1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
|
#include <stdint.h>
#include <stddef.h>
#include <stdlib.h>
#include <glib.h>
#include "../src/debug.h"
#include "../src/utils.h"
#include "../src/rtp.h"
int janus_log_level = LOG_NONE;
gboolean janus_log_timestamps = FALSE;
gboolean janus_log_colors = FALSE;
char *janus_log_global_prefix = NULL;
int lock_debug = 0;
/* This is to avoid linking with openSSL */
int RAND_bytes(uint8_t *key, int len) {
return 0;
}
/* Clone libsrtp srtp_validate_rtp_header */
#define octets_in_rtp_header 12
#define uint32s_in_rtp_header 3
#define octets_in_rtp_extn_hdr 4
static int srtp_validate_rtp_header(char *data, int pkt_octet_len) {
if (pkt_octet_len < octets_in_rtp_header)
return -1;
janus_rtp_header *hdr = (janus_rtp_header *)data;
/* Check RTP header length */
int rtp_header_len = octets_in_rtp_header + 4 * hdr->csrccount;
if (hdr->extension == 1)
rtp_header_len += octets_in_rtp_extn_hdr;
if (pkt_octet_len < rtp_header_len)
return -1;
/* Verifing profile length. */
if (hdr->extension == 1) {
janus_rtp_header_extension *xtn_hdr =
(janus_rtp_header_extension *)((uint32_t *)hdr + uint32s_in_rtp_header +
hdr->csrccount);
int profile_len = ntohs(xtn_hdr->length);
rtp_header_len += profile_len * 4;
/* profile length counts the number of 32-bit words */
if (pkt_octet_len < rtp_header_len)
return -1;
}
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* Sanity Checks */
/* Max UDP payload with MTU=1500 */
if (size > 1472) return 0;
/* libnice checks that a packet length is positive */
if (size <= 0) return 0;
/* Janus checks for a minimum packet length
* and the RTP header type value */
if (!janus_is_rtp((char *)data, size)) return 0;
char sdes_item[16];
janus_rtp_header_extension_parse_rid((char *)data, size, 1, sdes_item, sizeof(sdes_item));
janus_rtp_header_extension_parse_mid((char *)data, size, 1, sdes_item, sizeof(sdes_item));
/* Do same checks that libsrtp does */
if (srtp_validate_rtp_header((char *)data, size) < 0) return 0;
/* RTP extensions parsers */
guint16 transport_seq_num;
gboolean c, f, r1, r0;
uint8_t dd[256];
int sizedd = sizeof(dd);
janus_rtp_header_extension_parse_audio_level((char *)data, size, 1, NULL, NULL);
janus_rtp_header_extension_parse_playout_delay((char *)data, size, 1, NULL, NULL);
janus_rtp_header_extension_parse_transport_wide_cc((char *)data, size, 1, &transport_seq_num);
janus_rtp_header_extension_parse_abs_sent_time((char *)data, size, 1, NULL);
janus_rtp_header_extension_parse_video_orientation((char * )data, size, 1, &c, &f, &r1, &r0);
janus_rtp_header_extension_parse_dependency_desc((char *)data, size, 1, (uint8_t *)&dd, &sizedd);
/* Extract codec payload */
int plen = 0;
char *payload = janus_rtp_payload((char *)data, size, &plen);
if (!payload) return 0;
/* Make a copy of payload */
char copy_payload[plen];
memcpy(copy_payload, payload, plen);
/* H.264 targets */
janus_h264_is_keyframe(payload, plen);
/* VP8 targets */
gboolean m = FALSE;
uint16_t picid = 0;
uint8_t tlzi = 0, tid = 0, ybit = 0, keyidx = 0;
janus_vp8_simulcast_context vp8_context;
memset(&vp8_context, 0, sizeof(janus_vp8_simulcast_context));
janus_vp8_is_keyframe(payload, plen);
janus_vp8_parse_descriptor(payload, plen, &m, &picid, &tlzi, &tid, &ybit, &keyidx);
janus_vp8_simulcast_descriptor_update(copy_payload, plen, &vp8_context, TRUE);
/* VP9 targets */
int found = 0;
janus_vp9_svc_info info;
janus_vp9_is_keyframe(payload, plen);
janus_vp9_parse_svc(payload, plen, &found, &info);
/* Free resources */
return 0;
}
|