fuzzer: some progress

versatica · Dec 14, 2018 · c65fbb2 · c65fbb2
1 parent 7ddd000
commit c65fbb2
Show file tree

Hide file tree

Showing 17 changed files with 1,263 additions and 87 deletions.
diff --git a/Makefile b/Makefile
diff --git a/doc/Building.md b/doc/Building.md
@@ -5,7 +5,7 @@ This document is intended for **mediasoup** developers.
 
 ## Makefile
 
-The root folder of the project contains a `Makefile` to build the mediasoup worker subproject (under the `worker/` folder).
+The `worker` folder contains a `Makefile` to build the mediasoup worker subproject.
 
 ### `make`
 
@@ -66,10 +66,6 @@ $ npm install -g gulp-cli
 
 The default task runs the `gulp:lint` and `gulp:test` tasks.
 
-### `gulp rtpcapabilities`
-
-Reads **mediasoup** [supported RTP capabilities](https://github.com/versatica/mediasoup/blob/master/lib/supportedRtpCapabilities.js) and inserts them into the worker C++ code. After that, `make Release` and/or `make Debug` must be called.
-
 ### `gulp lint`
 
 Runs both the `lint:node` and `lint:worker` gulp tasks.

diff --git a/gulpfile.js b/gulpfile.js
@@ -100,7 +100,7 @@ gulp.task('tidy:worker', gulp.series('tidy:worker:prepare', 'tidy:worker:run'));
 
 gulp.task('test:node', shell.task(
 	[
-		'if type make &> /dev/null; then make; fi',
+		'if type make &> /dev/null; then make -C worker; fi',
 		`tap --bail --color --reporter=spec ${nodeTests.join(' ')}`
 	],
 	{
@@ -112,7 +112,7 @@ gulp.task('test:node', shell.task(
 gulp.task('test:worker', shell.task(
 	[
 		'./worker/deps/lcov/bin/lcov --directory ./ --zerocounters',
-		'if type make &> /dev/null; then make test; fi',
+		'if type make &> /dev/null; then make test -C worker; fi',
 		`cd worker && ./out/${process.env.MEDIASOUP_BUILDTYPE === 'Debug' ?
 			'Debug' : 'Release'}/mediasoup-worker-test --invisibles --use-colour=yes ` +
 		`${process.env.MEDIASOUP_TEST_TAGS || ''}`

diff --git a/package.json b/package.json
@@ -52,6 +52,6 @@
   "scripts": {
     "lint": "gulp lint",
     "test": "gulp test",
-    "postinstall": "make Release"
+    "postinstall": "make Release -C worker"
   }
 }
diff --git a/worker/Makefile b/worker/Makefile
@@ -0,0 +1,77 @@
+#
+# make tasks for mediasoup-worker.
+#
+
+# Best effort to get Python 2 executable and also allow custom PYTHON
+# environment variable set by the user.
+PYTHON ?= $(shell command -v python2 2> /dev/null || echo python)
+
+.PHONY:	\
+	default Release Debug test test-Release test-Debug fuzzer-run \
+	fuzzer-docker-build fuzzer-docker-run xcode clean clean-all
+
+default:
+ifeq ($(MEDIASOUP_BUILDTYPE),Debug)
+	make Debug
+else
+	make Release
+endif
+
+Release:
+	$(PYTHON) ./scripts/configure.py -R mediasoup-worker
+	$(MAKE) BUILDTYPE=Release -C out
+
+Debug:
+	$(PYTHON) ./scripts/configure.py -R mediasoup-worker
+	$(MAKE) BUILDTYPE=Debug -C out
+
+test:
+ifeq ($(MEDIASOUP_BUILDTYPE),Debug)
+	make test-Debug
+else
+	make test-Release
+endif
+
+test-Release:
+	$(PYTHON) ./scripts/configure.py -R mediasoup-worker-test
+	$(MAKE) BUILDTYPE=Release -C out
+
+test-Debug:
+	$(PYTHON) ./scripts/configure.py -R mediasoup-worker-test
+	$(MAKE) BUILDTYPE=Debug -C out
+
+xcode:
+	$(PYTHON) ./scripts/configure.py --format=xcode
+
+fuzzer-run:
+	$(PYTHON) ./scripts/configure.py -R mediasoup-worker-fuzzer
+	$(MAKE) BUILDTYPE=Fuzzer -C out
+
+fuzzer-docker-build:
+ifeq ($(DOCKER_NO_CACHE),true)
+	docker build -f fuzzer/Dockerfile --no-cache --tag mediasoup/fuzzer:latest .
+else
+	docker build -f fuzzer/Dockerfile --tag mediasoup/fuzzer:latest .
+endif
+
+# TODO: Remove the volume. Not needed.
+fuzzer-docker-run:
+	docker run --name=mediasoupFuzzer -v $(shell pwd)/fuzzer/deleteme:/volume -it --rm mediasoup/fuzzer:latest
+
+# docker exec mediasoupFuzzer CC=clang CXX=clang++ make fuzzer-run
+
+clean:
+	$(RM) -rf out/Release/mediasoup-worker
+	$(RM) -rf out/Release/obj.target/mediasoup-worker
+	$(RM) -rf out/Release/mediasoup-worker-test
+	$(RM) -rf out/Release/obj.target/mediasoup-worker-test
+	$(RM) -rf out/Debug/mediasoup-worker
+	$(RM) -rf out/Debug/obj.target/mediasoup-worker
+	$(RM) -rf out/Debug/mediasoup-worker-test
+	$(RM) -rf out/Debug/obj.target/mediasoup-worker-test
+
+clean-all:
+	$(RM) -rf out
+	$(RM) -rf worker/mediasoup-worker.xcodeproj
+	$(RM) -rf worker/mediasoup-worker-test.xcodeproj
+	$(RM) -rf worker/deps/*/*.xcodeproj
diff --git a/worker/common.gypi b/worker/common.gypi
@@ -31,6 +31,11 @@
         {
           'GCC_OPTIMIZATION_LEVEL': '0'
         }
+      },
+      'Fuzzer':
+      {
+        'defines': [ 'DEBUG' ],
+        'cflags': [ '-g', '-O0', '-fsanitize=address,fuzzer' ]
       }
     },
 

