[FFmpeg-devel] [PATCH 5/6] tools/target_dec_fuzzer: Do not corrupt the packet size return

Sun Aug 25 21:47:50 EEST 2019

On 8/25/2019 3:41 PM, Michael Niedermayer wrote:
> Fixes: Timeout (infinite)
> Fixes: 16732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5642166377906176
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  tools/target_dec_fuzzer.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index ce259f35e6..57c75bbfab 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -222,7 +222,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
>                      if (!avpkt.buf)
>                          error("Failed memory allocation");
>                  } else {
> -                    ret = av_packet_make_refcounted(&avpkt);
> +                    int ret = av_packet_make_refcounted(&avpkt);

Could also instead make it "if (av_packet_make_refcounted(&avpkt) < 0)
error()".

LGTM either way.

>                      if (ret < 0)
>                          error("Failed memory allocation");
>                  }
> 