[FFmpeg-devel,4/4] tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags

This should improve coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 4 ++++
 1 file changed, 4 insertions(+)

On 10/12/2019 5:34 PM, Michael Niedermayer wrote:
> This should improve coverage
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  tools/target_dec_fuzzer.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index 0047c9eed6..4d03151735 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>                            int *got_picture_ptr,
>                            const AVPacket *avpkt) = NULL;
>      AVCodecParserContext *parser = NULL;
> +    uint64_t keyframes = 0;
>  
>  
>      if (!c) {
> @@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>          ctx->channels                           = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
>          ctx->block_align                        = bytestream2_get_le32(&gbc);
>          ctx->codec_tag                          = bytestream2_get_le32(&gbc);
> +        keyframes                               = bytestream2_get_le64(&gbc);
>  
>          if (extradata_size < size) {
>              ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
> @@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>          if (res < 0)
>              error("Failed memory allocation");
>          memcpy(parsepkt.data, last, data - last);
> +        parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (keyframes & 2)/2 * AV_PKT_FLAG_KEY;

Doing !!(keyframes & 2) may communicate the intent more clearly, IMO.

> +        keyframes = (keyframes >> 2) + (keyframes<<62);
>          data += sizeof(fuzz_tag);
>          last = data;
>  
>

On Sat, Oct 12, 2019 at 06:00:39PM -0300, James Almer wrote:
> On 10/12/2019 5:34 PM, Michael Niedermayer wrote:
> > This should improve coverage
> > 
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  tools/target_dec_fuzzer.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> > index 0047c9eed6..4d03151735 100644
> > --- a/tools/target_dec_fuzzer.c
> > +++ b/tools/target_dec_fuzzer.c
> > @@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> >                            int *got_picture_ptr,
> >                            const AVPacket *avpkt) = NULL;
> >      AVCodecParserContext *parser = NULL;
> > +    uint64_t keyframes = 0;
> >  
> >  
> >      if (!c) {
> > @@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> >          ctx->channels                           = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
> >          ctx->block_align                        = bytestream2_get_le32(&gbc);
> >          ctx->codec_tag                          = bytestream2_get_le32(&gbc);
> > +        keyframes                               = bytestream2_get_le64(&gbc);
> >  
> >          if (extradata_size < size) {
> >              ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
> > @@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> >          if (res < 0)
> >              error("Failed memory allocation");
> >          memcpy(parsepkt.data, last, data - last);
> > +        parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (keyframes & 2)/2 * AV_PKT_FLAG_KEY;
> 
> Doing !!(keyframes & 2) may communicate the intent more clearly, IMO.

will apply with that change
thx

[...]