c->filesize = FFMIN(c->pos, c->filesize);
return AVERROR_EOF;
}
+ if (c->pos > INT64_MAX - size)
+ return AVERROR(EIO);
memcpy(buf, c->fuzz, size);
c->fuzz += size;
// Ensure we don't loop forever
const uint32_t maxiteration = 8096;
+const int maxblocks= 50000;
static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
const uint64_t fuzz_tag = FUZZ_TAG;
uint32_t it = 0;
AVFormatContext *avfmt = avformat_alloc_context();
- AVPacket pkt;
+ AVPacket *pkt;
char filename[1025] = {0};
AVIOContext *fuzzed_pb = NULL;
uint8_t *io_buffer;
av_strlcatf(filename, sizeof(filename), ".%s", extension);
}
}
+
+ if (!io_buffer_size || size / io_buffer_size > maxblocks)
+ io_buffer_size = size;
+
+ pkt = av_packet_alloc();
+ if (!pkt)
+ error("Failed to allocate pkt");
+
io_buffer = av_malloc(io_buffer_size);
if (!io_buffer)
error("Failed to allocate io_buffer");
ret = avformat_open_input(&avfmt, filename, fmt, NULL);
if (ret < 0) {
- av_freep(&fuzzed_pb->buffer);
- av_freep(&fuzzed_pb);
- avformat_free_context(avfmt);
- return 0;
+ goto fail;
}
ret = avformat_find_stream_info(avfmt, NULL);
- av_init_packet(&pkt);
-
//TODO, test seeking
for(it = 0; it < maxiteration; it++) {
- ret = av_read_frame(avfmt, &pkt);
+ ret = av_read_frame(avfmt, pkt);
if (ret < 0)
break;
- av_packet_unref(&pkt);
+ av_packet_unref(pkt);
}
-end:
+
+fail:
+ av_packet_free(&pkt);
av_freep(&fuzzed_pb->buffer);
- av_freep(&fuzzed_pb);
+ avio_context_free(&fuzzed_pb);
avformat_close_input(&avfmt);
return 0;
+
}