FFmpeg: tools/target_bsf_fuzzer.c Source File

FFmpeg

[フレーム]

tools

target_bsf_fuzzer.c

Go to the documentation of this file.

1 /*

2 * This file is part of FFmpeg.

3 *

4 * FFmpeg is free software; you can redistribute it and/or

5 * modify it under the terms of the GNU Lesser General Public

6 * License as published by the Free Software Foundation; either

7 * version 2.1 of the License, or (at your option) any later version.

8 *

9 * FFmpeg is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

12 * Lesser General Public License for more details.

13 *

14 * You should have received a copy of the GNU Lesser General Public

15 * License along with FFmpeg; if not, write to the Free Software

16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

17 */

19 #include "config.h"

20 #include "libavutil/imgutils.h"

21 #include "libavutil/opt.h"

23 #include "libavcodec/avcodec.h"

24 #include "libavcodec/bsf.h"

25 #include "libavcodec/bsf_internal.h"

26 #include "libavcodec/bytestream.h"

27 #include "libavcodec/internal.h"

29 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

31 static void error(const char *err)

32 {

33 fprintf(stderr, "%s", err);

34 exit(1);

35 }

37 static const AVBitStreamFilter *f = NULL;

39 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;

41 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

42 const uint64_t fuzz_tag = FUZZ_TAG;

43 const uint8_t *last = data;

44 const uint8_t *end = data + size;

45 AVBSFContext *bsf = NULL;

46 AVPacket *pkt;

47 uint64_t keyframes = 0;

48 uint64_t flushpattern = -1;

49 int res;

51 if (!f) {

52 #ifdef FFMPEG_BSF

53 #define BSF_SYMBOL0(BSF) ff_##BSF##_bsf

54 #define BSF_SYMBOL(BSF) BSF_SYMBOL0(BSF)

55 extern const AVBitStreamFilter BSF_SYMBOL(FFMPEG_BSF);

56 f = &BSF_SYMBOL(FFMPEG_BSF);

57 #endif

58 av_log_set_level(AV_LOG_PANIC);

59 }

61 res = f ? av_bsf_alloc(f, &bsf) : av_bsf_get_null_filter(&bsf);

62 if (res < 0)

63 error("Failed memory allocation");

64 f = bsf->filter;

66 if (size > 1024) {

67 GetByteContext gbc;

68 int extradata_size;

69 int flags;

70 size -= 1024;

71 bytestream2_init(&gbc, data + size, 1024);

72 bsf->par_in->width = bytestream2_get_le32(&gbc);

73 bsf->par_in->height = bytestream2_get_le32(&gbc);

74 bsf->par_in->bit_rate = bytestream2_get_le64(&gbc);

75 bsf->par_in->bits_per_coded_sample = bytestream2_get_le32(&gbc);

77 if (f->codec_ids) {

78 int i, id;

79 for (i = 0; f->codec_ids[i] != AV_CODEC_ID_NONE; i++);

80 id = f->codec_ids[bytestream2_get_byte(&gbc) % i];

81 bsf->par_in->codec_id = id;

82 bsf->par_in->codec_tag = bytestream2_get_le32(&gbc);

83 }

85 extradata_size = bytestream2_get_le32(&gbc);

87 bsf->par_in->sample_rate = bytestream2_get_le32(&gbc);

88 bsf->par_in->ch_layout.nb_channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;

89 bsf->par_in->block_align = bytestream2_get_le32(&gbc);

90 keyframes = bytestream2_get_le64(&gbc);

91 flushpattern = bytestream2_get_le64(&gbc);

92 flags = bytestream2_get_byte(&gbc);

94 if (flags & 0x20) {

95 if (!strcmp(f->name, "av1_metadata"))

96 av_opt_set_int(bsf->priv_data, "td", bytestream2_get_byte(&gbc) % 3, 0);

97 else if (!strcmp(f->name, "h264_metadata") || !strcmp(f->name, "h265_metadata"))

98 av_opt_set_int(bsf->priv_data, "aud", bytestream2_get_byte(&gbc) % 3, 0);

99 else if (!strcmp(f->name, "extract_extradata"))

100 av_opt_set_int(bsf->priv_data, "remove", bytestream2_get_byte(&gbc) & 1, 0);

101 }

102

103 if (extradata_size < size) {

104 bsf->par_in->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);

105 if (bsf->par_in->extradata) {

106 bsf->par_in->extradata_size = extradata_size;

107 size -= bsf->par_in->extradata_size;

