@@ -78,6 +78,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
uint32_t it = 0;
uint64_t nb_samples = 0;
AVDictionary *opts = NULL;
+ uint64_t ec_pixels = 0;
if (!c) {
#define ENCODER_SYMBOL0(CODEC) ff_##CODEC##_encoder
@@ -93,6 +94,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
return 0;
maxpixels = maxpixels_per_frame * maxiteration;
+ switch (c->p.id) {
+ case AV_CODEC_ID_A64_MULTI: maxpixels /= 65536; break;
+ }
maxpixels_per_frame = FFMIN(maxpixels_per_frame , maxpixels);
@@ -168,6 +172,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
frame->height = ctx->height;
while (data < end && it < maxiteration) {
+ ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
+ if (ec_pixels > maxpixels)
+ goto maximums_reached;
+
res = av_frame_get_buffer(frame, 0);
if (res < 0)
error("Failed av_frame_get_buffer");
@@ -192,7 +200,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
av_packet_unref(avpkt);
}
-
+maximums_reached:
encode(ctx, NULL, avpkt);
av_packet_unref(avpkt);
Fixes: Timeout Fixes: 69097/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_A64MULTI_fuzzer-5062757287264256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_enc_fuzzer.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)