#include "libavcodec/bytestream.h"
#include "libavformat/avformat.h"
+//For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected
+#include "libavcodec/internal.h"
+
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
extern AVCodec * codec_list[];
const uint64_t maxpixels_per_frame = 4096 * 4096;
uint64_t maxpixels;
+const uint64_t maxsamples_per_frame = 256*1024*32;
+uint64_t maxsamples;
+
static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const uint8_t *end = data + size;
uint32_t it = 0;
uint64_t ec_pixels = 0;
+ uint64_t nb_samples = 0;
int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture,
int *got_picture_ptr,
const AVPacket *avpkt) = NULL;
case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; break;
}
maxpixels = maxpixels_per_frame * maxiteration;
+ maxsamples = maxsamples_per_frame * maxiteration;
switch (c->id) {
// Allows a small input to generate gigantic output
+ case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
case AV_CODEC_ID_DIRAC: maxpixels /= 8192; break;
case AV_CODEC_ID_MSRLE: maxpixels /= 16; break;
case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
case AV_CODEC_ID_INDEO4: maxpixels /= 128; break;
case AV_CODEC_ID_LSCR: maxpixels /= 16; break;
case AV_CODEC_ID_MOTIONPIXELS:maxpixels /= 256; break;
+ case AV_CODEC_ID_MSS2: maxpixels /= 16384; break;
case AV_CODEC_ID_SNOW: maxpixels /= 128; break;
case AV_CODEC_ID_TRUEMOTION2: maxpixels /= 1024; break;
+ case AV_CODEC_ID_VP7: maxpixels /= 256; break;
}
ctx->max_pixels = maxpixels_per_frame; //To reduce false positive OOM and hangs
ctx->refcounted_frames = 1; //To reduce false positive timeouts and focus testing on the refcounted API
+ ctx->max_samples = maxsamples_per_frame;
+
if (size > 1024) {
GetByteContext gbc;
int extradata_size;
parser = av_parser_init(c->id);
extradata_size = bytestream2_get_le32(&gbc);
+
+ ctx->sample_rate = bytestream2_get_le32(&gbc);
+ ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
+
if (extradata_size < size) {
ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
if (ctx->extradata) {
av_frame_unref(frame);
int ret = decode_handler(ctx, frame, &got_frame, &avpkt);
- ec_pixels += ctx->width * ctx->height;
+ ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
ctx->error_concealment = 0;
if (ec_pixels > maxpixels)
goto maximums_reached;
+ nb_samples += frame->nb_samples;
+ if (nb_samples > maxsamples)
+ goto maximums_reached;
+
if (ret <= 0 || ret > avpkt.size)
break;
if (ctx->codec_type != AVMEDIA_TYPE_AUDIO)
decode_handler(ctx, frame, &got_frame, &avpkt);
} while (got_frame == 1 && it++ < maxiteration);
- fprintf(stderr, "pixels decoded: %"PRId64", iterations: %d\n", ec_pixels, it);
+ fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it);
av_frame_free(&frame);
avcodec_free_context(&ctx);
projects / ffmpeg / blobdiff