108 memcpy(bsf->par_in->extradata, data + size, bsf->par_in->extradata_size);

109 }

110 }

111 if (av_image_check_size(bsf->par_in->width, bsf->par_in->height, 0, bsf))

112 bsf->par_in->width = bsf->par_in->height = 0;

113 }

114

115 res = av_bsf_init(bsf);

116 if (res < 0) {

117 av_bsf_free(&bsf);

118 return 0; // Failure of av_bsf_init() does not imply that a issue was found

119 }

120

121 pkt = av_packet_alloc();

122 if (!pkt)

123 error("Failed memory allocation");

124

125 while (data < end) {

126 // Search for the TAG

127 while (data + sizeof(fuzz_tag) < end) {

128 if (data[0] == (fuzz_tag & 0xFF) && AV_RN64(data) == fuzz_tag)

129 break;

130 data++;

131 }

132 if (data + sizeof(fuzz_tag) > end)

133 data = end;

134

135 res = av_new_packet(pkt, data - last);

136 if (res < 0)

137 error("Failed memory allocation");

138 memcpy(pkt->data, last, data - last);

139 pkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;

140 keyframes = (keyframes >> 2) + (keyframes<<62);

141 data += sizeof(fuzz_tag);

142 last = data;

143

144 if (!(flushpattern & 7))

145 av_bsf_flush(bsf);

146 flushpattern = (flushpattern >> 3) + (flushpattern << 61);

147

148 res = av_bsf_send_packet(bsf, pkt);

149 if (res < 0) {

150 av_packet_unref(pkt);

151 continue;

152 }

153 while (av_bsf_receive_packet(bsf, pkt) >= 0)

154 av_packet_unref(pkt);

155 }

156

157 av_bsf_send_packet(bsf, NULL);

158 while (av_bsf_receive_packet(bsf, pkt) >= 0)

159 av_packet_unref(pkt);

160

161 av_packet_free(&pkt);

162 av_bsf_free(&bsf);

163 return 0;

164 }

error

static void error(const char *err)

Definition: target_bsf_fuzzer.c:31

av_packet_unref

void av_packet_unref(AVPacket *pkt)

Wipe the packet.

Definition: avpacket.c:422

AVBSFContext::par_in

AVCodecParameters * par_in

Parameters of the input stream.

Definition: bsf.h:90

AVCodecParameters::extradata

uint8_t * extradata

Extra binary data needed for initializing the decoder, codec-dependent.

Definition: codec_par.h:75

bsf_internal.h

opt.h

GetByteContext

Definition: bytestream.h:33

AV_LOG_PANIC

#define AV_LOG_PANIC

Something went really wrong and we will crash now.

Definition: log.h:167

AV_PKT_FLAG_DISCARD

#define AV_PKT_FLAG_DISCARD

Flag is used to discard packets which are required to maintain valid decoder state but are not requir...

Definition: packet.h:436

AVBitStreamFilter::name

const char * name

Definition: bsf.h:112

AV_RN64

#define AV_RN64(p)

Definition: intreadwrite.h:368

internal.h

AVPacket::data

uint8_t * data

Definition: packet.h:374

data

const char data[16]

Definition: mxf.c:143

AVCodecParameters::codec_tag

uint32_t codec_tag

Additional information about the codec (corresponds to the AVI FOURCC).

Definition: codec_par.h:65

AVChannelLayout::nb_channels

int nb_channels

Number of channels in this layout.

Definition: channel_layout.h:300

av_bsf_free

void av_bsf_free(AVBSFContext **pctx)

Free a bitstream filter context and everything associated with it; write NULL into the supplied point...

Definition: bsf.c:53

AV_PKT_FLAG_KEY

#define AV_PKT_FLAG_KEY

The packet contains a keyframe.

Definition: packet.h:429

av_packet_free

void av_packet_free(AVPacket **pkt)

Free the packet, if the packet is reference counted, it will be unreferenced first.

Definition: avpacket.c:73

AVBSFContext

The bitstream filter state.

Definition: bsf.h:68

bsf.h

LLVMFuzzerTestOneInput

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)

Definition: target_bsf_fuzzer.c:41

pkt

AVPacket * pkt

Definition: movenc.c:59

av_new_packet

int av_new_packet(AVPacket *pkt, int size)

Allocate the payload of a packet and initialize its fields with default values.

Definition: avpacket.c:97

av_bsf_flush

void av_bsf_flush(AVBSFContext *ctx)

Reset the internal bitstream filter state.

