From patchwork Sat Dec 28 20:16:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 17029 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 3F6B244ABF9 for ; Sat, 28 Dec 2019 22:26:14 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1440268AB43; Sat, 28 Dec 2019 22:26:14 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe02-2.mx.upcmail.net (vie01a-dmta-pe02-2.mx.upcmail.net [62.179.121.158]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 18B7868A650 for ; Sat, 28 Dec 2019 22:26:08 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1ilIYn-0009aN-2l for ffmpeg-devel@ffmpeg.org; Sat, 28 Dec 2019 21:19:41 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id lIXoixQBcwlyslIXpilbao; Sat, 28 Dec 2019 21:18:41 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=E5OzWpVl c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=ZSMypksDf-kGHnKgdZ8A:9 a=pHzHmUro8NiASowvMSCR:22 a=Ew2E2A-JSTLzCXPT_086:22 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sat, 28 Dec 2019 21:16:17 +0100 Message-Id: <20191228201617.14212-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191228201617.14212-1-michael@niedermayer.cc> References: <20191228201617.14212-1-michael@niedermayer.cc> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfGxeW+2sf5HJI8khXwKHV+ad9Pm9TdQx+QgsncI3fWGECm2fLbxIHU5b9PONJGOxSDSXOAY9fZYMiIH9MLZJg8S+UBSnb4UbUfMKICRxGWGIsuZkVP07 UE4aTcIJFm3Jw2Ce1G2a9t0XYhZZTi5V1QdEoa8ADRoeeQGYMl5RRHYM Subject: [FFmpeg-devel] [PATCH 2/2] tools/target_dec_fuzzer: List valid codec tags (based on fate) X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" I am a bit undecided on listing them like this but it seems the fuzzer has difficulty finding valid tags (like in hapdec/snappy) With this it finds issues in hapdec within seconds locally (with constrained w/h) while before on googles machienes it seemed not to get past the codec_tag switch at all on the days i checked Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 40 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 2d9d28b46d..03ff45a0f4 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -57,6 +57,43 @@ //For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected #include "libavcodec/internal.h" +unsigned codec_tags[] = { + 0x00000000, 0x00000001, 0x00000002, 0x00000003, 0x00000004, 0x00000006, 0x00000007, 0x0000000A, + 0x0000000F, 0x00000011, 0x00000017, 0x0000001B, 0x00000020, 0x00000022, 0x00000024, 0x00000031, + 0x00000045, 0x00000050, 0x00000055, 0x00000061, 0x00000062, 0x00000065, 0x00000069, 0x0000007C, + 0x00000081, 0x00000082, 0x00000100, 0x00000160, 0x00000161, 0x00000162, 0x00000163, 0x00000200, + 0x00000270, 0x0000028F, 0x00000401, 0x00000500, 0x00002000, 0x0000A109, 0x0200736D, 0x08505350, + 0x0F424752, 0x10424752, 0x10445350, 0x10445550, 0x10505350, 0x10544942, 0x1100736D, 0x18424752, + 0x18445550, 0x18505350, 0x18524742, 0x2033504D, 0x20335056, 0x20445550, 0x20455041, 0x204D4250, + 0x20505350, 0x20545344, 0x20636D73, 0x20637664, 0x20656C72, 0x20776172, 0x302E3151, 0x30303859, + 0x30313272, 