[FFmpeg-cvslog] tools/target_bsf_fuzzer: Call av_bsf_flush() in a fuzzer choosen pattern
James Almer
git at videolan.org
Fri Nov 20 17:44:35 EET 2020
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Sat Nov 14 22:11:17 2020 -0300| [837eb320b818eec11005ae63eaa777c5ee17f536] | committer: James Almer
tools/target_bsf_fuzzer: Call av_bsf_flush() in a fuzzer choosen pattern
This should increase coverage.
Based on a commit by Michael Niedermayer
Signed-off-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=837eb320b818eec11005ae63eaa777c5ee17f536
---
tools/target_bsf_fuzzer.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/target_bsf_fuzzer.c b/tools/target_bsf_fuzzer.c
index 5d9f90075d..da8d62dd0b 100644
--- a/tools/target_bsf_fuzzer.c
+++ b/tools/target_bsf_fuzzer.c
@@ -43,6 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
AVBSFContext *bsf = NULL;
AVPacket in, out;
uint64_t keyframes = 0;
+ uint64_t flushpattern = -1;
int res;
if (!f) {
@@ -86,6 +87,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
bsf->par_in->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
bsf->par_in->block_align = bytestream2_get_le32(&gbc);
keyframes = bytestream2_get_le64(&gbc);
+ flushpattern = bytestream2_get_le64(&gbc);
if (extradata_size < size) {
bsf->par_in->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
@@ -128,6 +130,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
data += sizeof(fuzz_tag);
last = data;
+ if (!(flushpattern & 7))
+ av_bsf_flush(bsf);
+ flushpattern = (flushpattern >> 3) + (flushpattern << 61);
+
while (in.size) {
res = av_bsf_send_packet(bsf, &in);
if (res < 0 && res != AVERROR(EAGAIN))
More information about the ffmpeg-cvslog
mailing list