[FFmpeg-cvslog] tools/target_dem_fuzzer: Use file extensions listed in input formats

Michael Niedermayer git at videolan.org
Thu Jun 11 16:03:11 EEST 2020


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Mon Jun  8 11:26:45 2020 +0200| [d3747f44315e2c6a07fcb85c973b863dd1a6614a] | committer: Michael Niedermayer

tools/target_dem_fuzzer: Use file extensions listed in input formats

This should make it easier for the fuzzer to fuzz formats being detected only by
file extension and thus increase coverage

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d3747f44315e2c6a07fcb85c973b863dd1a6614a
---

 tools/target_dem_fuzzer.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index cc097da0d7..b8356c5aa1 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -18,6 +18,7 @@
 
 #include "config.h"
 #include "libavutil/avassert.h"
+#include "libavutil/avstring.h"
 
 #include "libavcodec/avcodec.h"
 #include "libavcodec/bytestream.h"
@@ -110,14 +111,38 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         error("Failed avformat_alloc_context()");
 
     if (size > 2048) {
+        int flags;
+        char extension[64];
+
         GetByteContext gbc;
         memcpy (filename, data + size - 1024, 1024);
         bytestream2_init(&gbc, data + size - 2048, 1024);
         size -= 2048;
 
         io_buffer_size = bytestream2_get_le32(&gbc) & 0xFFFFFFF;
-        seekable       = bytestream2_get_byte(&gbc) & 1;
+        flags          = bytestream2_get_byte(&gbc);
+        seekable       = flags & 1;
         filesize       = bytestream2_get_le64(&gbc) & 0x7FFFFFFFFFFFFFFF;
+
+        if ((flags & 2) && strlen(filename) < sizeof(filename) / 2) {
+            AVInputFormat *avif = NULL;
+            int avif_count = 0;
+            while ((avif = av_iformat_next(avif))) {
+                if (avif->extensions)
+                    avif_count ++;
+            }
+            avif_count =  bytestream2_get_le32(&gbc) % avif_count;
+
+            while ((avif = av_iformat_next(avif))) {
+                if (avif->extensions)
+                    if (!avif_count--)
+                        break;
+            }
+            av_strlcpy(extension, avif->extensions, sizeof(extension));
+            if (strchr(extension, ','))
+                *strchr(extension, ',') = 0;
+            av_strlcatf(filename, sizeof(filename), ".%s", extension);
+        }
     }
     io_buffer = av_malloc(io_buffer_size);
     if (!io_buffer)



More information about the ffmpeg-cvslog mailing list