FFmpeg
target_dec_fuzzer.c
Go to the documentation of this file.
1 /*
2  * This file is part of FFmpeg.
3  *
4  * FFmpeg is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * FFmpeg is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with FFmpeg; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  */
18 
19 /* Targeted fuzzer that targets specific codecs depending on two
20  compile-time flags.
21  INSTRUCTIONS:
22 
23  * Get the very fresh clang, e.g. see http://libfuzzer.info#versions
24  * Get and build libFuzzer:
25  svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
26  ./Fuzzer/build.sh
27  * build ffmpeg for fuzzing:
28  FLAGS="-fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp -g" CC="clang $FLAGS" CXX="clang++ $FLAGS" ./configure --disable-x86asm
29  make clean && make -j
30  * build the fuzz target.
31  Choose the value of FFMPEG_CODEC (e.g. AV_CODEC_ID_DVD_SUBTITLE) and
32  choose one of FUZZ_FFMPEG_VIDEO, FUZZ_FFMPEG_AUDIO, FUZZ_FFMPEG_SUBTITLE.
33  clang -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp tools/target_dec_fuzzer.c -o target_dec_fuzzer -I. -DFFMPEG_CODEC=AV_CODEC_ID_MPEG1VIDEO -DFUZZ_FFMPEG_VIDEO ../../libfuzzer/libFuzzer.a -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavutil -Llibpostproc -Llibswscale -Llibswresample -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common -Wl,-rpath-link=:libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb -lX11 -lasound -lm -lbz2 -lz -pthread
34  * create a corpus directory and put some samples there (empty dir is ok too):
35  mkdir CORPUS && cp some-files CORPUS
36 
37  * Run fuzzing:
38  ./target_dec_fuzzer -max_len=100000 CORPUS
39 
40  More info:
41  http://libfuzzer.info
42  http://tutorial.libfuzzer.info
43  https://github.com/google/oss-fuzz
44  http://lcamtuf.coredump.cx/afl/
45  https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
46 */
47 
48 #include "config.h"
49 #include "libavutil/avassert.h"
50 #include "libavutil/cpu.h"
51 #include "libavutil/imgutils.h"
52 #include "libavutil/intreadwrite.h"
53 
54 #include "libavcodec/avcodec.h"
55 #include "libavcodec/bytestream.h"
56 #include "libavformat/avformat.h"
57 
58 //For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected
59 #include "libavcodec/internal.h"
60 
61 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
62 
63 extern const AVCodec * codec_list[];
64 
65 static void error(const char *err)
66 {
67  fprintf(stderr, "%s", err);
68  exit(1);
69 }
70 
71 static const AVCodec *c = NULL;
73 {
74  const AVCodec *res;
75 
77  if (!res)
78  error("Failed to find decoder");
79  return res;
80 }
81 
82 static int subtitle_handler(AVCodecContext *avctx, void *frame,
83  int *got_sub_ptr, AVPacket *avpkt)
84 {
86  int ret = avcodec_decode_subtitle2(avctx, &sub, got_sub_ptr, avpkt);
87  if (ret >= 0 && *got_sub_ptr)
89  return ret;
90 }
91 
93  int *got_frame, const AVPacket *dummy)
94 {
95  int ret = avcodec_receive_frame(avctx, frame);
96  *got_frame = ret >= 0;
97  return ret;
98 }
99 
100 // Ensure we don't loop forever
101 const uint32_t maxiteration = 8096;
102 
103 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
104 
105 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
106  uint64_t maxpixels_per_frame = 4096 * 4096;
107  uint64_t maxpixels;
108 
109  uint64_t maxsamples_per_frame = 256*1024*32;
110  uint64_t maxsamples;
111  const uint64_t fuzz_tag = FUZZ_TAG;
112  const uint8_t *last = data;
113  const uint8_t *end = data + size;
114  uint32_t it = 0;
115  uint64_t ec_pixels = 0;
116  uint64_t nb_samples = 0;
117  int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture,
118  int *got_picture_ptr,
119  const AVPacket *avpkt) = NULL;
120  AVCodecParserContext *parser = NULL;
121  uint64_t keyframes = 0;
122  uint64_t flushpattern = -1;
124 
125  if (!c) {
126 #ifdef FFMPEG_DECODER
127 #define DECODER_SYMBOL0(CODEC) ff_##CODEC##_decoder
128 #define DECODER_SYMBOL(CODEC) DECODER_SYMBOL0(CODEC)
129  extern AVCodec DECODER_SYMBOL(FFMPEG_DECODER);
130  codec_list[0] = &DECODER_SYMBOL(FFMPEG_DECODER);
131 
132 #if FFMPEG_DECODER == tiff || FFMPEG_DECODER == tdsc
133  extern AVCodec DECODER_SYMBOL(mjpeg);
134  codec_list[1] = &DECODER_SYMBOL(mjpeg);
135 #endif
136 
137  c = &DECODER_SYMBOL(FFMPEG_DECODER);
138 #else
139  c = AVCodecInitialize(FFMPEG_CODEC); // Done once.
