[FFmpeg-devel,4/4] tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags

Submitted by Michael Niedermayer on Oct. 12, 2019, 8:34 p.m.

Details

Message ID 20191012203403.26941-4-michael@niedermayer.cc
State New
Headers show

Commit Message

Michael Niedermayer Oct. 12, 2019, 8:34 p.m.
This should improve coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

James Almer Oct. 12, 2019, 9 p.m.
On 10/12/2019 5:34 PM, Michael Niedermayer wrote:
> This should improve coverage
> 
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  tools/target_dec_fuzzer.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index 0047c9eed6..4d03151735 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>                            int *got_picture_ptr,
>                            const AVPacket *avpkt) = NULL;
>      AVCodecParserContext *parser = NULL;
> +    uint64_t keyframes = 0;
>  
>  
>      if (!c) {
> @@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>          ctx->channels                           = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
>          ctx->block_align                        = bytestream2_get_le32(&gbc);
>          ctx->codec_tag                          = bytestream2_get_le32(&gbc);
> +        keyframes                               = bytestream2_get_le64(&gbc);
>  
>          if (extradata_size < size) {
>              ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
> @@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>          if (res < 0)
>              error("Failed memory allocation");
>          memcpy(parsepkt.data, last, data - last);
> +        parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (keyframes & 2)/2 * AV_PKT_FLAG_KEY;

Doing !!(keyframes & 2) may communicate the intent more clearly, IMO.

> +        keyframes = (keyframes >> 2) + (keyframes<<62);
>          data += sizeof(fuzz_tag);
>          last = data;
>  
>
Michael Niedermayer Oct. 14, 2019, 8 p.m.
On Sat, Oct 12, 2019 at 06:00:39PM -0300, James Almer wrote:
> On 10/12/2019 5:34 PM, Michael Niedermayer wrote:
> > This should improve coverage
> > 
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  tools/target_dec_fuzzer.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> > index 0047c9eed6..4d03151735 100644
> > --- a/tools/target_dec_fuzzer.c
> > +++ b/tools/target_dec_fuzzer.c
> > @@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> >                            int *got_picture_ptr,
> >                            const AVPacket *avpkt) = NULL;
> >      AVCodecParserContext *parser = NULL;
> > +    uint64_t keyframes = 0;
> >  
> >  
> >      if (!c) {
> > @@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> >          ctx->channels                           = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
> >          ctx->block_align                        = bytestream2_get_le32(&gbc);
> >          ctx->codec_tag                          = bytestream2_get_le32(&gbc);
> > +        keyframes                               = bytestream2_get_le64(&gbc);
> >  
> >          if (extradata_size < size) {
> >              ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
> > @@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> >          if (res < 0)
> >              error("Failed memory allocation");
> >          memcpy(parsepkt.data, last, data - last);
> > +        parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (keyframes & 2)/2 * AV_PKT_FLAG_KEY;
> 
> Doing !!(keyframes & 2) may communicate the intent more clearly, IMO.

will apply with that change
thx

[...]

Patch hide | download patch | download mbox

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 0047c9eed6..4d03151735 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -109,6 +109,7 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
                           int *got_picture_ptr,
                           const AVPacket *avpkt) = NULL;
     AVCodecParserContext *parser = NULL;
+    uint64_t keyframes = 0;
 
 
     if (!c) {
@@ -191,6 +192,7 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         ctx->channels                           = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
         ctx->block_align                        = bytestream2_get_le32(&gbc);
         ctx->codec_tag                          = bytestream2_get_le32(&gbc);
+        keyframes                               = bytestream2_get_le64(&gbc);
 
         if (extradata_size < size) {
             ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
@@ -236,6 +238,8 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         if (res < 0)
             error("Failed memory allocation");
         memcpy(parsepkt.data, last, data - last);
+        parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (keyframes & 2)/2 * AV_PKT_FLAG_KEY;
+        keyframes = (keyframes >> 2) + (keyframes<<62);
         data += sizeof(fuzz_tag);
         last = data;