On 8/7/2024 2:13 PM, Michael Niedermayer wrote:
On Wed, Aug 07, 2024 at 01:05:40PM -0300, James Almer wrote:
On 8/7/2024 12:51 PM, Michael Niedermayer wrote:
Signed-off-by: Michael Niedermayer <[email protected]>
---
Makefile | 2 +
tools/Makefile | 3 +
tools/target_swr_fuzzer.c | 150 ++++++++++++++++++++++++++++++++++++++
3 files changed, 155 insertions(+)
create mode 100644 tools/target_swr_fuzzer.c
diff --git a/Makefile b/Makefile
index 4c3af09fec4..b350d7748f5 100644
--- a/Makefile
+++ b/Makefile
@@ -70,6 +70,8 @@ tools/target_io_dem_fuzzer$(EXESUF):
tools/target_io_dem_fuzzer.o $(FF_DEP_LIBS)
tools/target_sws_fuzzer$(EXESUF): tools/target_sws_fuzzer.o $(FF_DEP_LIBS)
$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS)
$(LIBFUZZER_PATH)
+tools/target_swr_fuzzer$(EXESUF): tools/target_swr_fuzzer.o $(FF_DEP_LIBS)
+ $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS)
$(LIBFUZZER_PATH)
tools/enum_options$(EXESUF): ELIBS = $(FF_EXTRALIBS)
tools/enum_options$(EXESUF): $(FF_DEP_LIBS)
diff --git a/tools/Makefile b/tools/Makefile
index 2a11fa0ae62..7ae6e3cb75d 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -23,6 +23,9 @@ tools/target_io_dem_fuzzer.o: tools/target_dem_fuzzer.c
tools/target_sws_fuzzer.o: tools/target_sws_fuzzer.c
$(COMPILE_C)
+tools/target_swr_fuzzer.o: tools/target_swr_fuzzer.c
+ $(COMPILE_C)
+
tools/enc_recon_frame_test$(EXESUF): tools/decode_simple.o
tools/venc_data_dump$(EXESUF): tools/decode_simple.o
tools/scale_slice_test$(EXESUF): tools/decode_simple.o
diff --git a/tools/target_swr_fuzzer.c b/tools/target_swr_fuzzer.c
new file mode 100644
index 00000000000..b8af0bad78c
--- /dev/null
+++ b/tools/target_swr_fuzzer.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2024 Michael Niedermayer <[email protected]>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "config.h"
+#include "libavutil/avassert.h"
+#include "libavutil/avstring.h"
+#include "libavutil/cpu.h"
+#include "libavutil/imgutils.h"
+#include "libavutil/intreadwrite.h"
+#include "libavutil/mem.h"
+#include "libavutil/opt.h"
+
+#include "libavcodec/bytestream.h"
+
+#include "libswresample/swresample.h"
+
+#define SWR_CH_MAX 32
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static const enum AVSampleFormat formats[] = {
+ AV_SAMPLE_FMT_U8,
+ AV_SAMPLE_FMT_U8P,
+ AV_SAMPLE_FMT_S16,
+ AV_SAMPLE_FMT_S16P,
+ AV_SAMPLE_FMT_S32,
+ AV_SAMPLE_FMT_S32P,
+ AV_SAMPLE_FMT_FLT,
+ AV_SAMPLE_FMT_FLTP,
+ AV_SAMPLE_FMT_DBL,
+ AV_SAMPLE_FMT_DBLP,
+};
+
+static const AVChannelLayout layouts[]={
+ AV_CHANNEL_LAYOUT_MONO ,
+ AV_CHANNEL_LAYOUT_STEREO ,
+ AV_CHANNEL_LAYOUT_2_1 ,
+ AV_CHANNEL_LAYOUT_SURROUND ,
+ AV_CHANNEL_LAYOUT_4POINT0 ,
+ AV_CHANNEL_LAYOUT_2_2 ,
+ AV_CHANNEL_LAYOUT_QUAD ,
+ AV_CHANNEL_LAYOUT_5POINT0 ,
+ AV_CHANNEL_LAYOUT_5POINT1 ,
+ AV_CHANNEL_LAYOUT_5POINT0_BACK ,
+ AV_CHANNEL_LAYOUT_5POINT1_BACK ,
+ AV_CHANNEL_LAYOUT_7POINT0 ,
+ AV_CHANNEL_LAYOUT_7POINT1 ,
+ AV_CHANNEL_LAYOUT_7POINT1_WIDE ,
+ AV_CHANNEL_LAYOUT_22POINT2 ,
+ AV_CHANNEL_LAYOUT_5POINT1POINT2_BACK ,
Maybe also AV_CHANNEL_LAYOUT_22POINT2 to ensure the fallback to 7.1(wide)+BC
in rematrix.c works as intended.
added with my time-machiene, can you confirm its in the mail i sent before
your reply ?
