[FFmpeg-cvslog] tools/target_dec_fuzzer: Also fuzz extradata
Michael Niedermayer
git at videolan.org
Fri Jun 14 22:40:01 EEST 2019
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Jun 5 13:21:59 2019 +0200| [6f2625aafc3d59a538ad5009304b7cf1d2054c9d] | committer: Michael Niedermayer
tools/target_dec_fuzzer: Also fuzz extradata
This should improve coverage
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f2625aafc3d59a538ad5009304b7cf1d2054c9d
---
tools/target_dec_fuzzer.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 4f51b70b65..f456db0e7b 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -175,7 +175,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (size > 1024) {
GetByteContext gbc;
- bytestream2_init(&gbc, data + size - 1024, 1024);
+ int extradata_size;
+ size -= 1024;
+ bytestream2_init(&gbc, data + size, 1024);
ctx->width = bytestream2_get_le32(&gbc);
ctx->height = bytestream2_get_le32(&gbc);
ctx->bit_rate = bytestream2_get_le64(&gbc);
@@ -183,9 +185,18 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// Try to initialize a parser for this codec, note, this may fail which just means we test without one
if (bytestream2_get_byte(&gbc) & 1)
parser = av_parser_init(c->id);
+
+ extradata_size = bytestream2_get_le32(&gbc);
+ if (extradata_size < size) {
+ ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
+ if (ctx->extradata) {
+ ctx->extradata_size = extradata_size;
+ size -= ctx->extradata_size;
+ memcpy(ctx->extradata, data + size, ctx->extradata_size);
+ }
+ }
if (av_image_check_size(ctx->width, ctx->height, 0, ctx))
ctx->width = ctx->height = 0;
- size -= 1024;
}
int res = avcodec_open2(ctx, c, NULL);
More information about the ffmpeg-cvslog
mailing list