diff --git a/worker/fuzzer/Dockerfile b/worker/fuzzer/Dockerfile
@@ -0,0 +1,35 @@
+FROM ubuntu:16.04
+
+# Install dependencies.
+RUN \
+	set -x \
+	&& apt-get update \
+	&& apt-get install --yes \
+	   wget curl subversion screen gcc g++ cmake ninja-build golang autoconf \
+	   libtool apache2 python-dev pkg-config zlib1g-dev libgcrypt11-dev \
+	   libgss-dev libssl-dev libxml2-dev ragel nasm libarchive-dev make \
+	   automake libdbus-1-dev libboost-dev autoconf-archive
+
+WORKDIR /mediasoup/worker
+
+# Install clang 7.0.0.
+COPY deps/clang-fuzzer/bin /usr/local/bin
+COPY deps/clang-fuzzer/lib/clang /usr/local/lib/clang
+
+# Copy mediasoup source code.
+COPY src src
+COPY include include
+COPY deps deps
+COPY scripts scripts
+COPY fuzzer fuzzer
+COPY Makefile Makefile
+COPY mediasoup-worker.gyp mediasoup-worker.gyp
+COPY common.gypi common.gypi
+COPY fips.gypi fips.gypi
+
+ENV LANG="C.UTF-8"
+ENV CC="clang"
+ENV CXX="clang++"
+
+# CMD ["/bin/bash"]
+CMD ["make", "fuzzer-run"]
diff --git a/worker/fuzzer/deleteme/a.out b/worker/fuzzer/deleteme/a.out
diff --git a/worker/fuzzer/deleteme/fuzzer.sh b/worker/fuzzer/deleteme/fuzzer.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -e
+set -x
+
+echo ">>> compiling fuzzer binary..."
+
+clang++ \
+	-std=c++11 \
+	-D MS_LITTLE_ENDIAN \
+	-g \
+	-fsanitize=address,fuzzer \
+	-I include \
+	fuzzers/fuzz-RtpPacket.cpp src/RTC/RtpPacket.cpp
+
+echo ">>> running fuzzer..."
+
+./a.out
diff --git a/worker/fuzzer/deleteme/fuzzers/fuzz-RtpPacket.cpp b/worker/fuzzer/deleteme/fuzzers/fuzz-RtpPacket.cpp
@@ -0,0 +1,66 @@
+// clang++ -std=c++11 -D MS_LITTLE_ENDIAN -g -fsanitize=address,fuzzer -I include fuzzers/fuzz-RtpPacket.cpp src/RTC/RtpPacket.cpp && ./a.out
+
+#include "RTC/RtpPacket.hpp"
+#include <stdint.h>
+#include <stddef.h>
+#include <iostream>
+
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len)
+{
+	// RTC::RtpPacket::IsRtp(data, len);
+	RTC::RtpPacket* packet = RTC::RtpPacket::Parse(data, len);
+
+	if (packet)
+	{
+		// std::cout << "It is a RTP packet" << std::endl;
+		// std::cout << "o";
+
+		// RTC::RtpPacket* packet2 = RTC::RtpPacket::CreateProbationPacket(data, len);
+		// if (packet2)
+		// {
+		// 	std::cout << "packet2 probation created!" << std::endl;
+		// 	delete packet2;
+		// }
+
+		delete packet;
+	}
+	else
+	{
+		// std::cout << "It is NOT a RTP packet !!!" << std::endl;
+		// std::cout << ".";
+	}
+
+	return 0;
+}
+
+
+
+
+// int main(int argc, char* argv[])
+// {
+// 	uint8_t data[] =
+// 	{
+// 		0b10010000, 0b00000001, 0, 8,
+// 		0, 0, 0, 4,
+// 		0, 0, 0, 5,
+// 		0xBE, 0xDE, 0, 3, // Extension header
+// 		0b00010000, 0xFF, 0b00100001, 0xFF,
+// 		0xFF, 0, 0, 0b00110011,
+// 		0xFF, 0xFF, 0xFF, 0xFF
+// 	};
+
+// 	bool ret = RTC::RtpPacket::IsRtp(data, sizeof(data));
+
+// 	if (ret)
+// 	{
+// 		std::cout << "It is a RTP packet" << std::endl;
+// 		return 0;
+// 	}
+// 	else
+// 	{
+// 		std::cout << "It is NOT a RTP packet !!!" << std::endl;
+// 		return 123;
+// 	}
+// }