* build the fuzz target.
Choose the value of FFMPEG_CODEC (e.g. AV_CODEC_ID_DVD_SUBTITLE) and
choose one of FUZZ_FFMPEG_VIDEO, FUZZ_FFMPEG_AUDIO, FUZZ_FFMPEG_SUBTITLE.
- clang -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp tools/target_dec_fuzzer.c -o target_dec_fuzzer -I. -DFFMPEG_CODEC=AV_CODEC_ID_MPEG1VIDEO -DFUZZ_FFMPEG_VIDEO ../../libfuzzer/libFuzzer.a -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavresample -Llibavutil -Llibpostproc -Llibswscale -Llibswresample -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common -Wl,-rpath-link=:libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil:libavresample -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb -lX11 -lasound -lm -lbz2 -lz -pthread
+ clang -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp tools/target_dec_fuzzer.c -o target_dec_fuzzer -I. -DFFMPEG_CODEC=AV_CODEC_ID_MPEG1VIDEO -DFUZZ_FFMPEG_VIDEO ../../libfuzzer/libFuzzer.a -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavutil -Llibpostproc -Llibswscale -Llibswresample -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common -Wl,-rpath-link=:libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb -lX11 -lasound -lm -lbz2 -lz -pthread
* create a corpus directory and put some samples there (empty dir is ok too):
mkdir CORPUS && cp some-files CORPUS
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
-extern AVCodec * codec_list[];
+extern const AVCodec * codec_list[];
static void error(const char *err)
{
exit(1);
}
-static AVCodec *c = NULL;
-static AVCodec *AVCodecInitialize(enum AVCodecID codec_id)
+static const AVCodec *c = NULL;
+static const AVCodec *AVCodecInitialize(enum AVCodecID codec_id)
{
- AVCodec *res;
+ const AVCodec *res;
res = avcodec_find_decoder(codec_id);
if (!res)
maxsamples = maxsamples_per_frame * maxiteration;
switch (c->id) {
case AV_CODEC_ID_AGM: maxpixels /= 1024; break;
+ case AV_CODEC_ID_ARBC: maxpixels /= 1024; break;
case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
case AV_CODEC_ID_CFHD: maxpixels /= 128; break;
case AV_CODEC_ID_COOK: maxsamples /= 1<<20; break;
case AV_CODEC_ID_DIRAC: maxpixels /= 8192; break;
case AV_CODEC_ID_DST: maxsamples /= 1<<20; break;
+ case AV_CODEC_ID_DVB_SUBTITLE: av_dict_set_int(&opts, "compute_clut", -2, 0); break;
case AV_CODEC_ID_DXV: maxpixels /= 32; break;
case AV_CODEC_ID_FFWAVESYNTH: maxsamples /= 16384; break;
+ case AV_CODEC_ID_FLAC: maxsamples /= 1024; break;
case AV_CODEC_ID_FLV1: maxpixels /= 1024; break;
case AV_CODEC_ID_G2M: maxpixels /= 1024; break;
case AV_CODEC_ID_GDV: maxpixels /= 512; break;
case AV_CODEC_ID_GIF: maxpixels /= 16; break;
+ case AV_CODEC_ID_H264: maxpixels /= 256; break;
case AV_CODEC_ID_HAP: maxpixels /= 128; break;
case AV_CODEC_ID_HEVC: maxpixels /= 16384; break;
case AV_CODEC_ID_HNM4_VIDEO: maxpixels /= 128; break;
case AV_CODEC_ID_PNG: maxpixels /= 128; break;
case AV_CODEC_ID_APNG: maxpixels /= 128; break;
case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
+ case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break;
case AV_CODEC_ID_RASC: maxpixels /= 16; break;
case AV_CODEC_ID_SANM: maxpixels /= 16; break;
case AV_CODEC_ID_SCPR: maxpixels /= 32; break;
case AV_CODEC_ID_TGV: maxpixels /= 32; break;
case AV_CODEC_ID_THEORA: maxpixels /= 1024; break;
case AV_CODEC_ID_TRUEMOTION2: maxpixels /= 1024; break;
+ case AV_CODEC_ID_TSCC: maxpixels /= 1024; break;
case AV_CODEC_ID_VC1IMAGE: maxpixels /= 8192; break;
case AV_CODEC_ID_VMNC: maxpixels /= 8192; break;
+ case AV_CODEC_ID_VP4: maxpixels /= 4096; break;
case AV_CODEC_ID_VP7: maxpixels /= 256; break;
case AV_CODEC_ID_VP9: maxpixels /= 4096; break;
case AV_CODEC_ID_WAVPACK: maxsamples /= 1024; break;