From patchwork Sat Mar 28 03:28:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heng Zhang X-Patchwork-Id: 18450 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id DFD1E44B12C for ; Sat, 28 Mar 2020 05:29:08 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C1E6868B5FF; Sat, 28 Mar 2020 05:29:08 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from m12-16.163.com (m12-16.163.com [220.181.12.16]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7292268B48D for ; Sat, 28 Mar 2020 05:29:01 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=mdwi+ jdGJUcnMVy1FWye6TwvDl8RgXNLsKrV1tn60eY=; b=U6HZ/ayWFha5nzPf3D56V k05Ykpqlk/cOwJW7QU79IX1Uct9pmdpl5uahbWPlz4uJ4NNbQ9+su4/FSUDoQr26 JpAb1ory3tR0iBsdKhe0Up/d4NRhdLcKPJxgg71h5162u9BJDn1E/VyioWfPmRG0 cQi70TXzDeoMoREUKOTSHc= Received: from localhost.localdomain (unknown [27.17.234.126]) by smtp12 (Coremail) with SMTP id EMCowAA3P595xH5eo_k8AQ--.7S2; Sat, 28 Mar 2020 11:28:58 +0800 (CST) From: a397341575@163.com To: ffmpeg-devel@ffmpeg.org Date: Sat, 28 Mar 2020 11:28:56 +0800 Message-Id: <20200328032856.93464-1-a397341575@163.com> X-Mailer: git-send-email 2.26.0 MIME-Version: 1.0 X-CM-TRANSID: EMCowAA3P595xH5eo_k8AQ--.7S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxWw47KF4DZF17ur4UKF4UArb_yoWrJw13pa sxCrWDJ3yUt3y2krySqr4UJ3W5Xr4fGFyUKa43W3W2ywnIgryfta93KFy8tas3JFWrZw43 uan8tF15Gr1qqaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jprWrUUUUU= X-Originating-IP: [27.17.234.126] X-CM-SenderInfo: zdtzljyurvlki6rwjhhfrp/xtbBFRr0oVXlkJpr1wAAsc Subject: [FFmpeg-devel] [PATCH] [GSOC]add a fuzz testing in libavcodec/tests X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: toseven Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: toseven --- libavcodec/tests/target_avpacket_fuzzer.c | 114 ++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 libavcodec/tests/target_avpacket_fuzzer.c diff --git a/libavcodec/tests/target_avpacket_fuzzer.c b/libavcodec/tests/target_avpacket_fuzzer.c new file mode 100644 index 0000000000..22f9898210 --- /dev/null +++ b/libavcodec/tests/target_avpacket_fuzzer.c @@ -0,0 +1,114 @@ +/* + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include +#include +#include +#include "libavcodec/avcodec.h" +#include "libavutil/error.h" +#include "config.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static int setup_side_data_entry(AVPacket* avpkt) +{ + const char *data_name = NULL; + int ret = 0, bytes; + uint8_t *extra_data = NULL; + + + /* get side_data_name string */ + data_name = av_packet_side_data_name(AV_PKT_DATA_NEW_EXTRADATA); + + /* Allocate a memory bloc */ + bytes = strlen(data_name); + + if(!(extra_data = (uint8_t *)av_malloc(bytes))){ + ret = AVERROR(ENOMEM); + fprintf(stderr, "Error occurred: %s\n", av_err2str(ret)); + exit(1); + } + /* copy side_data_name to extra_data array */ + memcpy(extra_data, data_name, bytes); + + /* create side data for AVPacket */ + ret = av_packet_add_side_data(avpkt, AV_PKT_DATA_NEW_EXTRADATA, + extra_data, bytes); + if(ret < 0){ + fprintf(stderr, + "Error occurred in av_packet_add_side_data: %s\n", + av_err2str(ret)); + } + + return ret; +} + +static int initializations(AVPacket* avpkt) +{ + av_init_packet(avpkt); + int ret; + ret = setup_side_data_entry(avpkt); + + return ret; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + AVPacket avpkt; + memcmp(&avpkt,data,sizeof(AVPacket)); + + int num; + memcmp(&num,data+sizeof(AVPacket),sizeof(int)); + AVPacket *avpkt_clone = NULL; + int ret = 0; + + if(initializations(&avpkt) < 0){ + printf("failed to initialize variables\n"); + return 1; + } + /* test av_packet_clone*/ + avpkt_clone = av_packet_clone(&avpkt); + + if(!avpkt_clone) { + av_log(NULL, AV_LOG_ERROR,"av_packet_clone failed to clone AVPacket\n"); + return 1; + } + /*test av_grow_packet*/ + if(av_grow_packet(avpkt_clone, num) < 0){ + av_log(NULL, AV_LOG_ERROR, "av_grow_packet failed\n"); + return 1; + } + /* test size error check in av_new_packet*/ + if(av_new_packet(avpkt_clone, num) == 0){ + printf( "av_new_packet failed to return error " + "when \"size\" parameter is too large.\n" ); + ret = 1; + } + /*test size error check in av_packet_from_data*/ + if(av_packet_from_data(avpkt_clone, avpkt_clone->data, num) == 0){ + printf("av_packet_from_data failed to return error " + "when \"size\" parameter is too large.\n" ); + ret = 1; + } + /*clean up*/ + av_packet_free(&avpkt_clone); + av_packet_unref(&avpkt); + + return ret; +}