[FFmpeg-devel] tools/target_dec_fuzzer: Limit error concealment on pixels instead of just frames

Submitted by Michael Niedermayer on May 17, 2019, 8:57 a.m.

Details

Message ID 20190517085753.2758-1-michael@niedermayer.cc
State Accepted
Commit 0a2b768d3ecca32d496da1393406bebcab7680e2
Headers show

Commit Message

Michael Niedermayer May 17, 2019, 8:57 a.m.
This should reduce the amount of timeout issues overall

Fixes: Timeout (34->10sec)
Fixes: 14682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5728608414334976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Michael Niedermayer June 5, 2019, 11:02 a.m.
On Fri, May 17, 2019 at 10:57:53AM +0200, Michael Niedermayer wrote:
> This should reduce the amount of timeout issues overall
> 
> Fixes: Timeout (34->10sec)
> Fixes: 14682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5728608414334976
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  tools/target_dec_fuzzer.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

will apply


[...]

Patch hide | download patch | download mbox

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 2a6d525b73..4f51b70b65 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -137,6 +137,7 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     const uint8_t *last = data;
     const uint8_t *end = data + size;
     uint32_t it = 0;
+    uint64_t ec_pixels = 0;
     int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture,
                           int *got_picture_ptr,
                           const AVPacket *avpkt) = NULL;
@@ -244,7 +245,8 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             av_frame_unref(frame);
             int ret = decode_handler(ctx, frame, &got_frame, &avpkt);
 
-            if (it > 20)
+            ec_pixels += ctx->width * ctx->height;
+            if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
                 ctx->error_concealment = 0;
 
             if (ret <= 0 || ret > avpkt.size)