From 8df714ff1ef196a05e3952d4788afbd4e8fa5752 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?kleines=20Filmr=C3=B6llchen?= Date: Wed, 28 Jun 2023 15:47:24 +0200 Subject: [PATCH] Meta/Fuzzers: Extract common audio fuzzing code Apart from the class used audio fuzzers have identical behavior: Create a memory stream from the fuzzer input and pass this to the loader, then try to load audio until an error occurs. Since the loader plugins need to have the same static create() function anyways for LibAudio itself, we can unify the fuzzer implementations and reduce code duplication. --- Meta/Lagom/Fuzzers/AudioFuzzerCommon.h | 39 ++++++++++++++++++++++++++ Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp | 25 ++--------------- Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp | 24 ++-------------- Meta/Lagom/Fuzzers/FuzzQOALoader.cpp | 23 ++------------- Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp | 25 ++--------------- 5 files changed, 50 insertions(+), 86 deletions(-) create mode 100644 Meta/Lagom/Fuzzers/AudioFuzzerCommon.h diff --git a/Meta/Lagom/Fuzzers/AudioFuzzerCommon.h b/Meta/Lagom/Fuzzers/AudioFuzzerCommon.h new file mode 100644 index 0000000000..b06a1377db --- /dev/null +++ b/Meta/Lagom/Fuzzers/AudioFuzzerCommon.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2022, Luke Wilde + * Copyright (c) 2023, kleines Filmröllchen + * Copyright (c) 2021-2023, the SerenityOS developers. + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include +#include +#include +#include +#include + +template +requires(IsBaseOf) +int fuzz_audio_loader(uint8_t const* data, size_t size) +{ + auto const bytes = ReadonlyBytes { data, size }; + auto stream = try_make(bytes).release_value(); + auto audio_or_error = LoaderPluginType::create(move(stream)); + + if (audio_or_error.is_error()) + return 0; + + auto audio = audio_or_error.release_value(); + + for (;;) { + auto samples = audio->load_chunks(4 * KiB); + if (samples.is_error()) + return 0; + if (samples.value().size() == 0) + break; + } + + return 0; +} diff --git a/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp b/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp index 271fbd9a79..bae6ed0be8 100644 --- a/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp @@ -1,32 +1,13 @@ /* - * Copyright (c) 2021, Luke Wilde + * Copyright (c) 2023, kleines Filmröllchen * * SPDX-License-Identifier: BSD-2-Clause */ -#include +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const flac_bytes = ByteBuffer::copy(data, size).release_value(); - auto flac_data = try_make(flac_bytes).release_value(); - auto flac_or_error = Audio::FlacLoaderPlugin::create(move(flac_data)); - - if (flac_or_error.is_error()) - return 0; - - auto flac = flac_or_error.release_value(); - - for (;;) { - auto samples = flac->load_chunks(10 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); } diff --git a/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp b/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp index 0edcc0b9e6..e904cffcba 100644 --- a/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp @@ -1,31 +1,13 @@ /* - * Copyright (c) 2022, Luke Wilde + * Copyright (c) 2023, kleines Filmröllchen * * SPDX-License-Identifier: BSD-2-Clause */ +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const mp3_bytes = ByteBuffer::copy(data, size).release_value(); - auto mp3_data = try_make(mp3_bytes).release_value(); - auto mp3_or_error = Audio::MP3LoaderPlugin::create(move(mp3_data)); - - if (mp3_or_error.is_error()) - return 0; - - auto mp3 = mp3_or_error.release_value(); - - for (;;) { - auto samples = mp3->load_chunks(1 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); } diff --git a/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp b/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp index ef250afdc7..b8f810edcf 100644 --- a/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp @@ -4,29 +4,10 @@ * SPDX-License-Identifier: BSD-2-Clause */ -#include +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const qoa_bytes = ByteBuffer::copy(data, size).release_value(); - auto qoa_data = try_make(qoa_bytes).release_value(); - auto qoa_or_error = Audio::QOALoaderPlugin::create(move(qoa_data)); - - if (qoa_or_error.is_error()) - return 0; - - auto qoa = qoa_or_error.release_value(); - - for (;;) { - auto samples = qoa->load_chunks(5 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); } diff --git a/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp b/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp index ad892681ef..33e3c6503d 100644 --- a/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp @@ -1,32 +1,13 @@ /* - * Copyright (c) 2021, the SerenityOS developers. + * Copyright (c) 2023, kleines Filmröllchen * * SPDX-License-Identifier: BSD-2-Clause */ -#include +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const wav_bytes = ByteBuffer::copy(data, size).release_value(); - auto wav_data = try_make(wav_bytes).release_value(); - auto wav_or_error = Audio::WavLoaderPlugin::create(move(wav_data)); - - if (wav_or_error.is_error()) - return 0; - - auto wav = wav_or_error.release_value(); - - for (;;) { - auto samples = wav->load_chunks(4 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); }