140 #endif
142  }
143 
144  switch (c->type) {
145  case AVMEDIA_TYPE_AUDIO :
146  case AVMEDIA_TYPE_VIDEO : decode_handler = audio_video_handler ; break;
147  case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; break;
148  }
149  switch (c->id) {
150  case AV_CODEC_ID_APE: maxsamples_per_frame /= 256; break;
151  }
152  maxpixels = maxpixels_per_frame * maxiteration;
153  maxsamples = maxsamples_per_frame * maxiteration;
154  switch (c->id) {
155  case AV_CODEC_ID_AGM: maxpixels /= 1024; break;
156  case AV_CODEC_ID_ARBC: maxpixels /= 1024; break;
157  case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
158  case AV_CODEC_ID_CFHD: maxpixels /= 128; break;
159  case AV_CODEC_ID_COOK: maxsamples /= 1<<20; break;
160  case AV_CODEC_ID_DIRAC: maxpixels /= 8192; break;
161  case AV_CODEC_ID_DST: maxsamples /= 1<<20; break;
162  case AV_CODEC_ID_DVB_SUBTITLE: av_dict_set_int(&opts, "compute_clut", -2, 0); break;
163  case AV_CODEC_ID_DXA: maxpixels /= 32; break;
164  case AV_CODEC_ID_DXV: maxpixels /= 32; break;
165  case AV_CODEC_ID_FFWAVESYNTH: maxsamples /= 16384; break;
166  case AV_CODEC_ID_FLAC: maxsamples /= 1024; break;
167  case AV_CODEC_ID_FLV1: maxpixels /= 1024; break;
168  case AV_CODEC_ID_G2M: maxpixels /= 1024; break;
169  case AV_CODEC_ID_GEM: maxpixels /= 512; break;
170  case AV_CODEC_ID_GDV: maxpixels /= 512; break;
171  case AV_CODEC_ID_GIF: maxpixels /= 16; break;
172  case AV_CODEC_ID_H264: maxpixels /= 256; break;
173  case AV_CODEC_ID_HAP: maxpixels /= 128; break;
174  case AV_CODEC_ID_HEVC: maxpixels /= 16384; break;
175  case AV_CODEC_ID_HNM4_VIDEO: maxpixels /= 128; break;
176  case AV_CODEC_ID_HQ_HQA: maxpixels /= 128; break;
177  case AV_CODEC_ID_IFF_ILBM: maxpixels /= 128; break;
178  case AV_CODEC_ID_INDEO4: maxpixels /= 128; break;
179  case AV_CODEC_ID_INTERPLAY_ACM: maxsamples /= 16384; break;
180  case AV_CODEC_ID_JPEG2000: maxpixels /= 16; break;
181  case AV_CODEC_ID_LAGARITH: maxpixels /= 1024; break;
182  case AV_CODEC_ID_VORBIS: maxsamples /= 1024; break;
183  case AV_CODEC_ID_LSCR: maxpixels /= 16; break;
184  case AV_CODEC_ID_MOTIONPIXELS:maxpixels /= 256; break;
185  case AV_CODEC_ID_MP4ALS: maxsamples /= 65536; break;
186  case AV_CODEC_ID_MSA1: maxpixels /= 16384; break;
187  case AV_CODEC_ID_MSRLE: maxpixels /= 16; break;
188  case AV_CODEC_ID_MSS2: maxpixels /= 16384; break;
189  case AV_CODEC_ID_MSZH: maxpixels /= 128; break;
190  case AV_CODEC_ID_MXPEG: maxpixels /= 128; break;
191  case AV_CODEC_ID_OPUS: maxsamples /= 16384; break;
192  case AV_CODEC_ID_PNG: maxpixels /= 128; break;
193  case AV_CODEC_ID_APNG: maxpixels /= 128; break;
194  case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
195  case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break;
196  case AV_CODEC_ID_PRORES: maxpixels /= 256; break;
197  case AV_CODEC_ID_RASC: maxpixels /= 16; break;
198  case AV_CODEC_ID_SANM: maxpixels /= 16; break;
199  case AV_CODEC_ID_SCPR: maxpixels /= 32; break;
200  case AV_CODEC_ID_SCREENPRESSO:maxpixels /= 64; break;
201  case AV_CODEC_ID_SMACKVIDEO: maxpixels /= 64; break;
