highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tools/target_bsf_fuzzer: Call av_bsf_flush() in a fuzzer choosen pattern

Browse Source 
This should increase coverage.

Based on a commit by Michael Niedermayer

Signed-off-by: James Almer <jamrial@gmail.com>
This commit is contained in:
James Almer
2020-11-14 22:11:17 -03:00
parent cb59cd3466
commit 837eb320b8
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tools/target_bsf_fuzzer.c
View File

@@ -43,6 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
AVBSFContext *bsf = NULL; AVBSFContext *bsf = NULL;
AVPacket in, out; AVPacket in, out;
uint64_t keyframes = 0; uint64_t keyframes = 0;
uint64_t flushpattern = -1;
int res; int res;
if (!f) { if (!f) {
@@ -86,6 +87,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
bsf->par_in->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS; bsf->par_in->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
bsf->par_in->block_align = bytestream2_get_le32(&gbc); bsf->par_in->block_align = bytestream2_get_le32(&gbc);
keyframes = bytestream2_get_le64(&gbc); keyframes = bytestream2_get_le64(&gbc);
flushpattern = bytestream2_get_le64(&gbc);
if (extradata_size < size) { if (extradata_size < size) {
bsf->par_in->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); bsf->par_in->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
@@ -128,6 +130,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
data += sizeof(fuzz_tag); data += sizeof(fuzz_tag);
last = data; last = data;
if (!(flushpattern & 7))
av_bsf_flush(bsf);
flushpattern = (flushpattern >> 3) + (flushpattern << 61);
while (in.size) { while (in.size) {
res = av_bsf_send_packet(bsf, &in); res = av_bsf_send_packet(bsf, &in);
if (res < 0 && res != AVERROR(EAGAIN)) if (res < 0 && res != AVERROR(EAGAIN))