| Message ID | 20190925203858.27870-6-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | db614008bc8a0c92897b927ad07fec04af3a4c18 |
| Headers | show |
lgtm On 9/25/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > tools/target_dec_fuzzer.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c > index 0dc1854738..6c670d8eb9 100644 > --- a/tools/target_dec_fuzzer.c > +++ b/tools/target_dec_fuzzer.c > @@ -94,6 +94,7 @@ const uint64_t maxpixels_per_frame = 4096 * 4096; > uint64_t maxpixels; > > const uint64_t maxsamples_per_frame = 256*1024*32; > +uint64_t maxsamples; > > static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL; > > @@ -103,6 +104,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t > size) { > const uint8_t *end = data + size; > uint32_t it = 0; > uint64_t ec_pixels = 0; > + uint64_t nb_samples = 0; > int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture, > int *got_picture_ptr, > const AVPacket *avpkt) = NULL; > @@ -131,6 +133,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t > size) { > case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; > break; > } > maxpixels = maxpixels_per_frame * maxiteration; > + maxsamples = maxsamples_per_frame * maxiteration; > switch (c->id) { > // Allows a small input to generate gigantic output > case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break; > @@ -269,6 +272,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t > size) { > if (ec_pixels > maxpixels) > goto maximums_reached; > > + nb_samples += frame->nb_samples; > + if (nb_samples > maxsamples) > + goto maximums_reached; > + > if (ret <= 0 || ret > avpkt.size) > break; > if (ctx->codec_type != AVMEDIA_TYPE_AUDIO) > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Thu, Sep 26, 2019 at 09:56:26AM +0200, Paul B Mahol wrote:
> lgtm
will apply
thx
[...]
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 0dc1854738..6c670d8eb9 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -94,6 +94,7 @@ const uint64_t maxpixels_per_frame = 4096 * 4096; uint64_t maxpixels; const uint64_t maxsamples_per_frame = 256*1024*32; +uint64_t maxsamples; static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL; @@ -103,6 +104,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { const uint8_t *end = data + size; uint32_t it = 0; uint64_t ec_pixels = 0; + uint64_t nb_samples = 0; int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture, int *got_picture_ptr, const AVPacket *avpkt) = NULL; @@ -131,6 +133,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; break; } maxpixels = maxpixels_per_frame * maxiteration; + maxsamples = maxsamples_per_frame * maxiteration; switch (c->id) { // Allows a small input to generate gigantic output case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break; @@ -269,6 +272,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (ec_pixels > maxpixels) goto maximums_reached; + nb_samples += frame->nb_samples; + if (nb_samples > maxsamples) + goto maximums_reached; + if (ret <= 0 || ret > avpkt.size) break; if (ctx->codec_type != AVMEDIA_TYPE_AUDIO)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_dec_fuzzer.c | 7 +++++++ 1 file changed, 7 insertions(+)