From patchwork Thu Feb 4 19:09:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 25414 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 86BCA4480C6 for ; Thu, 4 Feb 2021 21:11:48 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6EAF468AA1F; Thu, 4 Feb 2021 21:11:48 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qt1-f177.google.com (mail-qt1-f177.google.com [209.85.160.177]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7686F68AA48 for ; Thu, 4 Feb 2021 21:11:47 +0200 (EET) Received: by mail-qt1-f177.google.com with SMTP id h16so3197407qth.11 for ; Thu, 04 Feb 2021 11:11:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=NygFnijP9Lh6PhJND5d5+ogwLHXbwbVH6k8SeRmx3i4=; b=BHb6K0j9eyn7UF0RNqsuQfJxPGOEPf19hLeYM7KLQGa7nZ+xcGUAgKejMlqI/NPIqt R2DTFe5L9yHyZUrepg4xXX2/oGB22kvltsEZPMMso//8hKZWUh7luo24fsHmb4aHmsqB zf8KatQq3QMlGrx118Io2rZ/AEXIWSAcMbXFrptG1uhWFaLWzX4zhzhpWXrJNY4lx/jR 3RNe3a+f6VUgNMHj5lFGFCWJX28WpLwce8MtI9NxLEIfMVNYP/Bw5HPAdRdIDUoLK52D 3jiLvytdG4xILNcmimveGL14O+TACOtzG12/aCvzeCl4l7JLB+kYneMLVpU2op6M2tAr G36w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NygFnijP9Lh6PhJND5d5+ogwLHXbwbVH6k8SeRmx3i4=; b=nSenPKVMUR8IaQI3pTtkCpO4Ld9EFBR4lsWLSCf2JLPQeHo5tVp88cvXnxFR2b8yY3 CCqh8TfeHobuFbEXlJw+KGrDagktydTuV59avpkMESqRgaV7ZQVHTLnSAG42bxae9XDW hQgsIvCiC0H2pqHyta1ZWEkeDqBCYCbTiKLiUvaeQjg8XSAoivPxq298Wl7Md+tV0yL6 6n2XK3H1yPS4j44iczA4/xnegZpX3HwiS/gTC4khvivwUodmch/F6MqMX3iEmv/iNJWd 8M9+ITU/kmAO3h0EhRmOGZHcrlVBgDMEPeXaOD8lNzzMFS6F/HZDU3hXeIZUbfPo+0Dy XIXw== X-Gm-Message-State: AOAM530yK/ThKUvUvDmzZJ7B/lijx5mZbjEHqldulHvw4AkVq+3bq8Z9 V45kj5/TzaWLsU7T6POU4O5FkhfuJjo= X-Google-Smtp-Source: ABdhPJzVYJON9c+ZkmRNSH96imx0B3Cmh2kb5MIfThww66lz0Y/YEw8Wntogf3VhbMlc6vL9GNeJzw== X-Received: by 2002:ac8:46cd:: with SMTP id h13mr1042504qto.296.1612465905795; Thu, 04 Feb 2021 11:11:45 -0800 (PST) Received: from localhost.localdomain ([181.23.64.183]) by smtp.gmail.com with ESMTPSA id t14sm5889291qkt.50.2021.02.04.11.11.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Feb 2021 11:11:45 -0800 (PST) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 4 Feb 2021 16:09:54 -0300 Message-Id: <20210204191005.48190-40-jamrial@gmail.com> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210204191005.48190-1-jamrial@gmail.com> References: <20210204191005.48190-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 39/50] tools/target_dec_fuzzer: use av_packet_alloc() to allocate packets X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: James Almer --- tools/target_dec_fuzzer.c | 73 +++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 37 deletions(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index affa6e3b51..84e59000b8 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -286,13 +286,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int got_frame; AVFrame *frame = av_frame_alloc(); - if (!frame) + AVPacket *avpkt = av_packet_alloc(); + AVPacket *parsepkt = av_packet_alloc(); + if (!frame || !avpkt || !parsepkt) error("Failed memory allocation"); // Read very simple container - AVPacket avpkt, parsepkt; - av_init_packet(&avpkt); - av_init_packet(&parsepkt); while (data < end && it < maxiteration) { // Search for the TAG while (data + sizeof(fuzz_tag) < end) { @@ -303,43 +302,42 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (data + sizeof(fuzz_tag) > end) data = end; - res = av_new_packet(&parsepkt, data - last); + res = av_new_packet(parsepkt, data - last); if (res < 0) error("Failed memory allocation"); - memcpy(parsepkt.data, last, data - last); - parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; + memcpy(parsepkt->data, last, data - last); + parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; keyframes = (keyframes >> 2) + (keyframes<<62); data += sizeof(fuzz_tag); last = data; - while (parsepkt.size > 0) { + while (parsepkt->size > 0) { int decode_more; if (parser) { - av_init_packet(&avpkt); - int ret = av_parser_parse2(parser, parser_avctx, &avpkt.data, &avpkt.size, - parsepkt.data, parsepkt.size, - parsepkt.pts, parsepkt.dts, parsepkt.pos); - if (avpkt.data == parsepkt.data) { - avpkt.buf = av_buffer_ref(parsepkt.buf); - if (!avpkt.buf) + int ret = av_parser_parse2(parser, parser_avctx, &avpkt->data, &avpkt->size, + parsepkt->data, parsepkt->size, + parsepkt->pts, parsepkt->dts, parsepkt->pos); + if (avpkt->data == parsepkt->data) { + avpkt->buf = av_buffer_ref(parsepkt->buf); + if (!avpkt->buf) error("Failed memory allocation"); } else { - if (av_packet_make_refcounted(&avpkt) < 0) + if (av_packet_make_refcounted(avpkt) < 0) error("Failed memory allocation"); } - parsepkt.data += ret; - parsepkt.size -= ret; - parsepkt.pos += ret; - avpkt.pts = parser->pts; - avpkt.dts = parser->dts; - avpkt.pos = parser->pos; + parsepkt->data += ret; + parsepkt->size -= ret; + parsepkt->pos += ret; + avpkt->pts = parser->pts; + avpkt->dts = parser->dts; + avpkt->pos = parser->pos; if ( parser->key_frame == 1 || (parser->key_frame == -1 && parser->pict_type == AV_PICTURE_TYPE_I)) - avpkt.flags |= AV_PKT_FLAG_KEY; - avpkt.flags |= parsepkt.flags & AV_PKT_FLAG_DISCARD; + avpkt->flags |= AV_PKT_FLAG_KEY; + avpkt->flags |= parsepkt->flags & AV_PKT_FLAG_DISCARD; } else { - av_packet_move_ref(&avpkt, &parsepkt); + av_packet_move_ref(avpkt, parsepkt); } if (!(flushpattern & 7)) @@ -347,7 +345,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { flushpattern = (flushpattern >> 3) + (flushpattern << 61); if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) { - int ret = avcodec_send_packet(ctx, &avpkt); + int ret = avcodec_send_packet(ctx, avpkt); decode_more = ret >= 0; } else decode_more = 1; @@ -355,7 +353,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { // Iterate through all data while (decode_more && it++ < maxiteration) { av_frame_unref(frame); - int ret = decode_handler(ctx, frame, &got_frame, &avpkt); + int ret = decode_handler(ctx, frame, &got_frame, avpkt); ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL); if (it > 20 || ec_pixels > 4 * ctx->max_pixels) @@ -365,30 +363,30 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (ctx->codec_type == AVMEDIA_TYPE_AUDIO && frame->nb_samples == 0 && !got_frame && - (avpkt.flags & AV_PKT_FLAG_DISCARD)) + (avpkt->flags & AV_PKT_FLAG_DISCARD)) nb_samples += ctx->max_samples; nb_samples += frame->nb_samples; if (nb_samples > maxsamples) goto maximums_reached; - if (ret <= 0 || ret > avpkt.size) + if (ret <= 0 || ret > avpkt->size) break; if (ctx->codec_type == AVMEDIA_TYPE_SUBTITLE) { - avpkt.data += ret; - avpkt.size -= ret; - decode_more = avpkt.size > 0; + avpkt->data += ret; + avpkt->size -= ret; + decode_more = avpkt->size > 0; } else decode_more = ret >= 0; } - av_packet_unref(&avpkt); + av_packet_unref(avpkt); } - av_packet_unref(&parsepkt); + av_packet_unref(parsepkt); } maximums_reached: - av_packet_unref(&avpkt); + av_packet_unref(avpkt); if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) avcodec_send_packet(ctx, NULL); @@ -396,7 +394,7 @@ maximums_reached: do { got_frame = 0; av_frame_unref(frame); - decode_handler(ctx, frame, &got_frame, &avpkt); + decode_handler(ctx, frame, &got_frame, avpkt); } while (got_frame == 1 && it++ < maxiteration); fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it); @@ -405,7 +403,8 @@ maximums_reached: avcodec_free_context(&ctx); avcodec_free_context(&parser_avctx); av_parser_close(parser); - av_packet_unref(&parsepkt); + av_packet_free(&avpkt); + av_packet_free(&parsepkt); av_dict_free(&opts); return 0; }