Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
Makefile | 4 ++++
configure | 12 ++++++++++++
tools/Makefile | 10 ++++++++++
tools/target_dec_fuzzer.c | 12 ++++++++----
4 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 559c5b8d5f..87304f8023 100644
--- a/Makefile
+++ b/Makefile
@@ -77,9 +77,13 @@ all: $(AVPROGS)
$(TOOLS): %$(EXESUF): %.o
$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS)
+target_dec_%_fuzzer$(EXESUF): target_dec_%_fuzzer.o
+ $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS)
$(LIBFUZZER_PATH)
+
tools/cws2fws$(EXESUF): ELIBS = $(ZLIB)
tools/uncoded_frame$(EXESUF): $(FF_DEP_LIBS)
tools/uncoded_frame$(EXESUF): ELIBS = $(FF_EXTRALIBS)
+tools/target_dec_%_fuzzer$(EXESUF): $(FF_DEP_LIBS)
CONFIGURABLE_COMPONENTS = \
$(wildcard $(FFLIBS:%=$(SRC_PATH)/lib%/all*.c)) \
diff --git a/configure b/configure
index 758607b502..a3c2371884 100755
--- a/configure
+++ b/configure
@@ -438,6 +438,8 @@ Developer options (useful when working on FFmpeg itself):
--random-seed=VALUE seed value for --enable/disable-random
--disable-valgrind-backtrace do not print a backtrace under Valgrind
(only applies to --disable-optimizations builds)
+ --enable-osfuzz Enable building fuzzer tool
+ --libfuzzer=PATH path to libfuzzer
NOTE: Object files are built at the place where configure is launched.
EOF
@@ -1676,6 +1678,7 @@ CONFIG_LIST="
fontconfig
memory_poisoning
neon_clobber_test
+ ossfuzz
pic
raise_major
thumb
@@ -3508,6 +3511,9 @@ for opt do
;;
--fatal-warnings) enable fatal_warnings
;;
+ --libfuzzer=*)
+ libfuzzer_path="$optval"
+ ;;
*)
optname="${opt%%=*}"
optname="${optname#--}"
@@ -3576,6 +3582,11 @@ set >> $logfile
test -n "$valgrind" && toolchain="valgrind-memcheck"
+enabled ossfuzz && {
+ add_cflags -fsanitize=address,undefined
-fsanitize-coverage=trace-pc-guard,trace-cmp -fno-omit-frame-pointer
+ add_ldflags -fsanitize=address,undefined
-fsanitize-coverage=trace-pc-guard,trace-cmp
+}
+
case "$toolchain" in
*-asan)
cc_default="${toolchain%-asan}"
@@ -6736,6 +6747,7 @@ SLIB_INSTALL_EXTRA_SHLIB=${SLIB_INSTALL_EXTRA_SHLIB}
VERSION_SCRIPT_POSTPROCESS_CMD=${VERSION_SCRIPT_POSTPROCESS_CMD}
SAMPLES:=${samples:-\$(FATE_SAMPLES)}
NOREDZONE_FLAGS=$noredzone_flags
+LIBFUZZER_PATH=$libfuzzer_path
EOF
get_version(){
diff --git a/tools/Makefile b/tools/Makefile
index 49f55d2a9e..2b9432bcc2 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -1,6 +1,16 @@
TOOLS = qt-faststart trasher uncoded_frame
TOOLS-$(CONFIG_ZLIB) += cws2fws
+tools/target_dec_video_%_fuzzer.o: tools/target_dec_fuzzer.c
+ $(COMPILE_C) -DFFMPEG_CODEC=AV_CODEC_ID_$* -DFUZZ_FFMPEG_VIDEO
+
+tools/target_dec_audio_%_fuzzer.o: tools/target_dec_fuzzer.c
+ $(COMPILE_C) -DFFMPEG_CODEC=AV_CODEC_ID_$* -DFUZZ_FFMPEG_AUDIO
+
+tools/target_dec_subtitle_%_fuzzer.o: tools/target_dec_fuzzer.c
+ $(COMPILE_C) -DFFMPEG_CODEC=AV_CODEC_ID_$* -DFUZZ_FFMPEG_SUBTITLE
+
+
OBJDIRS += tools
clean::
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 43442a3616..5e6ed169d1 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -45,13 +45,17 @@
https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
*/
+#include "config.h"
#include "libavutil/avassert.h"
+#include "libavutil/imgutils.h"
#include "libavutil/intreadwrite.h"
#include "libavcodec/avcodec.h"
#include "libavcodec/bytestream.h"
#include "libavformat/avformat.h"
+#include <FuzzerInterface.h>
+
static void error(const char *err)
{
fprintf(stderr, "%s", err);
@@ -96,16 +100,16 @@ typedef struct FuzzDataBuffer {
uint8_t *data_;
} FuzzDataBuffer;
-void FDBCreate(FuzzDataBuffer *FDB) {
+static void FDBCreate(FuzzDataBuffer *FDB) {
FDB->size_ = 0x1000;
FDB->data_ = av_malloc(FDB->size_);
if (!FDB->data_)
error("Failed memory allocation");
}
-void FDBDesroy(FuzzDataBuffer *FDB) { av_free(FDB->data_); }
+static void FDBDesroy(FuzzDataBuffer *FDB) { av_free(FDB->data_); }
-void FDBRealloc(FuzzDataBuffer *FDB, size_t size) {
+static void FDBRealloc(FuzzDataBuffer *FDB, size_t size) {
size_t needed = size + FF_INPUT_BUFFER_PADDING_SIZE;
av_assert0(needed > size);
if (needed > FDB->size_) {
@@ -117,7 +121,7 @@ void FDBRealloc(FuzzDataBuffer *FDB, size_t size) {
}
}
-void FDBPrepare(FuzzDataBuffer *FDB, AVPacket *dst, const uint8_t *data,
+static void FDBPrepare(FuzzDataBuffer *FDB, AVPacket *dst, const uint8_t *data,
size_t size)
{
FDBRealloc(FDB, size);
--
2.11.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