Definition: bsf.c:191

AVCodecParameters::width

int width

Video only.

Definition: codec_par.h:127

FUZZ_TAG

static const uint64_t FUZZ_TAG

Definition: target_bsf_fuzzer.c:39

static const AVBitStreamFilter * f

Definition: target_bsf_fuzzer.c:37

av_bsf_alloc

int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx)

Allocate a context for a given bitstream filter.

Definition: bsf.c:105

AVBitStreamFilter::codec_ids

enum AVCodecID * codec_ids

A list of codec ids supported by the filter, terminated by AV_CODEC_ID_NONE.

Definition: bsf.h:119

av_bsf_init

int av_bsf_init(AVBSFContext *ctx)

Prepare the filter for use, after all the parameters and options have been set.

Definition: bsf.c:150

NULL

#define NULL

Definition: coverity.c:32

av_bsf_receive_packet

int av_bsf_receive_packet(AVBSFContext *ctx, AVPacket *pkt)

Retrieve a filtered packet.

Definition: bsf.c:231

AVCodecParameters::ch_layout

AVChannelLayout ch_layout

Audio only.

Definition: codec_par.h:212

AVCodecParameters::sample_rate

int sample_rate

Audio only.

Definition: codec_par.h:177

av_opt_set_int

int av_opt_set_int(void *obj, const char *name, int64_t val, int search_flags)

Definition: opt.c:624

AVCodecParameters::extradata_size

int extradata_size

Size of the extradata content in bytes.

Definition: codec_par.h:79

enum AVCodecID id

Definition: extract_extradata_bsf.c:324

av_bsf_send_packet

int av_bsf_send_packet(AVBSFContext *ctx, AVPacket *pkt)

Submit a packet for filtering.

Definition: bsf.c:203

size

int size

Definition: twinvq_data.h:10344

AVPacket::flags

int flags

A combination of AV_PKT_FLAG values.

Definition: packet.h:380

av_packet_alloc

AVPacket * av_packet_alloc(void)

Allocate an AVPacket and set its fields to default values.

Definition: avpacket.c:62

av_log_set_level

void av_log_set_level(int level)

Set the log level.

Definition: log.c:442

AV_CODEC_ID_NONE

@ AV_CODEC_ID_NONE

Definition: codec_id.h:48

#define i(width, name, range_min, range_max)

Definition: cbs_h2645.c:269

AVCodecParameters::height

int height

Definition: codec_par.h:128

AVCodecParameters::block_align

int block_align

Audio only.

Definition: codec_par.h:184

av_mallocz

void * av_mallocz(size_t size)

Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...

Definition: mem.c:264

avcodec.h

AVBSFContext::priv_data

void * priv_data

Opaque filter-specific private data.

Definition: bsf.h:83

av_bsf_get_null_filter

int av_bsf_get_null_filter(AVBSFContext **bsf)

Get null/pass-through bitstream filter.

Definition: bsf.c:554

AV_INPUT_BUFFER_PADDING_SIZE

#define AV_INPUT_BUFFER_PADDING_SIZE

Definition: defs.h:40

AVBitStreamFilter

Definition: bsf.h:111

AVBSFContext::filter

const struct AVBitStreamFilter * filter

The bitstream filter this context is an instance of.

Definition: bsf.h:77

AVCodecParameters::bits_per_coded_sample

int bits_per_coded_sample

The number of bits per sample in the codedwords.

Definition: codec_par.h:103

AVCodecParameters::codec_id

enum AVCodecID codec_id

Specific type of the encoded data (the codec used).

Definition: codec_par.h:61

AVPacket

This structure stores compressed data.

Definition: packet.h:351

bytestream.h

imgutils.h

bytestream2_init

static av_always_inline void bytestream2_init(GetByteContext *g, const uint8_t *buf, int buf_size)

Definition: bytestream.h:137

flags

#define flags(name, subs,...)

Definition: cbs_av1.c:561

AVCodecParameters::bit_rate

int64_t bit_rate

The average bitrate of the encoded data (in bits per second).

Definition: codec_par.h:90

av_image_check_size

int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx)

Check if the given dimension of an image is valid, meaning that all bytes of the image can be address...

Definition: imgutils.c:318

FF_SANE_NB_CHANNELS

#define FF_SANE_NB_CHANNELS

Definition: internal.h:36

Generated on Wed Aug 24 2022 21:42:27 for FFmpeg by doxygen 1.8.17