202  case AV_CODEC_ID_SNOW: maxpixels /= 128; break;
203  case AV_CODEC_ID_TAK: maxsamples /= 1024; break;
204  case AV_CODEC_ID_TGV: maxpixels /= 32; break;
205  case AV_CODEC_ID_THEORA: maxpixels /= 16384; break;
206  case AV_CODEC_ID_TRUEMOTION2: maxpixels /= 1024; break;
207  case AV_CODEC_ID_TSCC: maxpixels /= 1024; break;
208  case AV_CODEC_ID_VC1: maxpixels /= 8192; break;
209  case AV_CODEC_ID_VC1IMAGE: maxpixels /= 8192; break;
210  case AV_CODEC_ID_VMNC: maxpixels /= 8192; break;
211  case AV_CODEC_ID_VP3: maxpixels /= 4096; break;
212  case AV_CODEC_ID_VP4: maxpixels /= 4096; break;
213  case AV_CODEC_ID_VP5: maxpixels /= 256; break;
214  case AV_CODEC_ID_VP6F: maxpixels /= 4096; break;
215  case AV_CODEC_ID_VP7: maxpixels /= 256; break;
216  case AV_CODEC_ID_VP9: maxpixels /= 4096; break;
217  case AV_CODEC_ID_WAVPACK: maxsamples /= 1024; break;
218  case AV_CODEC_ID_WMV3IMAGE: maxpixels /= 8192; break;
219  case AV_CODEC_ID_WMV2: maxpixels /= 1024; break;
220  case AV_CODEC_ID_WMV3: maxpixels /= 1024; break;
221  case AV_CODEC_ID_WS_VQA: maxpixels /= 16384; break;
222  case AV_CODEC_ID_WMALOSSLESS: maxsamples /= 1024; break;
223  case AV_CODEC_ID_ZEROCODEC: maxpixels /= 128; break;
224  }
225 
226  maxsamples_per_frame = FFMIN(maxsamples_per_frame, maxsamples);
227  maxpixels_per_frame = FFMIN(maxpixels_per_frame , maxpixels);
228 
230  AVCodecContext* parser_avctx = avcodec_alloc_context3(NULL);
231  if (!ctx || !parser_avctx)
232  error("Failed memory allocation");
233 
234  if (ctx->max_pixels == 0 || ctx->max_pixels > maxpixels_per_frame)
235  ctx->max_pixels = maxpixels_per_frame; //To reduce false positive OOM and hangs
236 
237  ctx->max_samples = maxsamples_per_frame;
238 
239  if (size > 1024) {
240  GetByteContext gbc;
241  int extradata_size;
242  int flags;
243  int64_t flags64;
244 
245  size -= 1024;
246  bytestream2_init(&gbc, data + size, 1024);
247  ctx->width = bytestream2_get_le32(&gbc);
248  ctx->height = bytestream2_get_le32(&gbc);
249  ctx->bit_rate = bytestream2_get_le64(&gbc);
250  ctx->bits_per_coded_sample = bytestream2_get_le32(&gbc);
251  // Try to initialize a parser for this codec, note, this may fail which just means we test without one
252  flags = bytestream2_get_byte(&gbc);
253  if (flags & 1)
254  parser = av_parser_init(c->id);
255  if (flags & 2)
257  if (flags & 4) {
258  ctx->err_recognition = AV_EF_AGGRESSIVE | AV_EF_COMPLIANT | AV_EF_CAREFUL;
259  if (flags & 8)
260  ctx->err_recognition |= AV_EF_EXPLODE;
261  }
262  if ((flags & 0x10) && c->id != AV_CODEC_ID_H264)
263  ctx->flags2 |= AV_CODEC_FLAG2_FAST;
264  if (flags & 0x80)
265  ctx->flags2 |= AV_CODEC_FLAG2_EXPORT_MVS;
266 
267  if (flags & 0x40)
269 
270  extradata_size = bytestream2_get_le32(&gbc);
271 
272  ctx->sample_rate = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
273  ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
274  ctx->block_align = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
275  ctx->codec_tag = bytestream2_get_le32(&gbc);
276  if (c->codec_tags) {
277  int n;