0x30313276, 0x30313476, 0x30315652, 0x30323449, 0x30324C4D, 0x30324D54, 0x30325254, + 0x30325652, 0x30335652, 0x30345056, 0x30345652, 0x30355056, 0x30355649, 0x30375056, 0x30385056, + 0x30395056, 0x30484C55, 0x30573142, 0x30594C55, 0x312D6376, 0x31325452, 0x31335056, 0x31345649, + 0x31363248, 0x31474E50, 0x31515653, 0x31524356, 0x31535046, 0x3153534D, 0x31564256, 0x31564646, + 0x3156474B, 0x31564D57, 0x31564E57, 0x31565053, 0x31565341, 0x31573042, 0x31637661, 0x31637668, + 0x31706148, 0x31766568, 0x32335649, 0x32336E69, 0x3234504D, 0x32484C55, 0x324B4D53, 0x324D3247, + 0x324D4451, 0x32514853, 0x32524356, 0x32525541, 0x3253534D, 0x3253544D, 0x32564D57, 0x32565341, + 0x32594C55, 0x32595559, 0x32637374, 0x3267706D, 0x32706A6D, 0x332D6365, 0x3334504D, 0x33363248, + 0x3343414D, 0x33445844, 0x334D3247, 0x33515653, 0x33564D57, 0x33637661, 0x34326E69, 0x34355053, + 0x34363248, 0x3447504D, 0x34484C55, 0x344D3247, 0x34504D46, 0x34616D69, 0x34767579, 0x3535354C, + 0x3536354C, 0x35706148, 0x3643414D, 0x38303376, 0x38303476, 0x385F3832, 0x39565559, 0x3A44534C, + 0x41365056, 0x41424752, 0x414B4D53, 0x41524742, 0x41524C55, 0x41525541, 0x41706148, 0x42313459, + 0x42323459, 0x42494C5A, 0x43414658, 0x43435349, 0x43435352, 0x434C4C43, 0x43534141, 0x43534454, + 0x43564D46, 0x43564D4B, 0x4356534D, 0x43565543, 0x44435343, 0x44484643, 0x44495658, 0x44535342, + 0x454C4256, 0x454D414C, 0x454E4F4E, 0x4649464A, 0x46564D41, 0x47423432, 0x474E504D, 0x47504A4C, + 0x47504A4D, 0x47504A52, 0x47524C55, 0x48564646, 0x485A534D, 0x49445844, 0x49544C55, 0x49555641, + 0x4A63706C, 0x4B435544, 0x4C584956, 0x4D415243, 0x4D424C49, 0x4D435041, 0x4D706148, 0x4F43455A, + 0x4F434F4C, 0x50303434, 0x50313459, 0x50343434, 0x50444147, 0x50444152, 0x50535010, 0x50554410, + 0x50554418, 0x50554420, 0x524A4C43, 0x5347414C, 0x534C4A4D, 0x53504238, 0x55575246, 0x55594648, + 0x56424D5A, 0x56434946, 0x574D5632, 0x574F4E53, 0x58514843, 0x58565338, 0x5947414D, 0x59706148, + 0x6134706D, 0x617A7072, 0x624B4942, 0x62706A6D, 0x62776173, 0x63616C61, 0x63617264, 0x63637374, + 0x636E4D56, 0x64697663, 0x646F6369, 0x64756164, 0x664B4942, 0x67337874, 0x68347061, 0x68637061, + 0x68645641, 0x694B4942, 0x6B6F6F63, 0x6D63706C, 0x6D736761, 0x6E617858, 0x6E637061, 0x6E645641, + 0x6F56736D, 0x6F637061, 0x726D6173, 0x726F7478, 0x72706973, 0x73637061, 0x736F7774, 0x7375704F, + 0x74656E64, 0x746C7870, 0x74776F73, 0x76323130, 0x7634706D, 0x76757963, 0x77616C61, 0x77616C75, + 0x77726471, 0xFFFFFFFF, +}; + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); extern AVCodec * codec_list[]; @@ -209,7 +246,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ctx->sample_rate = bytestream2_get_le32(&gbc) & 0x7FFFFFFF; ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS; ctx->block_align = bytestream2_get_le32(&gbc) & 0x7FFFFFFF; - ctx->codec_tag = bytestream2_get_le32(&gbc); + ctx->codec_tag = codec_tags[bytestream2_get_le32(&gbc) % FF_ARRAY_ELEMS(codec_tags)]; + keyframes = bytestream2_get_le64(&gbc); ctx->request_channel_layout = bytestream2_get_le64(&gbc);