[FFmpeg-cvslog] tools/target_dem_fuzzer: Use file extensions listed in input formats
Michael Niedermayer
git at videolan.org
Thu Jun 11 16:03:11 EEST 2020
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Mon Jun 8 11:26:45 2020 +0200| [d3747f44315e2c6a07fcb85c973b863dd1a6614a] | committer: Michael Niedermayer
tools/target_dem_fuzzer: Use file extensions listed in input formats
This should make it easier for the fuzzer to fuzz formats being detected only by
file extension and thus increase coverage
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d3747f44315e2c6a07fcb85c973b863dd1a6614a
---
tools/target_dem_fuzzer.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index cc097da0d7..b8356c5aa1 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -18,6 +18,7 @@
#include "config.h"
#include "libavutil/avassert.h"
+#include "libavutil/avstring.h"
#include "libavcodec/avcodec.h"
#include "libavcodec/bytestream.h"
@@ -110,14 +111,38 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
error("Failed avformat_alloc_context()");
if (size > 2048) {
+ int flags;
+ char extension[64];
+
GetByteContext gbc;
memcpy (filename, data + size - 1024, 1024);
bytestream2_init(&gbc, data + size - 2048, 1024);
size -= 2048;
io_buffer_size = bytestream2_get_le32(&gbc) & 0xFFFFFFF;
- seekable = bytestream2_get_byte(&gbc) & 1;
+ flags = bytestream2_get_byte(&gbc);
+ seekable = flags & 1;
filesize = bytestream2_get_le64(&gbc) & 0x7FFFFFFFFFFFFFFF;
+
+ if ((flags & 2) && strlen(filename) < sizeof(filename) / 2) {
+ AVInputFormat *avif = NULL;
+ int avif_count = 0;
+ while ((avif = av_iformat_next(avif))) {
+ if (avif->extensions)
+ avif_count ++;
+ }
+ avif_count = bytestream2_get_le32(&gbc) % avif_count;
+
+ while ((avif = av_iformat_next(avif))) {
+ if (avif->extensions)
+ if (!avif_count--)
+ break;
+ }
+ av_strlcpy(extension, avif->extensions, sizeof(extension));
+ if (strchr(extension, ','))
+ *strchr(extension, ',') = 0;
+ av_strlcatf(filename, sizeof(filename), ".%s", extension);
+ }
}
io_buffer = av_malloc(io_buffer_size);
if (!io_buffer)
More information about the ffmpeg-cvslog
mailing list