1# Fuzzer for extractors 2 3## Table of contents 4+ [libextractorfuzzerbase](#ExtractorFuzzerBase) 5+ [libmp4extractor](#mp4ExtractorFuzzer) 6+ [libwavextractor](#wavExtractorFuzzer) 7+ [libamrextractor](#amrExtractorFuzzer) 8+ [libmkvextractor](#mkvExtractorFuzzer) 9+ [liboggextractor](#oggExtractorFuzzer) 10+ [libmpeg2extractor](#mpeg2ExtractorFuzzer) 11+ [libmp3extractor](#mp3ExtractorFuzzer) 12+ [libaacextractor](#aacExtractorFuzzer) 13+ [libflacextractor](#flacExtractor) 14 15# <a name="ExtractorFuzzerBase"></a> Fuzzer for libextractorfuzzerbase 16All the extractors have a common API - creating a data source, extraction 17of all the tracks, etc. These common APIs have been abstracted in a base class 18called `ExtractorFuzzerBase` to ensure code is reused between fuzzer plugins. 19 20Additionally, `ExtractorFuzzerBase` also has support for memory based buffer 21`BufferSource` since the fuzzing engine feeds data using memory buffers and 22usage of standard data source objects like FileSource, HTTPSource, etc. is 23not feasible. 24 25# <a name="mp4ExtractorFuzzer"></a> Fuzzer for libmp4extractor 26 27## Plugin Design Considerations 28The fuzzer plugin for MP4 extractor uses the `ExtractorFuzzerBase` class and 29implements only the `createExtractor` to create the MP4 extractor class. 30 31##### Maximize code coverage 32Dict file (dictionary file) is created for MP4 to ensure that the required MP4 33atoms are present in every input file that goes to the fuzzer. 34This ensures that larger code gets covered as a range of MP4 atoms will be 35present in the input data. 36 37 38## Build 39 40This describes steps to build mp4_extractor_fuzzer binary. 41 42### Android 43 44#### Steps to build 45Build the fuzzer 46``` 47 $ mm -j$(nproc) mp4_extractor_fuzzer 48``` 49 50#### Steps to run 51Create a directory CORPUS_DIR and copy some MP4 files to that folder 52Push this directory to device. 53 54To run on device 55``` 56 $ adb sync data 57 $ adb shell /data/fuzz/arm64/mp4_extractor_fuzzer/mp4_extractor_fuzzer CORPUS_DIR 58``` 59 60# <a name="wavExtractorFuzzer"></a> Fuzzer for libwavextractor 61 62## Plugin Design Considerations 63The fuzzer plugin for WAV extractor uses the `ExtractorFuzzerBase` class and 64implements only the `createExtractor` to create the WAV extractor class. 65 66 67## Build 68 69This describes steps to build wav_extractor_fuzzer binary. 70 71### Android 72 73#### Steps to build 74Build the fuzzer 75``` 76 $ mm -j$(nproc) wav_extractor_fuzzer 77``` 78 79#### Steps to run 80Create a directory CORPUS_DIR and copy some wav files to that folder 81Push this directory to device. 82 83To run on device 84``` 85 $ adb sync data 86 $ adb shell /data/fuzz/arm64/wav_extractor_fuzzer/wav_extractor_fuzzer CORPUS_DIR 87``` 88 89# <a name="amrExtractorFuzzer"></a> Fuzzer for libamrextractor 90 91## Plugin Design Considerations 92The fuzzer plugin for AMR extractor uses the `ExtractorFuzzerBase` class and 93implements only the `createExtractor` to create the AMR extractor class. 94 95##### Maximize code coverage 96Dict file (dictionary file) is created for AMR to ensure that the required start 97bytes are present in every input file that goes to the fuzzer. 98This ensures that larger code gets covered. 99 100 101## Build 102 103This describes steps to build amr_extractor_fuzzer binary. 104 105### Android 106 107#### Steps to build 108Build the fuzzer 109``` 110 $ mm -j$(nproc) amr_extractor_fuzzer 111``` 112 113#### Steps to run 114Create a directory CORPUS_DIR and copy some AMR files to that folder 115Push this directory to device. 116 117To run on device 118``` 119 $ adb sync data 120 $ adb shell /data/fuzz/arm64/amr_extractor_fuzzer/amr_extractor_fuzzer CORPUS_DIR 121``` 122 123# <a name="mkvExtractorFuzzer"></a> Fuzzer for libmkvextractor 124 125## Plugin Design Considerations 126The fuzzer plugin for MKV extractor uses the `ExtractorFuzzerBase` class and 127implements only the `createExtractor` to create the MKV extractor class. 128 129##### Maximize code coverage 130Dict file (dictionary file) is created for MKV to ensure that the required element 131ID's are present in every input file that goes to the fuzzer. 132This ensures that larger code gets covered. 133 134 135## Build 136 137This describes steps to build mkv_extractor_fuzzer binary. 138 139### Android 140 141#### Steps to build 142Build the fuzzer 143``` 144 $ mm -j$(nproc) mkv_extractor_fuzzer 145``` 146 147#### Steps to run 148Create a directory CORPUS_DIR and copy some mkv files to that folder. 149Push this directory to device. 150 151To run on device 152``` 153 $ adb sync data 154 $ adb shell /data/fuzz/arm64/mkv_extractor_fuzzer/mkv_extractor_fuzzer CORPUS_DIR 155``` 156 157# <a name="oggExtractorFuzzer"></a> Fuzzer for liboggextractor 158 159## Plugin Design Considerations 160The fuzzer plugin for OGG extractor uses the `ExtractorFuzzerBase` class and 161implements only the `createExtractor` to create the OGG extractor object. 