[FFmpeg-devel] [PATCH] add tools/target_swr_fuzzer

Michael Niedermayer michael at niedermayer.cc
Wed Aug 7 18:35:14 EEST 2024 

On Wed, Jun 26, 2024 at 10:35:32AM -0300, James Almer wrote:
> On 6/26/2024 8:40 AM, Michael Niedermayer wrote:
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >   Makefile                  |   2 +
> >   tools/Makefile            |   3 +
> >   tools/target_swr_fuzzer.c | 161 ++++++++++++++++++++++++++++++++++++++
> >   3 files changed, 166 insertions(+)
> >   create mode 100644 tools/target_swr_fuzzer.c
> > 
> > diff --git a/Makefile b/Makefile
> > index 4c3af09fec4..b350d7748f5 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -70,6 +70,8 @@ tools/target_io_dem_fuzzer$(EXESUF): tools/target_io_dem_fuzzer.o $(FF_DEP_LIBS)
> >   tools/target_sws_fuzzer$(EXESUF): tools/target_sws_fuzzer.o $(FF_DEP_LIBS)
> >   	$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH)
> > +tools/target_swr_fuzzer$(EXESUF): tools/target_swr_fuzzer.o $(FF_DEP_LIBS)
> > +	$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH)
> >   tools/enum_options$(EXESUF): ELIBS = $(FF_EXTRALIBS)
> >   tools/enum_options$(EXESUF): $(FF_DEP_LIBS)
> > diff --git a/tools/Makefile b/tools/Makefile
> > index 2a11fa0ae62..7ae6e3cb75d 100644
> > --- a/tools/Makefile
> > +++ b/tools/Makefile
> > @@ -23,6 +23,9 @@ tools/target_io_dem_fuzzer.o: tools/target_dem_fuzzer.c
> >   tools/target_sws_fuzzer.o: tools/target_sws_fuzzer.c
> >   	$(COMPILE_C)
> > +tools/target_swr_fuzzer.o: tools/target_swr_fuzzer.c
> > +	$(COMPILE_C)
> > +
> >   tools/enc_recon_frame_test$(EXESUF): tools/decode_simple.o
> >   tools/venc_data_dump$(EXESUF): tools/decode_simple.o
> >   tools/scale_slice_test$(EXESUF): tools/decode_simple.o
> > diff --git a/tools/target_swr_fuzzer.c b/tools/target_swr_fuzzer.c
> > new file mode 100644
> > index 00000000000..f235b5453ec
> > --- /dev/null
> > +++ b/tools/target_swr_fuzzer.c
> > @@ -0,0 +1,161 @@
> > +/*
> > + * Copyright (c) 2024 Michael Niedermayer <michael-ffmpeg at niedermayer.cc>
> > + *
> > + * This file is part of FFmpeg.
> > + *
> > + * FFmpeg is free software; you can redistribute it and/or
> > + * modify it under the terms of the GNU Lesser General Public
> > + * License as published by the Free Software Foundation; either
> > + * version 2.1 of the License, or (at your option) any later version.
> > + *
> > + * FFmpeg is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> > + * Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public
> > + * License along with FFmpeg; if not, write to the Free Software
> > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> > + */
> > +
> > +#include "config.h"
> > +#include "libavutil/avassert.h"
> > +#include "libavutil/avstring.h"
> > +#include "libavutil/cpu.h"
> > +#include "libavutil/imgutils.h"
> > +#include "libavutil/intreadwrite.h"
> > +#include "libavutil/mem.h"
> > +#include "libavutil/opt.h"
> > +
> > +#include "libavcodec/bytestream.h"
> > +
> > +#include "libswresample/swresample.h"
> > +
> > +#define SWR_CH_MAX 32
> > +
> > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
> > +
> > +static const enum AVSampleFormat formats[] = {
> > +    AV_SAMPLE_FMT_U8,
> > +    AV_SAMPLE_FMT_U8P,
> > +    AV_SAMPLE_FMT_S16,
> > +    AV_SAMPLE_FMT_S16P,
> > +    AV_SAMPLE_FMT_S32,
> > +    AV_SAMPLE_FMT_S32P,
> > +    AV_SAMPLE_FMT_FLT,
> > +    AV_SAMPLE_FMT_FLTP,
> > +    AV_SAMPLE_FMT_DBL,
> > +    AV_SAMPLE_FMT_DBLP,
> > +};
> > +
> > +static const AVChannelLayout layouts[]={
> 
> Dunno if it matters to save space, but since these are all native layouts
> you could store the masks here as an array of uint64_t, and use
> av_channel_layout_from_mask() instead of av_channel_layout_copy() below.

