diff mbox series

[FFmpeg-devel,1/2] tools/target_dec_fuzzer: Disable MB debug after a few iterations

Message ID 20211003133606.30712-1-michael@niedermayer.cc
State Accepted
Commit 76c41a5bfeceb6d4a5c656abe41791f08c3b011c
Headers show
Series [FFmpeg-devel,1/2] tools/target_dec_fuzzer: Disable MB debug after a few iterations | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Michael Niedermayer Oct. 3, 2021, 1:36 p.m. UTC 
This debug code can be quite slow on constructed streams

Fixes: Timeout
Fixes: 38907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6334628852531200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Michael Niedermayer Nov. 29, 2021, 3:01 p.m. UTC | #1 
On Sun, Oct 03, 2021 at 03:36:05PM +0200, Michael Niedermayer wrote:
> This debug code can be quite slow on constructed streams
> 
> Fixes: Timeout
> Fixes: 38907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6334628852531200
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  tools/target_dec_fuzzer.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)

will apply patchset

[...]
diff mbox series

Patch

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 88002316916..d56d856d51a 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -391,8 +391,10 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
               decode_more = ret >= 0;
               if(!decode_more) {
                     ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
-                    if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
+                    if (it > 20 || ec_pixels > 4 * ctx->max_pixels) {
                         ctx->error_concealment = 0;
+                        ctx->debug &= ~(FF_DEBUG_SKIP | FF_DEBUG_QP | FF_DEBUG_MB_TYPE);
+                    }
                     if (ec_pixels > maxpixels)
                         goto maximums_reached;
               }
@@ -405,8 +407,10 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             int ret = decode_handler(ctx, frame, &got_frame, avpkt);
 
             ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
-            if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
+            if (it > 20 || ec_pixels > 4 * ctx->max_pixels) {
                 ctx->error_concealment = 0;
+                ctx->debug &= ~(FF_DEBUG_SKIP | FF_DEBUG_QP | FF_DEBUG_MB_TYPE);
+            }
             if (ec_pixels > maxpixels)
                 goto maximums_reached;