diff mbox series

[FFmpeg-devel,1/3] tools/target_dec_fuzzer: Call avcodec_flush_buffers() in a fuzzer choosen pattern

Message ID 20201115012948.1201-1-jamrial@gmail.com
State Accepted
Commit cb59cd346656376975a1ee87e60e1ea9c3d29ceb
Headers show
Series [FFmpeg-devel,1/3] tools/target_dec_fuzzer: Call avcodec_flush_buffers() in a fuzzer choosen pattern | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished

Commit Message

James Almer Nov. 15, 2020, 1:29 a.m. UTC 
From: Michael Niedermayer <michael@niedermayer.cc>

This should increase coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
---
 tools/target_dec_fuzzer.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

James Almer Nov. 19, 2020, 1:51 p.m. UTC | #1 
On 11/14/2020 10:29 PM, James Almer wrote:
> From: Michael Niedermayer <michael@niedermayer.cc>
> 
> This should increase coverage
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> Signed-off-by: James Almer <jamrial@gmail.com>

Ping for set.

> ---
>   tools/target_dec_fuzzer.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index 4eb59bd296..11530cbf79 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -110,6 +110,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>                             const AVPacket *avpkt) = NULL;
>       AVCodecParserContext *parser = NULL;
>       uint64_t keyframes = 0;
> +    uint64_t flushpattern = -1;
>       AVDictionary *opts = NULL;
>   
>       if (!c) {
> @@ -239,6 +240,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>           ctx->request_channel_layout             = bytestream2_get_le64(&gbc);
>   
>           ctx->idct_algo                          = bytestream2_get_byte(&gbc) % 25;
> +        flushpattern                            = bytestream2_get_le64(&gbc);
>   
>           if (flags & 0x20) {
>               switch (ctx->codec_id) {
> @@ -332,6 +334,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>                   av_packet_move_ref(&avpkt, &parsepkt);
>               }
>   
> +          if (!(flushpattern & 7))
> +              avcodec_flush_buffers(ctx);
> +          flushpattern = (flushpattern >> 3) + (flushpattern << 61);
> +
>             // Iterate through all data
>             while (avpkt.size > 0 && it++ < maxiteration) {
>               av_frame_unref(frame);
>
Michael Niedermayer Nov. 20, 2020, 10:44 a.m. UTC | #2 
On Thu, Nov 19, 2020 at 10:51:36AM -0300, James Almer wrote:
> On 11/14/2020 10:29 PM, James Almer wrote:
> > From: Michael Niedermayer <michael@niedermayer.cc>
> > 
> > This should increase coverage
> > 
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > Signed-off-by: James Almer <jamrial@gmail.com>
> 
> Ping for set.

probably ok

thx

[...]
James Almer Nov. 20, 2020, 3:45 p.m. UTC | #3 
On 11/20/2020 7:44 AM, Michael Niedermayer wrote:
> On Thu, Nov 19, 2020 at 10:51:36AM -0300, James Almer wrote:
>> On 11/14/2020 10:29 PM, James Almer wrote:
>>> From: Michael Niedermayer <michael@niedermayer.cc>
>>>
>>> This should increase coverage
>>>
>>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>>> Signed-off-by: James Almer <jamrial@gmail.com>
>>
>> Ping for set.
> 
> probably ok
> 
> thx

Pushed the first two patches.

Thanks.
diff mbox series

Patch

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 4eb59bd296..11530cbf79 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -110,6 +110,7 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
                           const AVPacket *avpkt) = NULL;
     AVCodecParserContext *parser = NULL;
     uint64_t keyframes = 0;
+    uint64_t flushpattern = -1;
     AVDictionary *opts = NULL;
 
     if (!c) {
@@ -239,6 +240,7 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         ctx->request_channel_layout             = bytestream2_get_le64(&gbc);
 
         ctx->idct_algo                          = bytestream2_get_byte(&gbc) % 25;
+        flushpattern                            = bytestream2_get_le64(&gbc);
 
         if (flags & 0x20) {
             switch (ctx->codec_id) {
@@ -332,6 +334,10 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
                 av_packet_move_ref(&avpkt, &parsepkt);
             }
 
+          if (!(flushpattern & 7))
+              avcodec_flush_buffers(ctx);
+          flushpattern = (flushpattern >> 3) + (flushpattern << 61);
+
           // Iterate through all data
           while (avpkt.size > 0 && it++ < maxiteration) {
             av_frame_unref(frame);