av1_dec_fuzzer: Remove fmemopen dependency
fmemopen is not preferred during fuzzing.
Removed all file operations.
Removed need for allocating a different input buffer.
data buffer is appropriately incremented and passed directly to decoder
This will also test input being sent in an unaligned buffer to the library.
Removed read_frame function and did the required parsing inline.
Change-Id: I52cc6be149f89824e57cefc9e35fb9138f634175
diff --git a/examples/av1_dec_fuzzer.cc b/examples/av1_dec_fuzzer.cc
index d85dd93..d2bfee1 100644
--- a/examples/av1_dec_fuzzer.cc
+++ b/examples/av1_dec_fuzzer.cc
@@ -17,8 +17,8 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
+#include <algorithm>
#include <memory>
-
#include "config/aom_config.h"
#include "aom/aom_decoder.h"
#include "aom/aomdx.h"
@@ -27,84 +27,41 @@
#define IVF_FRAME_HDR_SZ (4 + 8) /* 4 byte size + 8 byte timestamp */
#define IVF_FILE_HDR_SZ 32
-static void close_file(FILE *file) { fclose(file); }
-
-/* read_frame is derived from ivf_read_frame in ivfdec.c
- * Returns 0 on success and 1 on failure.
- * This function doesn't call warn(), but instead ignores those errors.
- * This is done to minimize the prints on console when running fuzzer
- * Also if fread fails to read frame_size number of bytes, instead of
- * returning an error, this returns with partial frames.
- * This is done to ensure that partial frames are sent to decoder.
- */
-static int read_frame(FILE *infile, uint8_t **buffer, size_t *bytes_read,
- size_t *buffer_size) {
- char raw_header[IVF_FRAME_HDR_SZ] = { 0 };
- size_t frame_size = 0;
-
- if (fread(raw_header, IVF_FRAME_HDR_SZ, 1, infile) == 1) {
- frame_size = mem_get_le32(raw_header);
-
- if (frame_size > 256 * 1024 * 1024) {
- frame_size = 0;
- }
-
- if (frame_size > *buffer_size) {
- uint8_t *new_buffer = (uint8_t *)realloc(*buffer, 2 * frame_size);
-
- if (new_buffer) {
- *buffer = new_buffer;
- *buffer_size = 2 * frame_size;
- } else {
- frame_size = 0;
- }
- }
- }
-
- if (!feof(infile)) {
- *bytes_read = fread(*buffer, 1, frame_size, infile);
- return 0;
- }
-
- return 1;
-}
-
extern "C" void usage_exit(void) { exit(EXIT_FAILURE); }
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
- std::unique_ptr<FILE, decltype(&close_file)> file(
- fmemopen((void *)data, size, "rb"), &close_file);
- if (file == nullptr) {
- return 0;
- }
-
- char header[32];
- if (fread(header, 1, 32, file.get()) != 32) {
+ if (size <= IVF_FILE_HDR_SZ) {
return 0;
}
const aom_codec_iface_t *codec_interface = aom_codec_av1_dx();
aom_codec_ctx_t codec;
// Set thread count in the range [1, 64].
- const unsigned int threads = (header[0] & 0x3f) + 1;
+ const unsigned int threads = (data[0] & 0x3f) + 1;
aom_codec_dec_cfg_t cfg = { threads, 0, 0, CONFIG_LOWBITDEPTH, { 1 } };
if (aom_codec_dec_init(&codec, codec_interface, &cfg, 0)) {
return 0;
}
- uint8_t *buffer = nullptr;
- size_t buffer_size = 0;
- size_t frame_size = 0;
- while (!read_frame(file.get(), &buffer, &frame_size, &buffer_size)) {
+ data += IVF_FILE_HDR_SZ;
+ size -= IVF_FILE_HDR_SZ;
+
+ while (size > IVF_FRAME_HDR_SZ) {
+ size_t frame_size = mem_get_le32(data);
+ size -= IVF_FRAME_HDR_SZ;
+ data += IVF_FRAME_HDR_SZ;
+ frame_size = std::min(size, frame_size);
+
const aom_codec_err_t err =
- aom_codec_decode(&codec, buffer, frame_size, nullptr);
+ aom_codec_decode(&codec, data, frame_size, nullptr);
static_cast<void>(err);
aom_codec_iter_t iter = nullptr;
aom_image_t *img = nullptr;
while ((img = aom_codec_get_frame(&codec, &iter)) != nullptr) {
}
+ data += frame_size;
+ size -= frame_size;
}
aom_codec_destroy(&codec);
- free(buffer);
return 0;
}
