[FFmpeg-cvslog] tools/target_bsf_fuzzer: Call av_bsf_flush() in a fuzzer choosen pattern

James Almer git at videolan.org
Fri Nov 20 17:44:35 EET 2020


ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Sat Nov 14 22:11:17 2020 -0300| [837eb320b818eec11005ae63eaa777c5ee17f536] | committer: James Almer

tools/target_bsf_fuzzer: Call av_bsf_flush() in a fuzzer choosen pattern

This should increase coverage.

Based on a commit by Michael Niedermayer

Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=837eb320b818eec11005ae63eaa777c5ee17f536
---

 tools/target_bsf_fuzzer.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/target_bsf_fuzzer.c b/tools/target_bsf_fuzzer.c
index 5d9f90075d..da8d62dd0b 100644
--- a/tools/target_bsf_fuzzer.c
+++ b/tools/target_bsf_fuzzer.c
@@ -43,6 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     AVBSFContext *bsf = NULL;
     AVPacket in, out;
     uint64_t keyframes = 0;
+    uint64_t flushpattern = -1;
     int res;
 
     if (!f) {
@@ -86,6 +87,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         bsf->par_in->channels                   = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
         bsf->par_in->block_align                = bytestream2_get_le32(&gbc);
         keyframes                               = bytestream2_get_le64(&gbc);
+        flushpattern                            = bytestream2_get_le64(&gbc);
 
         if (extradata_size < size) {
             bsf->par_in->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
@@ -128,6 +130,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         data += sizeof(fuzz_tag);
         last = data;
 
+        if (!(flushpattern & 7))
+            av_bsf_flush(bsf);
+        flushpattern = (flushpattern >> 3) + (flushpattern << 61);
+
         while (in.size) {
             res = av_bsf_send_packet(bsf, &in);
             if (res < 0 && res != AVERROR(EAGAIN))



More information about the ffmpeg-cvslog mailing list