@@ -128,6 +128,8 @@ static void FDBPrepare(FuzzDataBuffer *FDB, AVPacket *dst, const uint8_t *data,
// Ensure we don't loop forever
const uint32_t maxiteration = 8096;
+const uint64_t maxpixels_per_frame = 4096 * 4096;
+const uint64_t maxpixels = maxpixels_per_frame * maxiteration / 8;
static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
@@ -171,7 +173,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (!ctx || !parser_avctx)
error("Failed memory allocation");
- ctx->max_pixels = 4096 * 4096; //To reduce false positive OOM and hangs
+ ctx->max_pixels = maxpixels_per_frame; //To reduce false positive OOM and hangs
if (size > 1024) {
GetByteContext gbc;
@@ -260,6 +262,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ec_pixels += ctx->width * ctx->height;
if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
ctx->error_concealment = 0;
+ if (ec_pixels > maxpixels)
+ goto maximums_reached;
if (ret <= 0 || ret > avpkt.size)
break;
@@ -270,6 +274,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
}
}
}
+maximums_reached:
av_init_packet(&avpkt);
avpkt.data = NULL;
This should reduces the number of uninteresting timeouts encountered Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_dec_fuzzer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)