From ec9d48da195950bafce32ff8f5f8e10c4440daca Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 12 Oct 2019 22:34:03 +0200
Subject: [PATCH] tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags

This should improve coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dec_fuzzer.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 0047c9eed6..38e085bc57 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
                           int *got_picture_ptr,
                           const AVPacket *avpkt) = NULL;
     AVCodecParserContext *parser = NULL;
+    uint64_t keyframes = 0;
 
 
     if (!c) {
@@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         ctx->channels                           = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
         ctx->block_align                        = bytestream2_get_le32(&gbc);
         ctx->codec_tag                          = bytestream2_get_le32(&gbc);
+        keyframes                               = bytestream2_get_le64(&gbc);
 
         if (extradata_size < size) {
             ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
@@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         if (res < 0)
             error("Failed memory allocation");
         memcpy(parsepkt.data, last, data - last);
+        parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
+        keyframes = (keyframes >> 2) + (keyframes<<62);
         data += sizeof(fuzz_tag);
         last = data;