[FFmpeg-devel] [PATCH 4/4] tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags
James Almer
jamrial at gmail.com
Sun Oct 13 00:00:39 EEST 2019
On 10/12/2019 5:34 PM, Michael Niedermayer wrote:
> This should improve coverage
>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> tools/target_dec_fuzzer.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index 0047c9eed6..4d03151735 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> int *got_picture_ptr,
> const AVPacket *avpkt) = NULL;
> AVCodecParserContext *parser = NULL;
> + uint64_t keyframes = 0;
>
>
> if (!c) {
> @@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
> ctx->block_align = bytestream2_get_le32(&gbc);
> ctx->codec_tag = bytestream2_get_le32(&gbc);
> + keyframes = bytestream2_get_le64(&gbc);
>
> if (extradata_size < size) {
> ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
> @@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> if (res < 0)
> error("Failed memory allocation");
> memcpy(parsepkt.data, last, data - last);
> + parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (keyframes & 2)/2 * AV_PKT_FLAG_KEY;
Doing !!(keyframes & 2) may communicate the intent more clearly, IMO.
> + keyframes = (keyframes >> 2) + (keyframes<<62);
> data += sizeof(fuzz_tag);
> last = data;
>
>
More information about the ffmpeg-devel
mailing list