I think we should keep the more generic type


> 
> > +    AV_CHANNEL_LAYOUT_MONO               ,
> > +    AV_CHANNEL_LAYOUT_STEREO             ,
> > +    AV_CHANNEL_LAYOUT_2_1                ,
> > +    AV_CHANNEL_LAYOUT_SURROUND           ,
> > +    AV_CHANNEL_LAYOUT_4POINT0            ,
> > +    AV_CHANNEL_LAYOUT_2_2                ,
> > +    AV_CHANNEL_LAYOUT_QUAD               ,
> > +    AV_CHANNEL_LAYOUT_5POINT0            ,
> > +    AV_CHANNEL_LAYOUT_5POINT1            ,
> > +    AV_CHANNEL_LAYOUT_5POINT0_BACK       ,
> > +    AV_CHANNEL_LAYOUT_5POINT1_BACK       ,
> > +    AV_CHANNEL_LAYOUT_7POINT0            ,
> > +    AV_CHANNEL_LAYOUT_7POINT1            ,
> > +    AV_CHANNEL_LAYOUT_7POINT1_WIDE       ,
> 
> Add AV_CHANNEL_LAYOUT_22POINT2 too, which is processed as a 9 channels
> layout. And AV_CHANNEL_LAYOUT_5POINT1POINT2_BACK to test the top channels
> rematrix code.

added


> 
> > +};
> > +
> > +static void setup_array(uint8_t *out[SWR_CH_MAX], uint8_t *in, enum AVSampleFormat format, int samples){
> > +    if(av_sample_fmt_is_planar(format)){
> > +        int i;
> > +        int plane_size= av_get_bytes_per_sample(format&0xFF)*samples;
> > +        format&=0xFF;
> > +        for(i=0; i<SWR_CH_MAX; i++){
> > +            out[i]= in + i*plane_size;
> > +        }
> > +    }else{
> > +        out[0]= in;
> > +    }
> > +}
> > +
> > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> > +    const uint8_t *end = data + size;
> > +    struct SwrContext * swr= NULL;
> > +    AVChannelLayout in_ch_layout = { 0 }, out_ch_layout = { 0 };
> > +    enum AVSampleFormat  in_sample_fmt = AV_SAMPLE_FMT_S16P;
> > +    enum AVSampleFormat out_sample_fmt = AV_SAMPLE_FMT_S16P;
> > +    int  in_sample_rate = 44100;
> > +    int out_sample_rate = 44100;
> > +    int in_ch_count, out_ch_count;
> > +    char  in_layout_string[256];
> > +    char out_layout_string[256];
> > +    uint8_t * ain[SWR_CH_MAX];
> > +    uint8_t *aout[SWR_CH_MAX];
> > +    uint8_t *out_data;
> > +    int in_sample_nb;
> > +    int out_sample_nb = size;
> > +    int count;
> > +
> > +    if (size > 128) {
> > +        GetByteContext gbc;
> > +        int64_t flags64;
> > +
> > +        size -= 128;
> > +        bytestream2_init(&gbc, data + size, 128);
> > +         in_sample_rate = bytestream2_get_le16(&gbc) + 1;
> > +        out_sample_rate = bytestream2_get_le16(&gbc) + 1;
> > +         in_sample_fmt  = formats[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(formats)];
> > +        out_sample_fmt  = formats[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(formats)];
> > +        av_channel_layout_copy(& in_ch_layout,  &layouts[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(layouts)]);
> > +        av_channel_layout_copy(&out_ch_layout,  &layouts[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(layouts)]);
> > +
> > +        out_sample_nb = bytestream2_get_le32(&gbc);
> > +
> > +        flags64 = bytestream2_get_le64(&gbc);
> > +        if (flags64 & 0x10)
> > +            av_force_cpu_flags(0);
> > +    } else {
> > +        av_channel_layout_copy(& in_ch_layout,  &layouts[0]);
> > +        av_channel_layout_copy(&out_ch_layout,  &layouts[0]);
> > +    }
> > +
> > +     in_ch_count=  in_ch_layout.nb_channels;
> > +    out_ch_count= out_ch_layout.nb_channels;
> > +    av_channel_layout_describe(& in_ch_layout,  in_layout_string, sizeof( in_layout_string));
> > +    av_channel_layout_describe(&out_ch_layout, out_layout_string, sizeof(out_layout_string));
> > +
> > +    fprintf(stderr, "%s %d %s -> %s %d %s\n",
> > +            av_get_sample_fmt_name( in_sample_fmt),  in_sample_rate,  in_layout_string,
> > +            av_get_sample_fmt_name(out_sample_fmt), out_sample_rate, out_layout_string);
> > +
> > +    if (swr_alloc_set_opts2(&swr, &out_ch_layout, out_sample_fmt, out_sample_rate,
> > +                                  &in_ch_layout,   in_sample_fmt,  in_sample_rate,
> > +                                  0, 0) < 0) {
> > +        fprintf(stderr, "Failed swr_alloc_set_opts2()\n");
> > +        goto end;
> > +    }
> > +
> > +    if(swr_init(swr) < 0) {
> > +        fprintf(stderr, "Failed swr_init()\n");
> > +        goto end;
> > +    }
> > +
> > +     in_sample_nb = size / (in_ch_count * av_get_bytes_per_sample(in_sample_fmt));
> > +    out_sample_nb = out_sample_nb % (av_rescale(in_sample_nb, 2*out_sample_rate, in_sample_rate) + 1);
> > +
> > +    out_data = av_malloc(out_sample_nb * out_ch_count * av_get_bytes_per_sample(out_sample_fmt));
> > +    if (!out_data)
> > +        goto end;
> > +
> > +    setup_array(ain , (uint8_t*)data,  in_sample_fmt,  in_sample_nb);
> > +    setup_array(aout,       out_data, out_sample_fmt, out_sample_nb);
> 
> You could use av_samples_alloc() to fill both ain and aout.

av_samples_alloc() clears the buffers, only fuzzing with silence seems not correct.

next patch will use av_samples_fill_arrays()

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240807/57b44291/attachment.sig>

More information about the ffmpeg-devel mailing list