| Message ID | 20190517085753.2758-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 0a2b768d3ecca32d496da1393406bebcab7680e2 |
| Headers | show |
On Fri, May 17, 2019 at 10:57:53AM +0200, Michael Niedermayer wrote: > This should reduce the amount of timeout issues overall > > Fixes: Timeout (34->10sec) > Fixes: 14682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5728608414334976 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > tools/target_dec_fuzzer.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) will apply [...]
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 2a6d525b73..4f51b70b65 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -137,6 +137,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { const uint8_t *last = data; const uint8_t *end = data + size; uint32_t it = 0; + uint64_t ec_pixels = 0; int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture, int *got_picture_ptr, const AVPacket *avpkt) = NULL; @@ -244,7 +245,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { av_frame_unref(frame); int ret = decode_handler(ctx, frame, &got_frame, &avpkt); - if (it > 20) + ec_pixels += ctx->width * ctx->height; + if (it > 20 || ec_pixels > 4 * ctx->max_pixels) ctx->error_concealment = 0; if (ret <= 0 || ret > avpkt.size)
This should reduce the amount of timeout issues overall Fixes: Timeout (34->10sec) Fixes: 14682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5728608414334976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_dec_fuzzer.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)