278  for (n = 0; c->codec_tags[n] != FF_CODEC_TAGS_END; n++);
279  ctx->codec_tag = c->codec_tags[ctx->codec_tag % n];
280  }
281  keyframes = bytestream2_get_le64(&gbc);
282  ctx->request_channel_layout = bytestream2_get_le64(&gbc);
283 
284  ctx->idct_algo = bytestream2_get_byte(&gbc) % 25;
285  flushpattern = bytestream2_get_le64(&gbc);
286  ctx->skip_frame = bytestream2_get_byte(&gbc) - 254 + AVDISCARD_ALL;
287 
288 
289  if (flags & 0x20) {
290  switch (ctx->codec_id) {
291  case AV_CODEC_ID_AC3:
292  case AV_CODEC_ID_EAC3:
293  av_dict_set_int(&opts, "cons_noisegen", bytestream2_get_byte(&gbc) & 1, 0);
294  av_dict_set_int(&opts, "heavy_compr", bytestream2_get_byte(&gbc) & 1, 0);
295  av_dict_set_int(&opts, "target_level", (int)(bytestream2_get_byte(&gbc) % 32) - 31, 0);
296  av_dict_set_int(&opts, "dmix_mode", (int)(bytestream2_get_byte(&gbc) % 4) - 1, 0);
297  break;
298  }
299  }
300 
301  flags64 = bytestream2_get_le64(&gbc);
302  if (flags64 &1)
303  ctx->debug |= FF_DEBUG_SKIP;
304  if (flags64 &2)
305  ctx->debug |= FF_DEBUG_QP;
306  if (flags64 &4)
308 
309  if (extradata_size < size) {
310  ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
311  if (ctx->extradata) {
312  ctx->extradata_size = extradata_size;
313  size -= ctx->extradata_size;
314  memcpy(ctx->extradata, data + size, ctx->extradata_size);
315  }
316  }
317  if (av_image_check_size(ctx->width, ctx->height, 0, ctx))
318  ctx->width = ctx->height = 0;
319  }
320 
321  int res = avcodec_open2(ctx, c, &opts);
322  if (res < 0) {
324  av_free(parser_avctx);
325  av_parser_close(parser);
326  av_dict_free(&opts);
327  return 0; // Failure of avcodec_open2() does not imply that a issue was found
328  }
329  parser_avctx->codec_id = ctx->codec_id;
330  parser_avctx->extradata_size = ctx->extradata_size;
331  parser_avctx->extradata = ctx->extradata ? av_memdup(ctx->extradata, ctx->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE) : NULL;
332 
333 
334  int got_frame;
336  AVPacket *avpkt = av_packet_alloc();
337  AVPacket *parsepkt = av_packet_alloc();
338  if (!frame || !avpkt || !parsepkt)
339  error("Failed memory allocation");
340 
341  // Read very simple container
342  while (data < end && it < maxiteration) {
343  // Search for the TAG
344  while (data + sizeof(fuzz_tag) < end) {
345  if (data[0] == (fuzz_tag & 0xFF) && AV_RN64(data) == fuzz_tag)
346  break;
347  data++;
348  }
349  if (data + sizeof(fuzz_tag) > end)
350  data = end;
351 
352  res = av_new_packet(parsepkt, data - last);
353  if (res < 0)
354  error("Failed memory allocation");
355  memcpy(parsepkt->data, last, data - last);
356  parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
357  keyframes = (keyframes >> 2) + (keyframes<<62);
358  data += sizeof(fuzz_tag);
359  last = data;
360 
361  while (parsepkt->size > 0) {
362  int decode_more;
363 
364  if (parser) {
365  int ret = av_parser_parse2(parser, parser_avctx, &avpkt->data, &avpkt->size,
366  parsepkt->data, parsepkt->size,
367  parsepkt->pts, parsepkt->dts, parsepkt->pos);
368  if (avpkt->data == parsepkt->data) {
369  avpkt->buf = av_buffer_ref(parsepkt->buf);