162 163##### Maximize code coverage 164Dict file (dictionary file) is created for OGG to ensure that the required start 165bytes are present in every input file that goes to the fuzzer. 166This ensures that larger code gets covered. 167 168 169## Build 170 171This describes steps to build ogg_extractor_fuzzer binary. 172 173### Android 174 175#### Steps to build 176Build the fuzzer 177``` 178 $ mm -j$(nproc) ogg_extractor_fuzzer 179``` 180 181#### Steps to run 182Create a directory CORPUS_DIR and copy some ogg files to that folder. 183Push this directory to device. 184 185To run on device 186``` 187 $ adb sync data 188 $ adb shell /data/fuzz/arm64/ogg_extractor_fuzzer/ogg_extractor_fuzzer CORPUS_DIR 189``` 190 191# <a name="mpeg2ExtractorFuzzer"></a> Fuzzer for libmpeg2extractor 192 193## Plugin Design Considerations 194The fuzzer plugins for MPEG2-PS and MPEG2-TS extractor use the `ExtractorFuzzerBase` class and 195implement only the `createExtractor` to create the MPEG2-PS or MPEG2-TS extractor 196object respectively. 197 198##### Maximize code coverage 199Dict files (dictionary files) are created for MPEG2-PS and MPEG2-TS to ensure that the 200required start bytes are present in every input file that goes to the fuzzer. 201This ensures that larger code gets covered. 202 203##### Other considerations 204Two fuzzer binaries - mpeg2ps_extractor_fuzzer and mpeg2ts_extractor_fuzzer are 205generated based on the presence of a flag - `MPEG2PS` 206 207 208## Build 209 210This describes steps to build mpeg2ps_extractor_fuzzer and mpeg2ts_extractor_fuzzer binary. 211 212### Android 213 214#### Steps to build 215Build the fuzzer 216``` 217 $ mm -j$(nproc) mpeg2ps_extractor_fuzzer 218 $ mm -j$(nproc) mpeg2ts_extractor_fuzzer 219``` 220 221#### Steps to run 222Create a directory CORPUS_DIR and copy some mpeg2 files to that folder 223Push this directory to device. 224 225To run on device 226``` 227 $ adb sync data 228 $ adb shell /data/fuzz/arm64/mpeg2ps_extractor_fuzzer/mpeg2ps_extractor_fuzzer CORPUS_DIR 229 $ adb shell /data/fuzz/arm64/mpeg2ts_extractor_fuzzer/mpeg2ts_extractor_fuzzer CORPUS_DIR 230``` 231 232# <a name="mp3ExtractorFuzzer"></a> Fuzzer for libmp3extractor 233 234## Plugin Design Considerations 235The fuzzer plugin for MP3 extractor uses the `ExtractorFuzzerBase` class and 236implements only the `createExtractor` to create the MP3 extractor class. 237 238 239## Build 240 241This describes steps to build mp3_extractor_fuzzer binary. 242 243### Android 244 245#### Steps to build 246Build the fuzzer 247``` 248 $ mm -j$(nproc) mp3_extractor_fuzzer 249``` 250 251#### Steps to run 252Create a directory CORPUS_DIR and copy some mp3 files to that folder 253Push this directory to device. 254 255To run on device 256``` 257 $ adb sync data 258 $ adb shell /data/fuzz/arm64/mp3_extractor_fuzzer/mp3_extractor_fuzzer CORPUS_DIR 259``` 260 261# <a name="aacExtractorFuzzer"></a> Fuzzer for libaacextractor 262 263## Plugin Design Considerations 264The fuzzer plugin for AAC extractor uses the `ExtractorFuzzerBase` class and 265implements only the `createExtractor` to create the AAC extractor class. 266 267 268## Build 269 270This describes steps to build aac_extractor_fuzzer binary. 271 272### Android 273 274#### Steps to build 275Build the fuzzer 276``` 277 $ mm -j$(nproc) aac_extractor_fuzzer 278``` 279 280#### Steps to run 281Create a directory CORPUS_DIR and copy some aac files to that folder 282Push this directory to device. 283 284To run on device 285``` 286 $ adb sync data 287 $ adb shell /data/fuzz/arm64/aac_extractor_fuzzer/aac_extractor_fuzzer CORPUS_DIR 288``` 289 290# <a name="flacExtractor"></a> Fuzzer for libflacextractor 291 292## Plugin Design Considerations 293The fuzzer plugin for FLAC extractor uses the `ExtractorFuzzerBase` class and 294implements only the `createExtractor` to create the FLAC extractor object. 295 296##### Maximize code coverage 297Dict file (dictionary file) is created for FLAC to ensure that the required start 298bytes are present in every input file that goes to the fuzzer. 299This ensures that larger code gets covered. 300 301 302## Build 303 304This describes steps to build flac_extractor_fuzzer binary. 305 306### Android 307 308#### Steps to build 309Build the fuzzer 310``` 311 $ mm -j$(nproc) flac_extractor_fuzzer 312``` 313 314#### Steps to run 315Create a directory CORPUS_DIR and copy some flac files to that folder 316Push this directory to device. 317 318To run on device 319``` 320 $ adb sync data 321 $ adb shell /data/fuzz/arm64/flac_extractor_fuzzer/flac_extractor_fuzzer CORPUS_DIR 322``` 323 324## References: 325 * http://llvm.org/docs/LibFuzzer.html 326 * https://github.com/google/oss-fuzz 327