| Message ID | 20210531052911.44543-1-vedaa@riseup.net |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,PATCHv6] fate/integer.c: Connect test to fuzzer | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
On Mon, May 31, 2021 at 10:59:11AM +0530, Vedaa wrote: > Hi, > > I have added checks so that only positive numbers are passed to the > function, and limited the bits read to 24-bits. This has stopped the > fuzzer from terminating. > --- > Makefile | 2 ++ > libavutil/tests/integer.c | 21 ++---------------- > libavutil/tests/integer.h | 45 +++++++++++++++++++++++++++++++++++++++ > tools/Makefile | 3 +++ > tools/target_int_fuzzer.c | 38 +++++++++++++++++++++++++++++++++ > 5 files changed, 90 insertions(+), 19 deletions(-) > create mode 100644 libavutil/tests/integer.h > create mode 100644 tools/target_int_fuzzer.c > > diff --git a/Makefile b/Makefile > index 1e3da6271b..651133eb1a 100644 > --- a/Makefile > +++ b/Makefile > @@ -61,6 +61,8 @@ tools/target_dem_fuzzer$(EXESUF): tools/target_dem_fuzzer.o $(FF_DEP_LIBS) > tools/target_io_dem_fuzzer$(EXESUF): tools/target_io_dem_fuzzer.o $(FF_DEP_LIBS) > $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH) > > +tools/target_int_fuzzer$(EXESUF): tools/target_int_fuzzer.o $(FF_DEP_LIBS) > + $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH) > > tools/enum_options$(EXESUF): ELIBS = $(FF_EXTRALIBS) > tools/enum_options$(EXESUF): $(FF_DEP_LIBS) > diff --git a/libavutil/tests/integer.c b/libavutil/tests/integer.c > index d2c8f2a903..02e1d9219c 100644 > --- a/libavutil/tests/integer.c > +++ b/libavutil/tests/integer.c > @@ -18,31 +18,14 @@ > * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA > */ > > -#include <stdint.h> > - > -#include "libavutil/avassert.h" > -#include "libavutil/integer.h" > -#include "libavutil/intmath.h" > +#include "libavutil/tests/integer.h" > > int main(void){ > int64_t a,b; > > for(a=7; a<256*256*256; a+=13215){ > for(b=3; b<256*256*256; b+=27118){ > - AVInteger ai= av_int2i(a); > - AVInteger bi= av_int2i(b); > - > - av_assert0(av_i2int(ai) == a); > - av_assert0(av_i2int(bi) == b); > - av_assert0(av_i2int(av_add_i(ai,bi)) == a+b); > - av_assert0(av_i2int(av_sub_i(ai,bi)) == a-b); > - av_assert0(av_i2int(av_mul_i(ai,bi)) == a*b); > - av_assert0(av_i2int(av_shr_i(ai, 9)) == a>>9); > - av_assert0(av_i2int(av_shr_i(ai,-9)) == a<<9); > - av_assert0(av_i2int(av_shr_i(ai, 17)) == a>>17); > - av_assert0(av_i2int(av_shr_i(ai,-17)) == a<<17); > - av_assert0(av_log2_i(ai) == av_log2(a)); > - av_assert0(av_i2int(av_div_i(ai,bi)) == a/b); > + TestInteger(a,b); > } > } > return 0; > diff --git a/libavutil/tests/integer.h b/libavutil/tests/integer.h > new file mode 100644 > index 0000000000..1e28c29787 > --- /dev/null > +++ b/libavutil/tests/integer.h > @@ -0,0 +1,45 @@ > +/* > + * Copyright (c) 2004 Michael Niedermayer <michaelni@gmx.at> > + * > + * This file is part of FFmpeg. > + * > + * FFmpeg is free software; you can redistribute it and/or > + * modify it under the terms of the GNU Lesser General Public > + * License as published by the Free Software Foundation; either > + * version 2.1 of the License, or (at your option) any later version. > + * > + * FFmpeg is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + * Lesser General Public License for more details. > + * > + * You should have received a copy of the GNU Lesser General Public > + * License along with FFmpeg; if not, write to the Free Software > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA > + */ > +#ifndef AVUTIL_TESTS_INTEGER_H > +#define AVUTIL_TESTS_INTEGER_H > + > +#include <stdint.h> > +#include "libavutil/avassert.h" > +#include "libavutil/integer.h" > +#include "libavutil/intmath.h" > + > +static inline void TestInteger(int64_t a, int64_t b) > +{ > + AVInteger ai= av_int2i(a); > + AVInteger bi= av_int2i(b); > + > + av_assert0(av_i2int(ai) == a); > + av_assert0(av_i2int(bi) == b); > + av_assert0(av_i2int(av_add_i(ai,bi)) == a+b); > + av_assert0(av_i2int(av_sub_i(ai,bi)) == a-b); > + av_assert0(av_i2int(av_mul_i(ai,bi)) == a*b); > + av_assert0(av_i2int(av_shr_i(ai, 9)) == a>>9); > + av_assert0(av_i2int(av_shr_i(ai,-9)) == a<<9); > + av_assert0(av_i2int(av_shr_i(ai, 17)) == a>>17); > + av_assert0(av_i2int(av_shr_i(ai,-17)) == a<<17); > + av_assert0(av_log2_i(ai) == av_log2(a)); > + av_assert0(av_i2int(av_div_i(ai,bi)) == a/b); > +} > +#endif /* AVUTIL_TESTS_INTEGER_H */ > diff --git a/tools/Makefile b/tools/Makefile > index 82baa8eadb..fde7f08984 100644 [...] > +#include "libavutil/tests/integer.h" > +#include "libavutil/intreadwrite.h" > + > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); > + > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { > + if (size < 3 * sizeof(int16_t)) > + return 1; > + > + int64_t a,b,mult; > + mult = AV_RB8(data); > + a = AV_RB16(data + sizeof(int8_t)) * mult; > + b = AV_RB16(data+sizeof(int8_t) + sizeof(int16_t)) * mult; that looks a bit strange > + if (a <= 0 || b <= 0 ) > + return 1; maybe using the same input for all cases was not a good idea, it seems to lead to quite some restrictions. While the fuzzer should be able to reach the whole range that is supported even if another operation has a smaller range. Maybe each operation should have its own independant input and cover the whole range each supports thx [...]
