[FFmpeg-devel] [PATCH 40/48] tools/target_bsf_fuzzer: use av_packet_alloc() to allocate packets

James Almer jamrial at gmail.com
Fri Mar 5 18:33:31 EET 2021


Signed-off-by: James Almer <jamrial at gmail.com>
---
 tools/target_bsf_fuzzer.c | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/tools/target_bsf_fuzzer.c b/tools/target_bsf_fuzzer.c
index 8781a93ac3..bab809162a 100644
--- a/tools/target_bsf_fuzzer.c
+++ b/tools/target_bsf_fuzzer.c
@@ -42,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     const uint8_t *last = data;
     const uint8_t *end = data + size;
     AVBSFContext *bsf = NULL;
-    AVPacket in, out;
+    AVPacket *in, *out;
     uint64_t keyframes = 0;
     uint64_t flushpattern = -1;
     int res;
@@ -119,10 +119,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         return 0; // Failure of av_bsf_init() does not imply that a issue was found
     }
 
-    av_init_packet(&in);
-    av_init_packet(&out);
-    out.data = NULL;
-    out.size = 0;
+    in = av_packet_alloc();
+    out = av_packet_alloc();
+    if (!in || !out)
+        error("Failed memory allocation");
+
     while (data < end) {
         // Search for the TAG
         while (data + sizeof(fuzz_tag) < end) {
@@ -133,11 +134,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         if (data + sizeof(fuzz_tag) > end)
             data = end;
 
-        res = av_new_packet(&in, data - last);
+        res = av_new_packet(in, data - last);
         if (res < 0)
             error("Failed memory allocation");
-        memcpy(in.data, last, data - last);
-        in.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
+        memcpy(in->data, last, data - last);
+        in->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
         keyframes = (keyframes >> 2) + (keyframes<<62);
         data += sizeof(fuzz_tag);
         last = data;
@@ -146,26 +147,28 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             av_bsf_flush(bsf);
         flushpattern = (flushpattern >> 3) + (flushpattern << 61);
 
-        while (in.size) {
-            res = av_bsf_send_packet(bsf, &in);
+        while (in->size) {
+            res = av_bsf_send_packet(bsf, in);
             if (res < 0 && res != AVERROR(EAGAIN))
                 break;
-            res = av_bsf_receive_packet(bsf, &out);
+            res = av_bsf_receive_packet(bsf, out);
             if (res < 0)
                 break;
-            av_packet_unref(&out);
+            av_packet_unref(out);
         }
-        av_packet_unref(&in);
+        av_packet_unref(in);
     }
 
     res = av_bsf_send_packet(bsf, NULL);
     while (!res) {
-        res = av_bsf_receive_packet(bsf, &out);
+        res = av_bsf_receive_packet(bsf, out);
         if (res < 0)
             break;
-        av_packet_unref(&out);
+        av_packet_unref(out);
     }
 
+    av_packet_free(&in);
+    av_packet_free(&out);
     av_bsf_free(&bsf);
     return 0;
 }
-- 
2.30.1



More information about the ffmpeg-devel mailing list