370  if (!avpkt->buf)
371  error("Failed memory allocation");
372  } else {
373  if (av_packet_make_refcounted(avpkt) < 0)
374  error("Failed memory allocation");
375  }
376  parsepkt->data += ret;
377  parsepkt->size -= ret;
378  parsepkt->pos += ret;
379  avpkt->pts = parser->pts;
380  avpkt->dts = parser->dts;
381  avpkt->pos = parser->pos;
382  if ( parser->key_frame == 1 ||
383  (parser->key_frame == -1 && parser->pict_type == AV_PICTURE_TYPE_I))
384  avpkt->flags |= AV_PKT_FLAG_KEY;
385  avpkt->flags |= parsepkt->flags & AV_PKT_FLAG_DISCARD;
386  } else {
387  av_packet_move_ref(avpkt, parsepkt);
388  }
389 
390  if (!(flushpattern & 7))
392  flushpattern = (flushpattern >> 3) + (flushpattern << 61);
393 
394  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) {
395  int ret = avcodec_send_packet(ctx, avpkt);
396  decode_more = ret >= 0;
397  if(!decode_more) {
398  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
399  if (it > 20 || ec_pixels > 4 * ctx->max_pixels) {
400  ctx->error_concealment = 0;
402  }
403  if (ec_pixels > maxpixels)
404  goto maximums_reached;
405  }
406  } else
407  decode_more = 1;
408 
409  // Iterate through all data
410  while (decode_more && it++ < maxiteration) {
412  int ret = decode_handler(ctx, frame, &got_frame, avpkt);
413 
414  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
415  if (it > 20 || ec_pixels > 4 * ctx->max_pixels) {
416  ctx->error_concealment = 0;
418  }
419  if (ec_pixels > maxpixels)
420  goto maximums_reached;
421 
422  if (ctx->codec_type == AVMEDIA_TYPE_AUDIO &&
423  frame->nb_samples == 0 && !got_frame &&
424  (avpkt->flags & AV_PKT_FLAG_DISCARD))
425  nb_samples += ctx->max_samples;
426 
427  nb_samples += frame->nb_samples;
428  if (nb_samples > maxsamples)
429  goto maximums_reached;
430 
431  if (ret <= 0 || ret > avpkt->size)
432  break;
433 
434  if (ctx->codec_type == AVMEDIA_TYPE_SUBTITLE) {
435  avpkt->data += ret;
436  avpkt->size -= ret;
437  decode_more = avpkt->size > 0;
438  } else
439  decode_more = ret >= 0;
440  }
441  av_packet_unref(avpkt);
442  }
443  av_packet_unref(parsepkt);
444  }
445 maximums_reached:
446 
447  av_packet_unref(avpkt);
448 
449  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE)
451 
452  do {
453  got_frame = 0;
455  decode_handler(ctx, frame, &got_frame, avpkt);
456 
457  nb_samples += frame->nb_samples;
458  if (nb_samples > maxsamples)
459  break;
460  } while (got_frame == 1 && it++ < maxiteration);
461 
462  fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it);
463 
466  avcodec_free_context(&parser_avctx);
467  av_parser_close(parser);
468  av_packet_free(&avpkt);
469  av_packet_free(&parsepkt);
470  av_dict_free(&opts);
471  return 0;
472 }
AV_CODEC_ID_TRUEMOTION2
@ AV_CODEC_ID_TRUEMOTION2
Definition: codec_id.h:127
AVSubtitle
Definition: avcodec.h:2289
av_packet_unref
void av_packet_unref(AVPacket *pkt)
Wipe the packet.
Definition: avpacket.c:424
av_force_cpu_flags
void av_force_cpu_flags(int arg)
Disables cpu detection and forces the specified flags.
Definition: cpu.c:70
AVCodec
AVCodec.