diff --git a/Makefile b/Makefile index 1e3da6271b..651133eb1a 100644 --- a/Makefile +++ b/Makefile @@ -61,6 +61,8 @@ tools/target_dem_fuzzer$(EXESUF): tools/target_dem_fuzzer.o $(FF_DEP_LIBS) tools/target_io_dem_fuzzer$(EXESUF): tools/target_io_dem_fuzzer.o $(FF_DEP_LIBS) $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH) +tools/target_int_fuzzer$(EXESUF): tools/target_int_fuzzer.o $(FF_DEP_LIBS) + $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH) tools/enum_options$(EXESUF): ELIBS = $(FF_EXTRALIBS) tools/enum_options$(EXESUF): $(FF_DEP_LIBS) diff --git a/libavutil/tests/integer.c b/libavutil/tests/integer.c index d2c8f2a903..02e1d9219c 100644 --- a/libavutil/tests/integer.c +++ b/libavutil/tests/integer.c @@ -18,31 +18,14 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#include <stdint.h> - -#include "libavutil/avassert.h" -#include "libavutil/integer.h" -#include "libavutil/intmath.h" +#include "libavutil/tests/integer.h" int main(void){ int64_t a,b; for(a=7; a<256*256*256; a+=13215){ for(b=3; b<256*256*256; b+=27118){ - AVInteger ai= av_int2i(a); - AVInteger bi= av_int2i(b); - - av_assert0(av_i2int(ai) == a); - av_assert0(av_i2int(bi) == b); - av_assert0(av_i2int(av_add_i(ai,bi)) == a+b); - av_assert0(av_i2int(av_sub_i(ai,bi)) == a-b); - av_assert0(av_i2int(av_mul_i(ai,bi)) == a*b); - av_assert0(av_i2int(av_shr_i(ai, 9)) == a>>9); - av_assert0(av_i2int(av_shr_i(ai,-9)) == a<<9); - av_assert0(av_i2int(av_shr_i(ai, 17)) == a>>17); - av_assert0(av_i2int(av_shr_i(ai,-17)) == a<<17); - av_assert0(av_log2_i(ai) == av_log2(a)); - av_assert0(av_i2int(av_div_i(ai,bi)) == a/b); + TestInteger(a,b); } } return 0; diff --git a/libavutil/tests/integer.h b/libavutil/tests/integer.h new file mode 100644 index 0000000000..1e28c29787 --- /dev/null +++ b/libavutil/tests/integer.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2004 Michael Niedermayer <michaelni@gmx.at> + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ +#ifndef AVUTIL_TESTS_INTEGER_H +#define AVUTIL_TESTS_INTEGER_H + +#include <stdint.h> +#include "libavutil/avassert.h" +#include "libavutil/integer.h" +#include "libavutil/intmath.h" + +static inline void TestInteger(int64_t a, int64_t b) +{ + AVInteger ai= av_int2i(a); + AVInteger bi= av_int2i(b); + + av_assert0(av_i2int(ai) == a); + av_assert0(av_i2int(bi) == b); + av_assert0(av_i2int(av_add_i(ai,bi)) == a+b); + av_assert0(av_i2int(av_sub_i(ai,bi)) == a-b); + av_assert0(av_i2int(av_mul_i(ai,bi)) == a*b); + av_assert0(av_i2int(av_shr_i(ai, 9)) == a>>9); + av_assert0(av_i2int(av_shr_i(ai,-9)) == a<<9); + av_assert0(av_i2int(av_shr_i(ai, 17)) == a>>17); + av_assert0(av_i2int(av_shr_i(ai,-17)) == a<<17); + av_assert0(av_log2_i(ai) == av_log2(a)); + av_assert0(av_i2int(av_div_i(ai,bi)) == a/b); +} +#endif /* AVUTIL_TESTS_INTEGER_H */ diff --git a/tools/Makefile b/tools/Makefile index 82baa8eadb..fde7f08984 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -17,6 +17,9 @@ tools/target_dem_fuzzer.o: tools/target_dem_fuzzer.c tools/target_io_dem_fuzzer.o: tools/target_dem_fuzzer.c $(COMPILE_C) -DIO_FLAT=0 +tools/target_int_fuzzer.o: tools/target_int_fuzzer.c + $(COMPILE_C) + OUTDIRS += tools clean:: diff --git a/tools/target_int_fuzzer.c b/tools/target_int_fuzzer.c new file mode 100644 index 0000000000..f2ec52bb0a --- /dev/null +++ b/tools/target_int_fuzzer.c @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2021 Vedaa <vedaa@riseup.net> + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "libavutil/tests/integer.h" +#include "libavutil/intreadwrite.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < 3 * sizeof(int16_t)) + return 1; + + int64_t a,b,mult; + mult = AV_RB8(data); + a = AV_RB16(data + sizeof(int8_t)) * mult; + b = AV_RB16(data+sizeof(int8_t) + sizeof(int16_t)) * mult; + if (a <= 0 || b <= 0 ) + return 1; + TestInteger(a,b); + return 0; +}