X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=tools%2Ftarget_dec_fuzzer.c;h=30909177ba4202e16436442b0383c34c9aa3648e;hb=7b6012efaae549b8e624876dba9550cb003f98b1;hp=83e06ef408b8ca346113b89004ac442118103791;hpb=fa7b7fdfa29ee0ef4c2b3376053ec3bc3b7d0308;p=ffmpeg diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 83e06ef408b..30909177ba4 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -152,16 +152,21 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { maxsamples = maxsamples_per_frame * maxiteration; switch (c->id) { case AV_CODEC_ID_AGM: maxpixels /= 1024; break; + case AV_CODEC_ID_ARBC: maxpixels /= 1024; break; case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break; case AV_CODEC_ID_CFHD: maxpixels /= 128; break; case AV_CODEC_ID_COOK: maxsamples /= 1<<20; break; case AV_CODEC_ID_DIRAC: maxpixels /= 8192; break; case AV_CODEC_ID_DST: maxsamples /= 1<<20; break; + case AV_CODEC_ID_DVB_SUBTITLE: av_dict_set_int(&opts, "compute_clut", -2, 0); break; case AV_CODEC_ID_DXV: maxpixels /= 32; break; case AV_CODEC_ID_FFWAVESYNTH: maxsamples /= 16384; break; + case AV_CODEC_ID_FLAC: maxsamples /= 1024; break; + case AV_CODEC_ID_FLV1: maxpixels /= 1024; break; case AV_CODEC_ID_G2M: maxpixels /= 1024; break; case AV_CODEC_ID_GDV: maxpixels /= 512; break; case AV_CODEC_ID_GIF: maxpixels /= 16; break; + case AV_CODEC_ID_H264: maxpixels /= 256; break; case AV_CODEC_ID_HAP: maxpixels /= 128; break; case AV_CODEC_ID_HEVC: maxpixels /= 16384; break; case AV_CODEC_ID_HNM4_VIDEO: maxpixels /= 128; break; @@ -172,6 +177,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { case AV_CODEC_ID_LSCR: maxpixels /= 16; break; case AV_CODEC_ID_MOTIONPIXELS:maxpixels /= 256; break; case AV_CODEC_ID_MP4ALS: maxsamples /= 65536; break; + case AV_CODEC_ID_MSA1: maxpixels /= 16384; break; case AV_CODEC_ID_MSRLE: maxpixels /= 16; break; case AV_CODEC_ID_MSS2: maxpixels /= 16384; break; case AV_CODEC_ID_MSZH: maxpixels /= 128; break; @@ -179,6 +185,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { case AV_CODEC_ID_PNG: maxpixels /= 128; break; case AV_CODEC_ID_APNG: maxpixels /= 128; break; case AV_CODEC_ID_QTRLE: maxpixels /= 16; break; + case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break; case AV_CODEC_ID_RASC: maxpixels /= 16; break; case AV_CODEC_ID_SANM: maxpixels /= 16; break; case AV_CODEC_ID_SCPR: maxpixels /= 32; break; @@ -188,10 +195,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { case AV_CODEC_ID_TGV: maxpixels /= 32; break; case AV_CODEC_ID_THEORA: maxpixels /= 1024; break; case AV_CODEC_ID_TRUEMOTION2: maxpixels /= 1024; break; + case AV_CODEC_ID_TSCC: maxpixels /= 1024; break; case AV_CODEC_ID_VC1IMAGE: maxpixels /= 8192; break; case AV_CODEC_ID_VMNC: maxpixels /= 8192; break; + case AV_CODEC_ID_VP4: maxpixels /= 4096; break; case AV_CODEC_ID_VP7: maxpixels /= 256; break; case AV_CODEC_ID_VP9: maxpixels /= 4096; break; + case AV_CODEC_ID_WAVPACK: maxsamples /= 1024; break; case AV_CODEC_ID_WMV3IMAGE: maxpixels /= 8192; break; case AV_CODEC_ID_WS_VQA: maxpixels /= 16384; break; case AV_CODEC_ID_WMALOSSLESS: maxsamples /= 1024; break; @@ -292,13 +302,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int got_frame; AVFrame *frame = av_frame_alloc(); - if (!frame) + AVPacket *avpkt = av_packet_alloc(); + AVPacket *parsepkt = av_packet_alloc(); + if (!frame || !avpkt || !parsepkt) error("Failed memory allocation"); // Read very simple container - AVPacket avpkt, parsepkt; - av_init_packet(&avpkt); - av_init_packet(&parsepkt); while (data < end && it < maxiteration) { // Search for the TAG while (data + sizeof(fuzz_tag) < end) { @@ -309,43 +318,42 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (data + sizeof(fuzz_tag) > end) data = end; - res = av_new_packet(&parsepkt, data - last); + res = av_new_packet(parsepkt, data - last); if (res < 0) error("Failed memory allocation"); - memcpy(parsepkt.data, last, data - last); - parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; + memcpy(parsepkt->data, last, data - last); + parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; keyframes = (keyframes >> 2) + (keyframes<<62); data += sizeof(fuzz_tag); last = data; - while (parsepkt.size > 0) { + while (parsepkt->size > 0) { int decode_more; if (parser) { - av_init_packet(&avpkt); - int ret = av_parser_parse2(parser, parser_avctx, &avpkt.data, &avpkt.size, - parsepkt.data, parsepkt.size, - parsepkt.pts, parsepkt.dts, parsepkt.pos); - if (avpkt.data == parsepkt.data) { - avpkt.buf = av_buffer_ref(parsepkt.buf); - if (!avpkt.buf) + int ret = av_parser_parse2(parser, parser_avctx, &avpkt->data, &avpkt->size, + parsepkt->data, parsepkt->size, + parsepkt->pts, parsepkt->dts, parsepkt->pos); + if (avpkt->data == parsepkt->data) { + avpkt->buf = av_buffer_ref(parsepkt->buf); + if (!avpkt->buf) error("Failed memory allocation"); } else { - if (av_packet_make_refcounted(&avpkt) < 0) + if (av_packet_make_refcounted(avpkt) < 0) error("Failed memory allocation"); } - parsepkt.data += ret; - parsepkt.size -= ret; - parsepkt.pos += ret; - avpkt.pts = parser->pts; - avpkt.dts = parser->dts; - avpkt.pos = parser->pos; + parsepkt->data += ret; + parsepkt->size -= ret; + parsepkt->pos += ret; + avpkt->pts = parser->pts; + avpkt->dts = parser->dts; + avpkt->pos = parser->pos; if ( parser->key_frame == 1 || (parser->key_frame == -1 && parser->pict_type == AV_PICTURE_TYPE_I)) - avpkt.flags |= AV_PKT_FLAG_KEY; - avpkt.flags |= parsepkt.flags & AV_PKT_FLAG_DISCARD; + avpkt->flags |= AV_PKT_FLAG_KEY; + avpkt->flags |= parsepkt->flags & AV_PKT_FLAG_DISCARD; } else { - av_packet_move_ref(&avpkt, &parsepkt); + av_packet_move_ref(avpkt, parsepkt); } if (!(flushpattern & 7)) @@ -353,7 +361,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { flushpattern = (flushpattern >> 3) + (flushpattern << 61); if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) { - int ret = avcodec_send_packet(ctx, &avpkt); + int ret = avcodec_send_packet(ctx, avpkt); decode_more = ret >= 0; if(!decode_more) { ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL); @@ -368,7 +376,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { // Iterate through all data while (decode_more && it++ < maxiteration) { av_frame_unref(frame); - int ret = decode_handler(ctx, frame, &got_frame, &avpkt); + int ret = decode_handler(ctx, frame, &got_frame, avpkt); ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL); if (it > 20 || ec_pixels > 4 * ctx->max_pixels) @@ -378,30 +386,30 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (ctx->codec_type == AVMEDIA_TYPE_AUDIO && frame->nb_samples == 0 && !got_frame && - (avpkt.flags & AV_PKT_FLAG_DISCARD)) + (avpkt->flags & AV_PKT_FLAG_DISCARD)) nb_samples += ctx->max_samples; nb_samples += frame->nb_samples; if (nb_samples > maxsamples) goto maximums_reached; - if (ret <= 0 || ret > avpkt.size) + if (ret <= 0 || ret > avpkt->size) break; if (ctx->codec_type == AVMEDIA_TYPE_SUBTITLE) { - avpkt.data += ret; - avpkt.size -= ret; - decode_more = avpkt.size > 0; + avpkt->data += ret; + avpkt->size -= ret; + decode_more = avpkt->size > 0; } else decode_more = ret >= 0; } - av_packet_unref(&avpkt); + av_packet_unref(avpkt); } - av_packet_unref(&parsepkt); + av_packet_unref(parsepkt); } maximums_reached: - av_packet_unref(&avpkt); + av_packet_unref(avpkt); if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) avcodec_send_packet(ctx, NULL); @@ -409,7 +417,7 @@ maximums_reached: do { got_frame = 0; av_frame_unref(frame); - decode_handler(ctx, frame, &got_frame, &avpkt); + decode_handler(ctx, frame, &got_frame, avpkt); } while (got_frame == 1 && it++ < maxiteration); fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it); @@ -418,7 +426,8 @@ maximums_reached: avcodec_free_context(&ctx); avcodec_free_context(&parser_avctx); av_parser_close(parser); - av_packet_unref(&parsepkt); + av_packet_free(&avpkt); + av_packet_free(&parsepkt); av_dict_free(&opts); return 0; }