Bug 1373843: Add a libfuzzer test for the stun parser; r=decoder

MozReview-Commit-ID: BWUnBIMhT5C

--HG--
extra : rebase_source : 8d8c6de040601621f5f64c8a7cf5a99486ae9879

media/mtransport/fuzztest/moz.build

@@ -0,0 +1,29 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Library('FuzzingStun')
+
+DEFINES['HAVE_STRDUP'] = True
+
+LOCAL_INCLUDES += [
+  '/ipc/chromium/src',
+  '/media/mtransport',
+  '/media/mtransport/third_party/nICEr/src/net',
+  '/media/mtransport/third_party/nICEr/src/stun',
+  '/media/mtransport/third_party/nrappkit/src/event',
+  '/media/mtransport/third_party/nrappkit/src/log',
+  '/media/mtransport/third_party/nrappkit/src/plugin',
+  '/media/mtransport/third_party/nrappkit/src/port/darwin/include',
+  '/media/mtransport/third_party/nrappkit/src/share',
+  '/media/mtransport/third_party/nrappkit/src/stats',
+  '/media/mtransport/third_party/nrappkit/src/util/libekr',
+]
+
+SOURCES += [
+    'stun_parser_libfuzz.cpp',
+]
+
+FINAL_LIBRARY = 'xul-gtest'

media/mtransport/fuzztest/stun_parser_libfuzz.cpp

@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <string>
+
+#include "gtest/gtest.h"
+
+#include "FuzzingInterface.h"
+#include "LibFuzzerRegistry.h"
+
+extern "C" {
+#include <csi_platform.h>
+#include "stun_msg.h"
+#include "stun_codec.h"
+}
+
+int FuzzingInitStunParser(int *argc, char ***argv) {
+  return 0;
+}
+
+static int
+RunStunParserFuzzing(const uint8_t* data, size_t size) {
+  nr_stun_message *req = 0;
+
+  UCHAR* mes = (UCHAR*)data;
+
+  nr_stun_message_create2(&req, mes, size);
+
+  nr_stun_decode_message(req, nullptr, nullptr);
+
+  nr_stun_message_destroy(&req);
+
+  return 0;
+}
+
+MOZ_FUZZING_INTERFACE_RAW(FuzzingInitStunParser, RunStunParserFuzzing, StunParser);

media/mtransport/moz.build

@@ -14,3 +14,13 @@ DIRS += [
     '/media/mtransport/build',
     '/media/mtransport/ipc',
 ]
+
+if CONFIG['FUZZING']:
+    if CONFIG['LIBFUZZER']:
+        # Add trace-pc coverage for libfuzzer
+        CFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+        CXXFLAGS += ['-fsanitize-coverage=trace-pc-guard']
+
+    TEST_DIRS += [
+        'fuzztest'
+    ]