From patchwork Fri Aug 30 16:39:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 14812 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 2EF67448D5F for ; Fri, 30 Aug 2019 19:39:28 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0FFE0687FA2; Fri, 30 Aug 2019 19:39:28 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qk1-f194.google.com (mail-qk1-f194.google.com [209.85.222.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 92B28687F2A for ; Fri, 30 Aug 2019 19:39:21 +0300 (EEST) Received: by mail-qk1-f194.google.com with SMTP id f13so6613516qkm.9 for ; Fri, 30 Aug 2019 09:39:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=sVxrcaFIYJ35oh98ZIeRAos7IJbyOUip6O0TcEd7fp4=; b=iGw7fLa9YMbTqZEles7KAOFIf+f3v+yotYTod7wnsO8EiJ6Uhrzp44D0kLagpcoeS1 Z1L3nXXCA3esM82O51TjTgKLbnBOwzFMQMfkn6YOqBaWPx8dS5/tX0+V+ypUoUfs7i1k 5zAINmmBHcro5xI5T60GLZU1ypE30UfcsA7LukyOfrHYzT369B7qIPcGirYV+SfzjFRR kc1xreRnzqI0pq4bm7rpYy3uSvcdKT4rs38snF/s9i6khaQFeiVenkv48BHI/FAGjQYN MwgAFDZF2BRx2DwllGxQinNpMkobvLuR4pj0iTUcYUm/s5POGj7oD5zyQcC0Oj2iGoSY Rf0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=sVxrcaFIYJ35oh98ZIeRAos7IJbyOUip6O0TcEd7fp4=; b=VUVF503KjQpjtmO5AxxO81BU8f8GZCjdMZAMys+qDMJSrVnbzWHU0OmfuYjeo7gXxs j83UZ8lBRdiB8pTyoiTNIe5uHNhIsIEF4iHc/Ig92HVw+OwXoaI13A23Sgp1UH/dA1BD 4pJALUiJ6wGXiG1qaHaKvRnNgpSiPK6OXuSVZFO7XcGQeEWD5SWmZpnLQZkYjgHblciw HlxN2WHLwnRnLz6Ze63YLIO0a8lIrTUGY0k9MuJnl9NZJxeDnPL6Qxf6FSH87T/Gfyim HFJR3wLRkIsQqvHdGNGPD9tY9K6jdMyyQQjowE6Ou1SS0k0uOTFTRpVhauSTdjA5bqYO A+PQ== X-Gm-Message-State: APjAAAXoLAh+op2ZVgBemcvVaElkIe0iAWaionncOjzRTrnblaIuAfxo c8DpfBtUMsWmZrwW2/6a17ERBaAx X-Google-Smtp-Source: APXvYqxEj0XwZmBjrZgMCz3jBPgI4T6OaPzdkvuZSbN+L0WRG1BkRRAHIeHV7UrO+lZAzjL1O8BABQ== X-Received: by 2002:a37:98f:: with SMTP id 137mr16381486qkj.188.1567183159897; Fri, 30 Aug 2019 09:39:19 -0700 (PDT) Received: from localhost.localdomain ([181.23.80.183]) by smtp.gmail.com with ESMTPSA id e2sm2782623qkg.38.2019.08.30.09.39.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Aug 2019 09:39:19 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Fri, 30 Aug 2019 13:39:00 -0300 Message-Id: <20190830163900.6795-1-jamrial@gmail.com> X-Mailer: git-send-email 2.22.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] tools/target_dec_fuzzer: add support to fuzz bitstream filters X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: James Almer --- Untested. I'm also not sure how to add the FFMPEG_BSF define to tools/Makefile, and have it coexist with FFMPEG_DECODER. Assuming it's needed. tools/target_dec_fuzzer.c | 43 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 0d10503cfb..b8fe1f2aa1 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -65,6 +65,8 @@ static void error(const char *err) } static AVCodec *c = NULL; +static AVBitStreamFilter *f = NULL; + static AVCodec *AVCodecInitialize(enum AVCodecID codec_id) { AVCodec *res; @@ -102,6 +104,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int *got_picture_ptr, const AVPacket *avpkt) = NULL; AVCodecParserContext *parser = NULL; + AVBSFContext *bsf = NULL; if (!c) { @@ -120,6 +123,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { av_log_set_level(AV_LOG_PANIC); } + if (!f) { +#ifdef FFMPEG_BSF +#define BSF_SYMBOL0(BSF) ff_##BSF##_bsf +#define BSF_SYMBOL(BSF) BSF_SYMBOL0(BSF) + extern AVBitStreamFilter BSF_SYMBOL(FFMPEG_BSF); + f = &BSF_SYMBOL(FFMPEG_BSF); + + if (f->codec_ids) { + const enum AVCodecID *ids; + for (ids = f->codec_ids; *ids != AV_CODEC_ID_NONE; ids++) + if (*ids == c->id) + break; + if (ids == AV_CODEC_ID_NONE) + error("Invalid bsf"); + } +#else + extern AVBitStreamFilter ff_null_bsf; + f = &ff_null_bsf; +#endif + } + switch (c->type) { case AVMEDIA_TYPE_AUDIO : decode_handler = avcodec_decode_audio4; break; case AVMEDIA_TYPE_VIDEO : decode_handler = avcodec_decode_video2; break; @@ -181,6 +205,18 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } parser_avctx->codec_id = ctx->codec_id; + res = av_bsf_alloc(f, &bsf); + if (res < 0) + error("Failed memory allocation"); + + res = avcodec_parameters_from_context(bsf->par_in, ctx); + if (res < 0) + error("Failed memory allocation"); + + res = av_bsf_init(bsf); + if (res < 0) + return 0; // Failure of av_bsf_init() does not imply that a issue was found + int got_frame; AVFrame *frame = av_frame_alloc(); if (!frame) @@ -237,6 +273,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } // Iterate through all data + res = av_bsf_send_packet(bsf, &avpkt); + while (res >= 0) { + res = av_bsf_receive_packet(bsf, &avpkt); + if (res < 0) + break; while (avpkt.size > 0 && it++ < maxiteration) { av_frame_unref(frame); int ret = decode_handler(ctx, frame, &got_frame, &avpkt); @@ -255,6 +296,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { avpkt.size -= ret; } av_packet_unref(&avpkt); + } } av_packet_unref(&parsepkt); } @@ -270,6 +312,7 @@ maximums_reached: fprintf(stderr, "pixels decoded: %"PRId64", iterations: %d\n", ec_pixels, it); + av_bsf_free(&bsf); av_frame_free(&frame); avcodec_free_context(&ctx); avcodec_free_context(&parser_avctx);