I'm blind, disregard this.
+};
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ const uint8_t *end = data + size;
+ struct SwrContext * swr= NULL;
+ AVChannelLayout in_ch_layout = { 0 }, out_ch_layout = { 0 };
+ enum AVSampleFormat in_sample_fmt = AV_SAMPLE_FMT_S16P;
+ enum AVSampleFormat out_sample_fmt = AV_SAMPLE_FMT_S16P;
+ int in_sample_rate = 44100;
+ int out_sample_rate = 44100;
+ int in_ch_count, out_ch_count;
+ char in_layout_string[256];
+ char out_layout_string[256];
+ uint8_t * ain[SWR_CH_MAX];
+ uint8_t *aout[SWR_CH_MAX];
+ uint8_t *out_data;
+ int in_sample_nb;
+ int out_sample_nb = size;
+ int count;
+
+ if (size > 128) {
+ GetByteContext gbc;
+ int64_t flags64;
+
+ size -= 128;
+ bytestream2_init(&gbc, data + size, 128);
+ in_sample_rate = bytestream2_get_le16(&gbc) + 1;
+ out_sample_rate = bytestream2_get_le16(&gbc) + 1;
+ in_sample_fmt = formats[bytestream2_get_byte(&gbc) %
FF_ARRAY_ELEMS(formats)];
+ out_sample_fmt = formats[bytestream2_get_byte(&gbc) %
FF_ARRAY_ELEMS(formats)];
+ av_channel_layout_copy(& in_ch_layout,
&layouts[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(layouts)]);
+ av_channel_layout_copy(&out_ch_layout,
&layouts[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(layouts)]);
Since you're only using native layouts, you could make the layouts array be
of uint64_t masks (AV_CH_LAYOUT_*) and use av_channel_layout_from_mask()
here.
I still refuse to do this because the fuzzer should have maximal coverage
and limiting things to subsets goes against that idea even if the current
code is limited to a subset
Maybe iam missing something of course, but it simply doesnt seem the right
direction
You're not really testing any fuzzed input whatsoever here because
you're passing strictly supported values to av_channel_layout_copy().
The difference in using av_channel_layout_from_mask() is that it should
be slightly faster (No uninit() call and no copy of the entire struct,
setting only the three fields that matter).
But it's mostly a nit too, so it's fine as is if you prefer it.
+
+ out_sample_nb = bytestream2_get_le32(&gbc);
+
+ flags64 = bytestream2_get_le64(&gbc);
+ if (flags64 & 0x10)
+ av_force_cpu_flags(0);
+ } else {
+ av_channel_layout_copy(& in_ch_layout, &layouts[0]);
+ av_channel_layout_copy(&out_ch_layout, &layouts[0]);
This else chunk can be removed if you initialize both layouts above to
(AVChannelLayout)AV_CHANNEL_LAYOUT_MONO instead.
changed
+ }
+
+ in_ch_count= in_ch_layout.nb_channels;
+ out_ch_count= out_ch_layout.nb_channels;
+ av_channel_layout_describe(& in_ch_layout, in_layout_string, sizeof(
in_layout_string));
+ av_channel_layout_describe(&out_ch_layout, out_layout_string,
sizeof(out_layout_string));
+
+ fprintf(stderr, "%s %d %s -> %s %d %s\n",
+ av_get_sample_fmt_name( in_sample_fmt), in_sample_rate,
in_layout_string,
+ av_get_sample_fmt_name(out_sample_fmt), out_sample_rate,
out_layout_string);
+
+ if (swr_alloc_set_opts2(&swr, &out_ch_layout, out_sample_fmt,
out_sample_rate,
+ &in_ch_layout, in_sample_fmt,
in_sample_rate,
+ 0, 0) < 0) {
+ fprintf(stderr, "Failed swr_alloc_set_opts2()\n");
+ goto end;
+ }
+
+ if(swr_init(swr) < 0) {
nit: space after the if.
changed
thx
[...]
_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
