mExtractor->name();

  return true;

}



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  if ((!data) || (size == 0)) {

    return 0;

  }

  MPEG2Extractor* extractor = new MPEG2Extractor();

  if (!extractor) {

    return 0;

  }

  if (extractor->setDataSource(data, size)) {

    if (extractor->createExtractor()) {

      extractor->getExtractorDef();

      extractor->extractTracks();

      extractor->extractTracks();

      extractor->getTracksMetadata();

    }

  }

  delete extractor;

  return 0;

}

media/extractors/fuzzers/mpeg2ps_extractor_fuzzer.dict

0 → 100644
+2 −0
Original line number Diff line number Diff line 
# Start code (bytes 0-3)

kw1="\x00\x00\x01\xBA"

media/extractors/fuzzers/mpeg2ts_extractor_fuzzer.dict

0 → 100644
+2 −0
Original line number Diff line number Diff line 
# Start byte

kw1="\x47"