[FFmpeg-cvslog] tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags
Michael Niedermayer
git at videolan.org
Tue Oct 15 18:11:23 EEST 2019
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Oct 12 22:34:03 2019 +0200| [ec9d48da195950bafce32ff8f5f8e10c4440daca] | committer: Michael Niedermayer
tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags
This should improve coverage
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec9d48da195950bafce32ff8f5f8e10c4440daca
---
tools/target_dec_fuzzer.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 0047c9eed6..38e085bc57 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
int *got_picture_ptr,
const AVPacket *avpkt) = NULL;
AVCodecParserContext *parser = NULL;
+ uint64_t keyframes = 0;
if (!c) {
@@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
ctx->block_align = bytestream2_get_le32(&gbc);
ctx->codec_tag = bytestream2_get_le32(&gbc);
+ keyframes = bytestream2_get_le64(&gbc);
if (extradata_size < size) {
ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
@@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (res < 0)
error("Failed memory allocation");
memcpy(parsepkt.data, last, data - last);
+ parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
+ keyframes = (keyframes >> 2) + (keyframes<<62);
data += sizeof(fuzz_tag);
last = data;
More information about the ffmpeg-cvslog
mailing list