1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

tools:target_dem_fuzzer: Split into a fuzzer fuzzing at the protocol level and one fuzzing a fixed demuxer input

This should improve coverage and should improve the efficiency of seed files

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-07-19 17:54:10 +02:00
parent f5a61a1728
commit e3af2a0756
3 changed files with 15 additions and 2 deletions

View File

@ -56,6 +56,9 @@ tools/target_bsf_%_fuzzer$(EXESUF): tools/target_bsf_%_fuzzer.o $(FF_DEP_LIBS)
tools/target_dem_fuzzer$(EXESUF): tools/target_dem_fuzzer.o $(FF_DEP_LIBS)
$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH)
tools/target_io_dem_fuzzer$(EXESUF): tools/target_io_dem_fuzzer.o $(FF_DEP_LIBS)
$(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH)
tools/sofa2wavs$(EXESUF): ELIBS = $(FF_EXTRALIBS)
tools/uncoded_frame$(EXESUF): $(FF_DEP_LIBS)
tools/uncoded_frame$(EXESUF): ELIBS = $(FF_EXTRALIBS)

View File

@ -9,7 +9,10 @@ tools/target_bsf_%_fuzzer.o: tools/target_bsf_fuzzer.c
$(COMPILE_C) -DFFMPEG_BSF=$*
tools/target_dem_fuzzer.o: tools/target_dem_fuzzer.c
$(COMPILE_C)
$(COMPILE_C) -DIO_FLAT=1
tools/target_io_dem_fuzzer.o: tools/target_dem_fuzzer.c
$(COMPILE_C) -DIO_FLAT=0
OUTDIRS += tools

View File

@ -76,6 +76,10 @@ static int64_t io_seek(void *opaque, int64_t offset, int whence)
}
if (offset < 0 || offset > c->filesize)
return -1;
if (IO_FLAT) {
c->fuzz += offset - c->pos;
c->fuzz_size -= offset - c->pos;
}
c->pos = offset;
return 0;
}
@ -110,7 +114,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (!avfmt)
error("Failed avformat_alloc_context()");
if (size > 2048) {
if (IO_FLAT) {
seekable = 1;
io_buffer_size = size;
} else if (size > 2048) {
int flags;
char extension[64];