[FFmpeg-devel] [PATCH 1/3] tools/target_dec_fuzzer: Call avcodec_flush_buffers() in a fuzzer choosen pattern
James Almer
jamrial at gmail.com
Thu Nov 19 15:51:36 EET 2020
On 11/14/2020 10:29 PM, James Almer wrote:
> From: Michael Niedermayer <michael at niedermayer.cc>
>
> This should increase coverage
>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> Signed-off-by: James Almer <jamrial at gmail.com>
Ping for set.
> ---
> tools/target_dec_fuzzer.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index 4eb59bd296..11530cbf79 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -110,6 +110,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> const AVPacket *avpkt) = NULL;
> AVCodecParserContext *parser = NULL;
> uint64_t keyframes = 0;
> + uint64_t flushpattern = -1;
> AVDictionary *opts = NULL;
>
> if (!c) {
> @@ -239,6 +240,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> ctx->request_channel_layout = bytestream2_get_le64(&gbc);
>
> ctx->idct_algo = bytestream2_get_byte(&gbc) % 25;
> + flushpattern = bytestream2_get_le64(&gbc);
>
> if (flags & 0x20) {
> switch (ctx->codec_id) {
> @@ -332,6 +334,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> av_packet_move_ref(&avpkt, &parsepkt);
> }
>
> + if (!(flushpattern & 7))
> + avcodec_flush_buffers(ctx);
> + flushpattern = (flushpattern >> 3) + (flushpattern << 61);
> +
> // Iterate through all data
> while (avpkt.size > 0 && it++ < maxiteration) {
> av_frame_unref(frame);
>
More information about the ffmpeg-devel
mailing list