virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Code Issues Releases Activity

tools/target_bsf_fuzzer: use av_packet_alloc() to allocate packets

Browse Source 
Signed-off-by: James Almer <jamrial@gmail.com>
This commit is contained in:
James Almer 2021-01-31 13:22:43 -03:00
parent 64f092eb5e
commit 36d4e4c9b5
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
tools/target_bsf_fuzzer.c
View File

@ -42,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
const uint8_t *last = data; const uint8_t *last = data;
const uint8_t *end = data + size; const uint8_t *end = data + size;
AVBSFContext *bsf = NULL; AVBSFContext *bsf = NULL;
AVPacket in, out; AVPacket *in, *out;
uint64_t keyframes = 0; uint64_t keyframes = 0;
uint64_t flushpattern = -1; uint64_t flushpattern = -1;
int res; int res;
@ -119,10 +119,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
return 0; // Failure of av_bsf_init() does not imply that a issue was found return 0; // Failure of av_bsf_init() does not imply that a issue was found
} }
av_init_packet(&in); in = av_packet_alloc();
av_init_packet(&out); out = av_packet_alloc();
out.data = NULL; if (!in || !out)
out.size = 0; error("Failed memory allocation");
while (data < end) { while (data < end) {
// Search for the TAG // Search for the TAG
while (data + sizeof(fuzz_tag) < end) { while (data + sizeof(fuzz_tag) < end) {
@ -133,11 +134,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (data + sizeof(fuzz_tag) > end) if (data + sizeof(fuzz_tag) > end)
data = end; data = end;
res = av_new_packet(&in, data - last); res = av_new_packet(in, data - last);
if (res < 0) if (res < 0)
error("Failed memory allocation"); error("Failed memory allocation");
memcpy(in.data, last, data - last); memcpy(in->data, last, data - last);
in.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; in->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
keyframes = (keyframes >> 2) + (keyframes<<62); keyframes = (keyframes >> 2) + (keyframes<<62);
data += sizeof(fuzz_tag); data += sizeof(fuzz_tag);
last = data; last = data;
@ -146,26 +147,28 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
av_bsf_flush(bsf); av_bsf_flush(bsf);
flushpattern = (flushpattern >> 3) + (flushpattern << 61); flushpattern = (flushpattern >> 3) + (flushpattern << 61);
while (in.size) { while (in->size) {
res = av_bsf_send_packet(bsf, &in); res = av_bsf_send_packet(bsf, in);
if (res < 0 && res != AVERROR(EAGAIN)) if (res < 0 && res != AVERROR(EAGAIN))
break; break;
res = av_bsf_receive_packet(bsf, &out); res = av_bsf_receive_packet(bsf, out);
if (res < 0) if (res < 0)
break; break;
av_packet_unref(&out); av_packet_unref(out);
} }
av_packet_unref(&in); av_packet_unref(in);
} }
res = av_bsf_send_packet(bsf, NULL); res = av_bsf_send_packet(bsf, NULL);
while (!res) { while (!res) {
res = av_bsf_receive_packet(bsf, &out); res = av_bsf_receive_packet(bsf, out);
if (res < 0) if (res < 0)
break; break;
av_packet_unref(&out); av_packet_unref(out);
} }
av_packet_free(&in);
av_packet_free(&out);
av_bsf_free(&bsf); av_bsf_free(&bsf);
return 0; return 0;
} }