@@ -256,6 +256,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
error("Failed memory allocation");
memcpy(parsepkt.data, last, data - last);
parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
+ int flush = !!(keyframes & 4);
keyframes = (keyframes >> 2) + (keyframes<<62);
data += sizeof(fuzz_tag);
last = data;
@@ -289,6 +290,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
av_packet_move_ref(&avpkt, &parsepkt);
}
+ if (avpkt.flags & AV_PKT_FLAG_KEY && flush)
+ avcodec_flush_buffers(ctx);
+
// Iterate through all data
while (avpkt.size > 0 && it++ < maxiteration) {
av_frame_unref(frame);
This should increase coverage on some decoders by executing flushing code. Signed-off-by: James Almer <jamrial@gmail.com> --- tools/target_dec_fuzzer.c | 4 ++++ 1 file changed, 4 insertions(+)