[FFmpeg-devel] [PATCH] Make tools/target_dec_*_fuzzer buildable with configure and make

Michael Niedermayer michael at niedermayer.cc
Sat Apr 22 03:23:08 EEST 2017 

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 Makefile                  |  4 ++++
 configure                 | 12 ++++++++++++
 tools/Makefile            | 10 ++++++++++
 tools/target_dec_fuzzer.c | 12 ++++++++----
 4 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 559c5b8d5f..87304f8023 100644
--- a/Makefile
+++ b/Makefile
@@ -77,9 +77,13 @@ all: $(AVPROGS)
 $(TOOLS): %$(EXESUF): %.o
 	$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS)
 
+target_dec_%_fuzzer$(EXESUF): target_dec_%_fuzzer.o
+	$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH)
+
 tools/cws2fws$(EXESUF): ELIBS = $(ZLIB)
 tools/uncoded_frame$(EXESUF): $(FF_DEP_LIBS)
 tools/uncoded_frame$(EXESUF): ELIBS = $(FF_EXTRALIBS)
+tools/target_dec_%_fuzzer$(EXESUF): $(FF_DEP_LIBS)
 
 CONFIGURABLE_COMPONENTS =                                           \
     $(wildcard $(FFLIBS:%=$(SRC_PATH)/lib%/all*.c))                 \
diff --git a/configure b/configure
index 758607b502..a3c2371884 100755
--- a/configure
+++ b/configure
@@ -438,6 +438,8 @@ Developer options (useful when working on FFmpeg itself):
   --random-seed=VALUE      seed value for --enable/disable-random
   --disable-valgrind-backtrace do not print a backtrace under Valgrind
                            (only applies to --disable-optimizations builds)
+  --enable-osfuzz          Enable building fuzzer tool
+  --libfuzzer=PATH         path to libfuzzer
 
 NOTE: Object files are built at the place where configure is launched.
 EOF
@@ -1676,6 +1678,7 @@ CONFIG_LIST="
     fontconfig
     memory_poisoning
     neon_clobber_test
+    ossfuzz
     pic
     raise_major
     thumb
@@ -3508,6 +3511,9 @@ for opt do
         ;;
         --fatal-warnings) enable fatal_warnings
         ;;
+        --libfuzzer=*)
+            libfuzzer_path="$optval"
+        ;;
         *)
             optname="${opt%%=*}"
             optname="${optname#--}"
@@ -3576,6 +3582,11 @@ set >> $logfile
 
 test -n "$valgrind" && toolchain="valgrind-memcheck"
 
+enabled ossfuzz && {
+    add_cflags  -fsanitize=address,undefined -fsanitize-coverage=trace-pc-guard,trace-cmp -fno-omit-frame-pointer
+    add_ldflags -fsanitize=address,undefined -fsanitize-coverage=trace-pc-guard,trace-cmp
+}
+
 case "$toolchain" in
     *-asan)
         cc_default="${toolchain%-asan}"
@@ -6736,6 +6747,7 @@ SLIB_INSTALL_EXTRA_SHLIB=${SLIB_INSTALL_EXTRA_SHLIB}
 VERSION_SCRIPT_POSTPROCESS_CMD=${VERSION_SCRIPT_POSTPROCESS_CMD}
 SAMPLES:=${samples:-\$(FATE_SAMPLES)}
 NOREDZONE_FLAGS=$noredzone_flags
+LIBFUZZER_PATH=$libfuzzer_path
 EOF
 
 get_version(){
diff --git a/tools/Makefile b/tools/Makefile
index 49f55d2a9e..2b9432bcc2 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -1,6 +1,16 @@
 TOOLS = qt-faststart trasher uncoded_frame
 TOOLS-$(CONFIG_ZLIB) += cws2fws
 
+tools/target_dec_video_%_fuzzer.o: tools/target_dec_fuzzer.c
+	$(COMPILE_C) -DFFMPEG_CODEC=AV_CODEC_ID_$* -DFUZZ_FFMPEG_VIDEO
+
+tools/target_dec_audio_%_fuzzer.o: tools/target_dec_fuzzer.c
+	$(COMPILE_C) -DFFMPEG_CODEC=AV_CODEC_ID_$* -DFUZZ_FFMPEG_AUDIO
+
+tools/target_dec_subtitle_%_fuzzer.o: tools/target_dec_fuzzer.c
+	$(COMPILE_C) -DFFMPEG_CODEC=AV_CODEC_ID_$* -DFUZZ_FFMPEG_SUBTITLE
+
+
 OBJDIRS += tools
 
 clean::
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 43442a3616..5e6ed169d1 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -45,13 +45,17 @@
    https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
 */
 
+#include "config.h"
 #include "libavutil/avassert.h"
+#include "libavutil/imgutils.h"
 #include "libavutil/intreadwrite.h"
 
 #include "libavcodec/avcodec.h"
 #include "libavcodec/bytestream.h"
 #include "libavformat/avformat.h"
 
+#include <FuzzerInterface.h>
+
 static void error(const char *err)
 {
     fprintf(stderr, "%s", err);
@@ -96,16 +100,16 @@ typedef struct FuzzDataBuffer {
     uint8_t *data_;
 } FuzzDataBuffer;
 
-void FDBCreate(FuzzDataBuffer *FDB) {
+static void FDBCreate(FuzzDataBuffer *FDB) {
     FDB->size_ = 0x1000;
     FDB->data_ = av_malloc(FDB->size_);
     if (!FDB->data_)
         error("Failed memory allocation");
 }
 
-void FDBDesroy(FuzzDataBuffer *FDB) { av_free(FDB->data_); }
+static void FDBDesroy(FuzzDataBuffer *FDB) { av_free(FDB->data_); }
 
-void FDBRealloc(FuzzDataBuffer *FDB, size_t size) {
+static void FDBRealloc(FuzzDataBuffer *FDB, size_t size) {
     size_t needed = size + FF_INPUT_BUFFER_PADDING_SIZE;
     av_assert0(needed > size);
     if (needed > FDB->size_) {
@@ -117,7 +121,7 @@ void FDBRealloc(FuzzDataBuffer *FDB, size_t size) {
     }
 }
 
-void FDBPrepare(FuzzDataBuffer *FDB, AVPacket *dst, const uint8_t *data,
+static void FDBPrepare(FuzzDataBuffer *FDB, AVPacket *dst, const uint8_t *data,
                 size_t size)
 {
     FDBRealloc(FDB, size);
-- 
2.11.0

More information about the ffmpeg-devel mailing list