RepoMirrors
/
mpv
mirror of https://github.com/mpv-player/mpv
1
0
Fork 0
Code Issues Releases Wiki Activity

fuzzer_load: use memfd_create instead of real file 

Should be slightly faster. Also fixes leaking temporary file on errors.
This commit is contained in:
Kacper Michajłow 2024-05-15 17:52:38 +02:00
parent 3c26389312
commit 6ede789092
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
fuzzers/fuzzer_load.c
View File

@ -19,6 +19,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <sys/mman.h>
#include <unistd.h> #include <unistd.h>
#include <libmpv/client.h> #include <libmpv/client.h>
@ -27,20 +28,21 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{ {
if (size == 0) // fmemopen doesn't have associated file descriptor, so we do copy.
return -1; int fd = memfd_create("fuzz_mpv_load", 0);
if (fd == -1)
char filename[15 + 10 + 1];
sprintf(filename, "/tmp/libfuzzer.%d", getpid());
FILE *fp = fopen(filename, "wb");
if (!fp)
exit(1); exit(1);
ssize_t written = 0;
if (fwrite(data, size, 1, fp) != 1) while (written < size) {
ssize_t result = write(fd, data + written, size - written);
if (result == -1)
exit(1);
written += result;
}
if (lseek(fd, 0, SEEK_SET) != 0)
exit(1); exit(1);
char filename[5 + 10 + 1];
if (fclose(fp)) if (sprintf(filename, "fd://%d", fd) <= 5)
exit(1); exit(1);
mpv_handle *ctx = mpv_create(); mpv_handle *ctx = mpv_create();
@ -69,7 +71,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
#endif #endif
mpv_terminate_destroy(ctx); mpv_terminate_destroy(ctx);
unlink(filename); close(fd);
return 0; return 0;
} }