[FFmpeg-cvslog] tools/target_dec_fuzzer: Also fuzz extradata

Fri, 14 Jun 2019 12:40:27 -0700 

ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Wed 
Jun  5 13:21:59 2019 +0200| [6f2625aafc3d59a538ad5009304b7cf1d2054c9d] | 
committer: Michael Niedermayer

tools/target_dec_fuzzer: Also fuzz extradata

This should improve coverage

Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f2625aafc3d59a538ad5009304b7cf1d2054c9d
---

 tools/target_dec_fuzzer.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 4f51b70b65..f456db0e7b 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -175,7 +175,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t 
size) {
 
     if (size > 1024) {
         GetByteContext gbc;
-        bytestream2_init(&gbc, data + size - 1024, 1024);
+        int extradata_size;
+        size -= 1024;
+        bytestream2_init(&gbc, data + size, 1024);
         ctx->width                              = bytestream2_get_le32(&gbc);
         ctx->height                             = bytestream2_get_le32(&gbc);
         ctx->bit_rate                           = bytestream2_get_le64(&gbc);
@@ -183,9 +185,18 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t 
size) {
         // Try to initialize a parser for this codec, note, this may fail 
which just means we test without one
         if (bytestream2_get_byte(&gbc) & 1)
             parser = av_parser_init(c->id);
+
+        extradata_size = bytestream2_get_le32(&gbc);
+        if (extradata_size < size) {
+            ctx->extradata = av_mallocz(extradata_size + 
AV_INPUT_BUFFER_PADDING_SIZE);
+            if (ctx->extradata) {
+                ctx->extradata_size = extradata_size;
+                size -= ctx->extradata_size;
+                memcpy(ctx->extradata, data + size, ctx->extradata_size);
+            }
+        }
         if (av_image_check_size(ctx->width, ctx->height, 0, ctx))
             ctx->width = ctx->height = 0;
-        size -= 1024;
     }
 
     int res = avcodec_open2(ctx, c, NULL);

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to