From 6f2625aafc3d59a538ad5009304b7cf1d2054c9d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 5 Jun 2019 13:21:59 +0200 Subject: [PATCH] tools/target_dec_fuzzer: Also fuzz extradata This should improve coverage Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 4f51b70b65..f456db0e7b 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -175,7 +175,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (size > 1024) { GetByteContext gbc; - bytestream2_init(&gbc, data + size - 1024, 1024); + int extradata_size; + size -= 1024; + bytestream2_init(&gbc, data + size, 1024); ctx->width = bytestream2_get_le32(&gbc); ctx->height = bytestream2_get_le32(&gbc); ctx->bit_rate = bytestream2_get_le64(&gbc); @@ -183,9 +185,18 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { // Try to initialize a parser for this codec, note, this may fail which just means we test without one if (bytestream2_get_byte(&gbc) & 1) parser = av_parser_init(c->id); + + extradata_size = bytestream2_get_le32(&gbc); + if (extradata_size < size) { + ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); + if (ctx->extradata) { + ctx->extradata_size = extradata_size; + size -= ctx->extradata_size; + memcpy(ctx->extradata, data + size, ctx->extradata_size); + } + } if (av_image_check_size(ctx->width, ctx->height, 0, ctx)) ctx->width = ctx->height = 0; - size -= 1024; } int res = avcodec_open2(ctx, c, NULL);