RepoMirrors/mpv
1
0
Fork 0
mirror of https://github.com/mpv-player/mpv synced 2025-02-16 12:17:12 +00:00
Code Issues Releases Wiki Activity
52,650 Commits 42 Branches 86 Tags 154 MiB
0db6abadd4
Commit Graph

24 Commits

Author SHA1 Message Date
Kacper Michajłow
7eec246d56 fuzzer_load: seal the input fd after writing the data 
Nothing should ever modify this data. Also, add CLOEXEC for good
measure.
 2024-06-25 02:17:40 +02:00
Kacper Michajłow
22ca65a59d fuzzer_set_property: destroy mpv also on error 
Shouldn't matter much and in fact even LSAN doesn't complain, but we
should clean it correctly.

Fixes: 1225bcbd41
 2024-06-24 17:36:53 +02:00
Kacper Michajłow
8a5989628c meson: add fuzzers alias for all fuzzer targets 
Makes it easier to build only fuzzer binaries and avoid building
unnecessary targets from subprojects.
 2024-06-24 17:36:53 +02:00
Kacper Michajłow
1225bcbd41 fuzzer_set_property: don't run mpv if set property failed 
We can avoid testing this cases, hopefully there are no side-effects
when set property fails.
 2024-06-24 03:05:09 +02:00
Kacper Michajłow
a5f2816278 fuzzer_load_{config_file,input_conf}: take into account file size limit 
We are strict about load command errors, so we have to clamp the size.
 2024-06-24 03:05:09 +02:00
Kacper Michajłow
799137a87c fuzzers: disallow include command in more principal way 
We should never allow include command for fuzzers and it can be
triggered also by direct set property.
 2024-06-24 03:05:09 +02:00
Kacper Michajłow
c3de4f04db fuzzer_load: disallow include option in config files 
It produces undeterministic results, especially if it do
`include=fd://N` which starts loading external data.
 2024-06-23 02:33:04 +02:00
Kacper Michajłow
8e7d442f08 fuzzers: enable edl, file and lavf protocols 
To close already fixes issues on OSS-Fuzz.

Hopefully there is enough space for those. There is no way of checking
that, except that it stops working.
 2024-06-18 03:11:14 +02:00
Kacper Michajłow
ee2be6dc82 fuzzer_set_property: force untimed and pause state 
We don't want to accidentally set those options and timeout in pause
state.

Remove video-osd as there is no reason to set it in fact.
 2024-06-18 03:11:14 +02:00
Kacper Michajłow
71d3f4157b fuzzers: disable some targets as we hit out of space errors 
To test if this resolves issues with oss-fuzz.
 2024-06-16 05:42:34 +02:00
Kacper Michajłow
9b935c9076 fuzzers/meson: set link language to cpp 2024-06-16 01:21:16 +02:00
Kacper Michajłow
fc0d0f10eb fuzzers/common: add prototype for LLVMFuzzerTestOneInput 
To suppress warning.
 2024-06-05 19:07:58 +02:00
Kacper Michajłow
f652f38147 Revert "fuzzers/load: clear old temp files if they exist" 
It is not a problem, so revert.

This reverts commit 06ec0319db.
 2024-05-24 16:55:04 +02:00
Kacper Michajłow
06ec0319db fuzzers/load: clear old temp files if they exist 
They were previously left over, and now that it looks like runners are
stuck, the big question is: is /tmp persistent?

This commit will be reverted after the next rebuild.
 2024-05-22 02:09:47 +02:00
Kacper Michajłow
e56054bc40 fuzzers: always return 0 
While LibFuzzer supports rejecting unwanted inputs, it looks like
Honggfuzz treats anything other than 0 as fatal error.

https://llvm.org/docs/LibFuzzer.html#rejecting-unwanted-inputs
348a472139/libhfuzz/persistent.c (L67)
This LOG_F calls exit(EXIT_FAILURE)
 2024-05-21 06:28:18 +02:00
Kacper Michajłow
7a93a584fc fuzzer: add dedicated fuzzers for each demuxer 
This will help drill deeper into specific code.
 2024-05-15 20:09:54 +02:00
Kacper Michajłow
6ede789092 fuzzer_load: use memfd_create instead of real file 
Should be slightly faster. Also fixes leaking temporary file on errors.
 2024-05-15 20:09:54 +02:00
Kacper Michajłow
3c26389312 fuzzer_load: merge file and config load into one file 
Removes code duplication. Add missing unlink while at it.
 2024-05-15 20:09:54 +02:00
Kacper Michajłow
fd1c13f9b3 fuzzers: don't build binaries for disabled protocols 
While there is a merit to test if disabled protocols doesn't crash or
something, such test can be made as simple unit tests, no fuzzing needed.
 2024-05-15 20:09:54 +02:00
Kacper Michajłow
c1d5f0e9c8 fuzzers: set network-timeout to 1 second 
We don't expect any data to actually access, so timeout as soon as
possible.
 2024-05-10 04:15:10 +02:00
Kacper Michajłow
bf6d49cbd4 fuzzer_loadfile_direct: exclude paths also for file:// 
Loading external files makes little sense. Might disable this completely
later, but let see how it works, The idea is the same as for direct
load. Exclude paths starting with `file://.` and `file:///`. But still
fuzz any processing that other input might have. It shouldn't be a huge
problem if we do `file://mpv` for example. Not great, but also not
terrible.
 2024-05-09 02:01:24 +02:00
Kacper Michajłow
49cb039b8c fuzzer_set_property: fix for other types than string 
I tested with string version, oops.
 2024-05-08 18:52:40 +02:00
Kacper Michajłow
e1d1eb7ace fuzzers: add fuzzer for config parsers 2024-05-08 18:52:40 +02:00
Kacper Michajłow
47dbc3a74e fuzzers: add new fuzzer targets 
fuzzer_set_property.c:

fuzz mpv_set_property in both initialized and non-initialized state.
Useful for user provided values sanitization test. I've already seen
some memory leaks in parsing code, good to drill it.

fuzzer_loadfile.c:

mpv_command "loadfile" test. Good for testing demuxers, decoding and
playback loop. Sadly in headless mode we can't really test AO and VO,
but at least all the code around can be fuzzed. Especially our custom
demuxers like demux_mkv.

fuzzer_loadfile_direct.c:

Similar to loadfile above, but instead of saving the data to file, it
passes the fuzz input in the command. Generated protocol specific
versions (mf:// and memory:// for now) and generic one.

Nothing really complex, but good start and even those few targets should
give good coverage of the most common code paths in libmpv.
 2024-04-27 02:47:47 +02:00