From patchwork Fri Mar 5 16:33:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 26133 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 4C04844B231 for ; Fri, 5 Mar 2021 18:36:19 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3485C68AD75; Fri, 5 Mar 2021 18:36:19 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qv1-f48.google.com (mail-qv1-f48.google.com [209.85.219.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 68C6568AD2A for ; Fri, 5 Mar 2021 18:36:15 +0200 (EET) Received: by mail-qv1-f48.google.com with SMTP id dj14so1286475qvb.1 for ; Fri, 05 Mar 2021 08:36:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=haAbmU6ieNsSmqHBoBX3U9VfDwEwVCLnYuaFFp/LE7k=; b=BCGtrsj+oSHQ2V5Fw0meQy7bxjbPx6bQ6OB4IqSehNvB3nnOq5i68NCM+Fyk0og7cF +Px+d140wRqeVDIcbILjyKhUEODnmE9phTXsE0PZkWY5omh1bawlVwO2+wiDk9jfaWzS z2pYhxdOuJ+0rGyWtyLufS4r4T+bloKWXkWo8Gb0Nuixb3cKWchpexcWDpTvmxdBJmlU cH8Xe/uCDdHgmJXNbqBW1uAl5sARI7Qky6+XhqCCApwEm9Jj1w2pTi8R+uBdVItCeBaA pMykHWJ4n3+ZPV6VIkd8FaFB7cIwtic3pksKePmC9QPWfxYn2bCOdEDHXLgM+JxcyyJm aRrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=haAbmU6ieNsSmqHBoBX3U9VfDwEwVCLnYuaFFp/LE7k=; b=nANc37yHFBhsjoCziFz1Ab8c1Gff50RrzTLY8rPY9pMZorMVh4vpbZPa51ysVG6PZ0 ZPnSDHMK7iJTK1P+zZXfQ7uJEclT3aS1Ur8nponEg1cr5phLORHuf8GpMFqG6jj4Z1WW U6WEq0X7zwAHx9CmKk4bZ8de48ZsuvRShm6VTs8lYSajdmggisKF2kIiGFzjGYdPVU8h WUw8seOzO5VUMbrjytGNGaudPKNcMuLUHTf58pDjhlUxXOmRL8EypBkaulmBLKlT8pJU 3fNM5gOw+dSu7qfghKLZZggAttdQK1ktJ7sWSWXUv/FQLoxuHNVI3Jv0ZiP8jvYXp1MG VwIg== X-Gm-Message-State: AOAM533CssR/Snc6crCCh40CIrH9/C7p1H/HqekBq0Vp4uWT9tHTEiWu CNmGU9F3Q031TzxQb7mOkXdT7y8+CIEuSA== X-Google-Smtp-Source: ABdhPJzMw9dmF5eZM5czyzS9aYNbE2C3w1DrwNxXlNIOq8vRSTi0WQaZpUVfJzjoLj68l9IP2qjlwg== X-Received: by 2002:ad4:4ab0:: with SMTP id i16mr9497579qvx.1.1614962173825; Fri, 05 Mar 2021 08:36:13 -0800 (PST) Received: from localhost.localdomain ([181.23.89.132]) by smtp.gmail.com with ESMTPSA id b10sm2168494qtt.23.2021.03.05.08.36.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Mar 2021 08:36:13 -0800 (PST) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Fri, 5 Mar 2021 13:33:29 -0300 Message-Id: <20210305163339.63164-39-jamrial@gmail.com> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210305163339.63164-1-jamrial@gmail.com> References: <20210305163339.63164-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 38/48] tools/target_dec_fuzzer: use av_packet_alloc() to allocate packets X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: James Almer --- tools/target_dec_fuzzer.c | 73 +++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 37 deletions(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index c484dd3e95..bac54d5aaa 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -294,13 +294,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int got_frame; AVFrame *frame = av_frame_alloc(); - if (!frame) + AVPacket *avpkt = av_packet_alloc(); + AVPacket *parsepkt = av_packet_alloc(); + if (!frame || !avpkt || !parsepkt) error("Failed memory allocation"); // Read very simple container - AVPacket avpkt, parsepkt; - av_init_packet(&avpkt); - av_init_packet(&parsepkt); while (data < end && it < maxiteration) { // Search for the TAG while (data + sizeof(fuzz_tag) < end) { @@ -311,43 +310,42 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (data + sizeof(fuzz_tag) > end) data = end; - res = av_new_packet(&parsepkt, data - last); + res = av_new_packet(parsepkt, data - last); if (res < 0) error("Failed memory allocation"); - memcpy(parsepkt.data, last, data - last); - parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; + memcpy(parsepkt->data, last, data - last); + parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; keyframes = (keyframes >> 2) + (keyframes<<62); data += sizeof(fuzz_tag); last = data; - while (parsepkt.size > 0) { + while (parsepkt->size > 0) { int decode_more; if (parser) { - av_init_packet(&avpkt); - int ret = av_parser_parse2(parser, parser_avctx, &avpkt.data, &avpkt.size, - parsepkt.data, parsepkt.size, - parsepkt.pts, parsepkt.dts, parsepkt.pos); - if (avpkt.data == parsepkt.data) { - avpkt.buf = av_buffer_ref(parsepkt.buf); - if (!avpkt.buf) + int ret = av_parser_parse2(parser, parser_avctx, &avpkt->data, &avpkt->size, + parsepkt->data, parsepkt->size, + parsepkt->pts, parsepkt->dts, parsepkt->pos); + if (avpkt->data == parsepkt->data) { + avpkt->buf = av_buffer_ref(parsepkt->buf); + if (!avpkt->buf) error("Failed memory allocation"); } else { - if (av_packet_make_refcounted(&avpkt) < 0) + if (av_packet_make_refcounted(avpkt) < 0) error("Failed memory allocation"); } - parsepkt.data += ret; - parsepkt.size -= ret; - parsepkt.pos += ret; - avpkt.pts = parser->pts; - avpkt.dts = parser->dts; - avpkt.pos = parser->pos; + parsepkt->data += ret; + parsepkt->size -= ret; + parsepkt->pos += ret; + avpkt->pts = parser->pts; + avpkt->dts = parser->dts; + avpkt->pos = parser->pos; if ( parser->key_frame == 1 || (parser->key_frame == -1 && parser->pict_type == AV_PICTURE_TYPE_I)) - avpkt.flags |= AV_PKT_FLAG_KEY; - avpkt.flags |= parsepkt.flags & AV_PKT_FLAG_DISCARD; + avpkt->flags |= AV_PKT_FLAG_KEY; + avpkt->flags |= parsepkt->flags & AV_PKT_FLAG_DISCARD; } else { - av_packet_move_ref(&avpkt, &parsepkt); + av_packet_move_ref(avpkt, parsepkt); } if (!(flushpattern & 7)) @@ -355,7 +353,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { flushpattern = (flushpattern >> 3) + (flushpattern << 61); if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) { - int ret = avcodec_send_packet(ctx, &avpkt); + int ret = avcodec_send_packet(ctx, avpkt); decode_more = ret >= 0; if(!decode_more) { ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL); @@ -370,7 +368,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { // Iterate through all data while (decode_more && it++ < maxiteration) { av_frame_unref(frame); - int ret = decode_handler(ctx, frame, &got_frame, &avpkt); + int ret = decode_handler(ctx, frame, &got_frame, avpkt); ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL); if (it > 20 || ec_pixels > 4 * ctx->max_pixels) @@ -380,30 +378,30 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (ctx->codec_type == AVMEDIA_TYPE_AUDIO && frame->nb_samples == 0 && !got_frame && - (avpkt.flags & AV_PKT_FLAG_DISCARD)) + (avpkt->flags & AV_PKT_FLAG_DISCARD)) nb_samples += ctx->max_samples; nb_samples += frame->nb_samples; if (nb_samples > maxsamples) goto maximums_reached; - if (ret <= 0 || ret > avpkt.size) + if (ret <= 0 || ret > avpkt->size) break; if (ctx->codec_type == AVMEDIA_TYPE_SUBTITLE) { - avpkt.data += ret; - avpkt.size -= ret; - decode_more = avpkt.size > 0; + avpkt->data += ret; + avpkt->size -= ret; + decode_more = avpkt->size > 0; } else decode_more = ret >= 0; } - av_packet_unref(&avpkt); + av_packet_unref(avpkt); } - av_packet_unref(&parsepkt); + av_packet_unref(parsepkt); } maximums_reached: - av_packet_unref(&avpkt); + av_packet_unref(avpkt); if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) avcodec_send_packet(ctx, NULL); @@ -411,7 +409,7 @@ maximums_reached: do { got_frame = 0; av_frame_unref(frame); - decode_handler(ctx, frame, &got_frame, &avpkt); + decode_handler(ctx, frame, &got_frame, avpkt); } while (got_frame == 1 && it++ < maxiteration); fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it); @@ -420,7 +418,8 @@ maximums_reached: avcodec_free_context(&ctx); avcodec_free_context(&parser_avctx); av_parser_close(parser); - av_packet_unref(&parsepkt); + av_packet_free(&avpkt); + av_packet_free(&parsepkt); av_dict_free(&opts); return 0; }