From ed77616f2953423b8cfa181ef41fb1423cb003ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= Date: Sun, 14 Jul 2024 00:59:50 +0200 Subject: [PATCH] fuzzer: stop player after 5 seconds of playback Timeouts can happen with various conditions, big, slow to decode files is one of them. Most of the time those timeouts are not really important to "fix". While they may show some issues like we currently have with audio EOF #14427 for ao-null-untimed. Most of the reports are completely not important and we should focus on other topics. Ignore the timeouts during file playback, note that this will still report any timeouts that happen in other conditions. 5 seconds of playback should cover most of interesting mpv code, even for strange samples. This will likely be reverted at some point in the future, but let first stabilize the OSS-Fuzz, without dozens of bogus timeouts. --- fuzzers/common.h | 26 ++++++++++++++++++++++++++ fuzzers/fuzzer_load.c | 9 +-------- fuzzers/fuzzer_loadfile_direct.c | 9 +-------- fuzzers/fuzzer_set_property.c | 9 +-------- 4 files changed, 29 insertions(+), 24 deletions(-) diff --git a/fuzzers/common.h b/fuzzers/common.h index 2a9448496a..2cc20308a0 100644 --- a/fuzzers/common.h +++ b/fuzzers/common.h @@ -43,3 +43,29 @@ static inline bool str_startswith(const char *str, size_t str_len, return false; return !memcmp(str, prefix, prefix_len); } + +#ifndef PLAYBACK_TIME_LIMIT +#define PLAYBACK_TIME_LIMIT 5 +#endif + +static inline void player_loop(mpv_handle *ctx) +{ + bool playing = false; + bool loaded = false; + int timeout = -1; + while (1) { + mpv_event *event = mpv_wait_event(ctx, timeout); + if (timeout == PLAYBACK_TIME_LIMIT && event->event_id == MPV_EVENT_NONE) + break; + if (event->event_id == MPV_EVENT_START_FILE) + loaded = playing = true; + if (event->event_id == MPV_EVENT_END_FILE) { + playing = false; + timeout = -1; + } + if (playing && event->event_id == MPV_EVENT_PLAYBACK_RESTART) + timeout = PLAYBACK_TIME_LIMIT; + if (loaded && event->event_id == MPV_EVENT_IDLE) + break; + } +} diff --git a/fuzzers/fuzzer_load.c b/fuzzers/fuzzer_load.c index 0024f5e6e8..7621c03211 100644 --- a/fuzzers/fuzzer_load.c +++ b/fuzzers/fuzzer_load.c @@ -81,14 +81,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) check_error(mpv_command(ctx, cmd)); #ifdef MPV_LOADFILE - bool loaded = false; - while (1) { - mpv_event *event = mpv_wait_event(ctx, -1); - if (event->event_id == MPV_EVENT_START_FILE) - loaded = true; - if (loaded && event->event_id == MPV_EVENT_IDLE) - break; - } + player_loop(ctx); #endif mpv_terminate_destroy(ctx); diff --git a/fuzzers/fuzzer_loadfile_direct.c b/fuzzers/fuzzer_loadfile_direct.c index 506670d9d4..fcc7f74539 100644 --- a/fuzzers/fuzzer_loadfile_direct.c +++ b/fuzzers/fuzzer_loadfile_direct.c @@ -75,14 +75,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) const char *cmd[] = {"loadfile", data, NULL}; check_error(mpv_command(ctx, cmd)); - bool loaded = false; - while (1) { - mpv_event *event = mpv_wait_event(ctx, -1); - if (event->event_id == MPV_EVENT_START_FILE) - loaded = true; - if (loaded && event->event_id == MPV_EVENT_IDLE) - break; - } + player_loop(ctx); mpv_terminate_destroy(ctx); diff --git a/fuzzers/fuzzer_set_property.c b/fuzzers/fuzzer_set_property.c index 6487697b96..c18fd48ff5 100644 --- a/fuzzers/fuzzer_set_property.c +++ b/fuzzers/fuzzer_set_property.c @@ -105,14 +105,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) const char *cmd[] = {"loadfile", "av://lavfi:yuvtestsrc=d=0.1", NULL}; check_error(mpv_command(ctx, cmd)); - bool loaded = false; - while (1) { - mpv_event *event = mpv_wait_event(ctx, -1); - if (event->event_id == MPV_EVENT_START_FILE) - loaded = true; - if (loaded && event->event_id == MPV_EVENT_IDLE) - break; - } + player_loop(ctx); #endif done: