From 8df714ff1ef196a05e3952d4788afbd4e8fa5752 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?kleines=20Filmr=C3=B6llchen?= Date: Wed, 28 Jun 2023 15:47:24 +0200 Subject: [PATCH] Meta/Fuzzers: Extract common audio fuzzing code Apart from the class used audio fuzzers have identical behavior: Create a memory stream from the fuzzer input and pass this to the loader, then try to load audio until an error occurs. Since the loader plugins need to have the same static create() function anyways for LibAudio itself, we can unify the fuzzer implementations and reduce code duplication. --- Meta/Lagom/Fuzzers/AudioFuzzerCommon.h | 39 ++++++++++++++++++++++++++ Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp | 25 ++--------------- Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp | 24 ++-------------- Meta/Lagom/Fuzzers/FuzzQOALoader.cpp | 23 ++------------- Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp | 25 ++--------------- 5 files changed, 50 insertions(+), 86 deletions(-) create mode 100644 Meta/Lagom/Fuzzers/AudioFuzzerCommon.h diff --git a/Meta/Lagom/Fuzzers/AudioFuzzerCommon.h b/Meta/Lagom/Fuzzers/AudioFuzzerCommon.h new file mode 100644 index 00000000000..b06a1377db0 --- /dev/null +++ b/Meta/Lagom/Fuzzers/AudioFuzzerCommon.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2022, Luke Wilde + * Copyright (c) 2023, kleines Filmröllchen + * Copyright (c) 2021-2023, the SerenityOS developers. + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include +#include +#include +#include +#include + +template +requires(IsBaseOf) +int fuzz_audio_loader(uint8_t const* data, size_t size) +{ + auto const bytes = ReadonlyBytes { data, size }; + auto stream = try_make(bytes).release_value(); + auto audio_or_error = LoaderPluginType::create(move(stream)); + + if (audio_or_error.is_error()) + return 0; + + auto audio = audio_or_error.release_value(); + + for (;;) { + auto samples = audio->load_chunks(4 * KiB); + if (samples.is_error()) + return 0; + if (samples.value().size() == 0) + break; + } + + return 0; +} diff --git a/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp b/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp index 271fbd9a799..bae6ed0be8f 100644 --- a/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzFlacLoader.cpp @@ -1,32 +1,13 @@ /* - * Copyright (c) 2021, Luke Wilde + * Copyright (c) 2023, kleines Filmröllchen * * SPDX-License-Identifier: BSD-2-Clause */ -#include +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const flac_bytes = ByteBuffer::copy(data, size).release_value(); - auto flac_data = try_make(flac_bytes).release_value(); - auto flac_or_error = Audio::FlacLoaderPlugin::create(move(flac_data)); - - if (flac_or_error.is_error()) - return 0; - - auto flac = flac_or_error.release_value(); - - for (;;) { - auto samples = flac->load_chunks(10 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); } diff --git a/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp b/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp index 0edcc0b9e6b..e904cffcba4 100644 --- a/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzMP3Loader.cpp @@ -1,31 +1,13 @@ /* - * Copyright (c) 2022, Luke Wilde + * Copyright (c) 2023, kleines Filmröllchen * * SPDX-License-Identifier: BSD-2-Clause */ +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const mp3_bytes = ByteBuffer::copy(data, size).release_value(); - auto mp3_data = try_make(mp3_bytes).release_value(); - auto mp3_or_error = Audio::MP3LoaderPlugin::create(move(mp3_data)); - - if (mp3_or_error.is_error()) - return 0; - - auto mp3 = mp3_or_error.release_value(); - - for (;;) { - auto samples = mp3->load_chunks(1 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); } diff --git a/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp b/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp index ef250afdc7e..b8f810edcf2 100644 --- a/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzQOALoader.cpp @@ -4,29 +4,10 @@ * SPDX-License-Identifier: BSD-2-Clause */ -#include +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const qoa_bytes = ByteBuffer::copy(data, size).release_value(); - auto qoa_data = try_make(qoa_bytes).release_value(); - auto qoa_or_error = Audio::QOALoaderPlugin::create(move(qoa_data)); - - if (qoa_or_error.is_error()) - return 0; - - auto qoa = qoa_or_error.release_value(); - - for (;;) { - auto samples = qoa->load_chunks(5 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); } diff --git a/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp b/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp index ad892681efa..33e3c6503df 100644 --- a/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp +++ b/Meta/Lagom/Fuzzers/FuzzWAVLoader.cpp @@ -1,32 +1,13 @@ /* - * Copyright (c) 2021, the SerenityOS developers. + * Copyright (c) 2023, kleines Filmröllchen * * SPDX-License-Identifier: BSD-2-Clause */ -#include +#include "AudioFuzzerCommon.h" #include -#include -#include extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) { - auto const wav_bytes = ByteBuffer::copy(data, size).release_value(); - auto wav_data = try_make(wav_bytes).release_value(); - auto wav_or_error = Audio::WavLoaderPlugin::create(move(wav_data)); - - if (wav_or_error.is_error()) - return 0; - - auto wav = wav_or_error.release_value(); - - for (;;) { - auto samples = wav->load_chunks(4 * KiB); - if (samples.is_error()) - return 0; - if (samples.value().size() == 0) - break; - } - - return 0; + return fuzz_audio_loader(data, size); }