On 19.06.2015 00:59, Kieran Kunhya wrote: >> Thanks for this analysis. I've pushed the patch now. >> >> By the way, afl [1] is really a great tool for finding such problems. >> I can only recommend everyone to try it out yourself. > > Not to push this off-topic but can you let me know how you use afl > with ffmpeg - I could never get it to work when I was fuzzing h264. > Found lots of issues with zzuf though.
First one has to compile ffmpeg with afl, e.g. by running configure with -cc="afl-gcc" --cxx="afl-g++" (and optionally --assert-level=2 to find more problems). Then one has to find a suitable test case for the demuxer/decoder one is interested in. It is very important that it is small, ideally < 1kB. (The larger it is, the (very much) longer the fuzzing takes.) Finally one can run the afl fuzzer, e.g. with: afl-fuzz -i testcases/ -o results/ -m 1G -- ./ffmpeg -threads 1 -i @@ -threads 1 -f null /dev/null To improve the performance, I'm not fuzzing the ffmpeg binary, but rather a much simpler program based on the demuxing_decoding example, but adapted e.g. to only use one decoding thread to avoid variable test results. (Besides, h264 is one of the more complex codecs, if not the most complex one in FFmpeg, so fuzzing it thoroughly takes very long.) Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
