| Message ID | 20210706160801.11973-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 29c95765e8297cba75811c78d8ffffc2824479ca |
| Headers | show |
| Series | [FFmpeg-devel] tools/target_dec_fuzzer: move maximum variables into function | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
On Tue, Jul 06, 2021 at 06:08:01PM +0200, Michael Niedermayer wrote: > This fixes an issue when multiple cases are fuzzed in a single run and > the limits are adjusted by more than the iteration limit. In that case > the adjusted limit leaked back into the global limit causing the > fuzzer to become ineffective after several iterations, MSS2 was > affected by this for example. > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > tools/target_dec_fuzzer.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) i intend to apply this today so we can see if it resolves some coverage issues with the fuzzer thx [...]
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 6092f6775d..96b8f81958 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -98,15 +98,15 @@ static int audio_video_handler(AVCodecContext *avctx, AVFrame *frame, // Ensure we don't loop forever const uint32_t maxiteration = 8096; -uint64_t maxpixels_per_frame = 4096 * 4096; -uint64_t maxpixels; - -uint64_t maxsamples_per_frame = 256*1024*32; -uint64_t maxsamples; static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL; int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + uint64_t maxpixels_per_frame = 4096 * 4096; + uint64_t maxpixels; + + uint64_t maxsamples_per_frame = 256*1024*32; + uint64_t maxsamples; const uint64_t fuzz_tag = FUZZ_TAG; const uint8_t *last = data; const uint8_t *end = data + size;
This fixes an issue when multiple cases are fuzzed in a single run and the limits are adjusted by more than the iteration limit. In that case the adjusted limit leaked back into the global limit causing the fuzzer to become ineffective after several iterations, MSS2 was affected by this for example. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_dec_fuzzer.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)