I am a bit undecided on listing them like this but it seems the fuzzer has difficulty finding valid tags (like in hapdec/snappy)
With this it finds issues in hapdec within seconds locally (with constrained w/h) while before on googles machienes it seemed not to get past the codec_tag switch at all on the days i checked Signed-off-by: Michael Niedermayer <[email protected]> --- tools/target_dec_fuzzer.c | 40 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 2d9d28b46d..03ff45a0f4 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -57,6 +57,43 @@ //For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected #include "libavcodec/internal.h" +unsigned codec_tags[] = { + 0x00000000, 0x00000001, 0x00000002, 0x00000003, 0x00000004, 0x00000006, 0x00000007, 0x0000000A, + 0x0000000F, 0x00000011, 0x00000017, 0x0000001B, 0x00000020, 0x00000022, 0x00000024, 0x00000031, + 0x00000045, 0x00000050, 0x00000055, 0x00000061, 0x00000062, 0x00000065, 0x00000069, 0x0000007C, + 0x00000081, 0x00000082, 0x00000100, 0x00000160, 0x00000161, 0x00000162, 0x00000163, 0x00000200, + 0x00000270, 0x0000028F, 0x00000401, 0x00000500, 0x00002000, 0x0000A109, 0x0200736D, 0x08505350, + 0x0F424752, 0x10424752, 0x10445350, 0x10445550, 0x10505350, 0x10544942, 0x1100736D, 0x18424752, + 0x18445550, 0x18505350, 0x18524742, 0x2033504D, 0x20335056, 0x20445550, 0x20455041, 0x204D4250, + 0x20505350, 0x20545344, 0x20636D73, 0x20637664, 0x20656C72, 0x20776172, 0x302E3151, 0x30303859, + 0x30313272, 0x30313276, 0x30313476, 0x30315652, 0x30323449, 0x30324C4D, 0x30324D54, 0x30325254, + 0x30325652, 0x30335652, 0x30345056, 0x30345652, 0x30355056, 0x30355649, 0x30375056, 0x30385056, + 0x30395056, 0x30484C55, 0x30573142, 0x30594C55, 0x312D6376, 0x31325452, 0x31335056, 0x31345649, + 0x31363248, 0x31474E50, 0x31515653, 0x31524356, 0x31535046, 0x3153534D, 0x31564256, 0x31564646, + 0x3156474B, 0x31564D57, 0x31564E57, 0x31565053, 0x31565341, 0x31573042, 0x31637661, 0x31637668, + 0x31706148, 0x31766568, 0x32335649, 0x32336E69, 0x3234504D, 0x32484C55, 0x324B4D53, 0x324D3247, + 0x324D4451, 0x32514853, 0x32524356, 0x32525541, 0x3253534D, 0x3253544D, 0x32564D57, 0x32565341, + 0x32594C55, 0x32595559, 0x32637374, 0x3267706D, 0x32706A6D, 0x332D6365, 0x3334504D, 0x33363248, + 0x3343414D, 0x33445844, 0x334D3247, 0x33515653, 0x33564D57, 0x33637661, 0x34326E69, 0x34355053, + 0x34363248, 0x3447504D, 0x34484C55, 0x344D3247, 0x34504D46, 0x34616D69, 0x34767579, 0x3535354C, + 0x3536354C, 0x35706148, 0x3643414D, 0x38303376, 0x38303476, 0x385F3832, 0x39565559, 0x3A44534C, + 0x41365056, 0x41424752, 0x414B4D53, 0x41524742, 0x41524C55, 0x41525541, 0x41706148, 0x42313459, + 0x42323459, 0x42494C5A, 0x43414658, 0x43435349, 0x43435352, 0x434C4C43, 0x43534141, 0x43534454, + 0x43564D46, 0x43564D4B, 0x4356534D, 0x43565543, 0x44435343, 0x44484643, 0x44495658, 0x44535342, + 0x454C4256, 0x454D414C, 0x454E4F4E, 0x4649464A, 0x46564D41, 0x47423432, 0x474E504D, 0x47504A4C, + 0x47504A4D, 0x47504A52, 0x47524C55, 0x48564646, 0x485A534D, 0x49445844, 0x49544C55, 0x49555641, + 0x4A63706C, 0x4B435544, 0x4C584956, 0x4D415243, 0x4D424C49, 0x4D435041, 0x4D706148, 0x4F43455A, + 0x4F434F4C, 0x50303434, 0x50313459, 0x50343434, 0x50444147, 0x50444152, 0x50535010, 0x50554410, + 0x50554418, 0x50554420, 0x524A4C43, 0x5347414C, 0x534C4A4D, 0x53504238, 0x55575246, 0x55594648, + 0x56424D5A, 0x56434946, 0x574D5632, 0x574F4E53, 0x58514843, 0x58565338, 0x5947414D, 0x59706148, + 0x6134706D, 0x617A7072, 0x624B4942, 0x62706A6D, 0x62776173, 0x63616C61, 0x63617264, 0x63637374, + 0x636E4D56, 0x64697663, 0x646F6369, 0x64756164, 0x664B4942, 0x67337874, 0x68347061, 0x68637061, + 0x68645641, 0x694B4942, 0x6B6F6F63, 0x6D63706C, 0x6D736761, 0x6E617858, 0x6E637061, 0x6E645641, + 0x6F56736D, 0x6F637061, 0x726D6173, 0x726F7478, 0x72706973, 0x73637061, 0x736F7774, 0x7375704F, + 0x74656E64, 0x746C7870, 0x74776F73, 0x76323130, 0x7634706D, 0x76757963, 0x77616C61, 0x77616C75, + 0x77726471, 0xFFFFFFFF, +}; + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); extern AVCodec * codec_list[]; @@ -209,7 +246,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ctx->sample_rate = bytestream2_get_le32(&gbc) & 0x7FFFFFFF; ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS; ctx->block_align = bytestream2_get_le32(&gbc) & 0x7FFFFFFF; - ctx->codec_tag = bytestream2_get_le32(&gbc); + ctx->codec_tag = codec_tags[bytestream2_get_le32(&gbc) % FF_ARRAY_ELEMS(codec_tags)]; + keyframes = bytestream2_get_le64(&gbc); ctx->request_channel_layout = bytestream2_get_le64(&gbc); -- 2.24.0 _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