Definition: codec.h:202
AVMEDIA_TYPE_SUBTITLE
@ AVMEDIA_TYPE_SUBTITLE
Definition: avutil.h:204
AV_CODEC_ID_VP6F
@ AV_CODEC_ID_VP6F
Definition: codec_id.h:142
AV_CODEC_ID_SANM
@ AV_CODEC_ID_SANM
Definition: codec_id.h:232
AV_CODEC_ID_LAGARITH
@ AV_CODEC_ID_LAGARITH
Definition: codec_id.h:197
AVCodecParserContext::pts
int64_t pts
Definition: avcodec.h:2792
AV_CODEC_ID_AC3
@ AV_CODEC_ID_AC3
Definition: codec_id.h:426
AV_CODEC_ID_APE
@ AV_CODEC_ID_APE
Definition: codec_id.h:455
FF_COMPLIANCE_EXPERIMENTAL
#define FF_COMPLIANCE_EXPERIMENTAL
Allow nonstandardized experimental things.
Definition: avcodec.h:1285
AVCodecParserContext::pict_type
int pict_type
Definition: avcodec.h:2781
GetByteContext
Definition: bytestream.h:33
AV_CODEC_ID_INTERPLAY_ACM
@ AV_CODEC_ID_INTERPLAY_ACM
Definition: codec_id.h:501
sub
static float sub(float src0, float src1)
Definition: dnn_backend_native_layer_mathbinary.c:31
AV_LOG_PANIC
#define AV_LOG_PANIC
Something went really wrong and we will crash now.
Definition: log.h:167
AV_PKT_FLAG_DISCARD
#define AV_PKT_FLAG_DISCARD
Flag is used to discard packets which are required to maintain valid decoder state but are not requir...
Definition: packet.h:435
AV_CODEC_ID_DIRAC
@ AV_CODEC_ID_DIRAC
Definition: codec_id.h:166
av_frame_free
void av_frame_free(AVFrame **frame)
Free the frame and any dynamically allocated objects in it, e.g.
Definition: frame.c:109
AV_RN64
#define AV_RN64(p)
Definition: intreadwrite.h:368
AVFrame
This structure describes decoded (raw) audio or video data.
Definition: frame.h:317
AVFormatContext::strict_std_compliance
int strict_std_compliance
Allow non-standard and experimental extension.
Definition: avformat.h:1497
avcodec_decode_subtitle2
int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, int *got_sub_ptr, AVPacket *avpkt)
Decode a subtitle message.
Definition: decode.c:805
internal.h
AVPacket::data
uint8_t * data
Definition: packet.h:373
data
const char data[16]
Definition: mxf.c:143
codec_list
const AVCodec * codec_list[]
AV_CODEC_ID_GDV
@ AV_CODEC_ID_GDV
Definition: codec_id.h:284
AV_CODEC_ID_ARBC
@ AV_CODEC_ID_ARBC
Definition: codec_id.h:292
AV_CODEC_ID_SCREENPRESSO
@ AV_CODEC_ID_SCREENPRESSO
Definition: codec_id.h:242
AV_EF_COMPLIANT
#define AV_EF_COMPLIANT
consider all spec non compliances as errors
Definition: avcodec.h:1339
AVDictionary
Definition: dict.c:30
AV_CODEC_ID_FLAC
@ AV_CODEC_ID_FLAC
Definition: codec_id.h:435
av_buffer_ref
AVBufferRef * av_buffer_ref(const AVBufferRef *buf)
Create a new reference to an AVBuffer.
Definition: buffer.c:103
AV_CODEC_ID_APNG
@ AV_CODEC_ID_APNG
Definition: codec_id.h:264
AV_CODEC_ID_MXPEG
@ AV_CODEC_ID_MXPEG
Definition: codec_id.h:196
AV_PKT_FLAG_KEY
#define AV_PKT_FLAG_KEY
The packet contains a keyframe.
Definition: packet.h:428
av_packet_free
void av_packet_free(AVPacket **pkt)
Free the packet, if the packet is reference counted, it will be unreferenced first.
Definition: avpacket.c:75
av_memdup
void * av_memdup(const void *p, size_t size)
Duplicate a buffer with av_malloc().
Definition: mem.c:311
AVCodecParserContext::key_frame
int key_frame
Set by parser to 1 for key frames and 0 for non-key frames.
Definition: avcodec.h:2822
AV_CODEC_ID_IFF_ILBM
@ AV_CODEC_ID_IFF_ILBM
Definition: codec_id.h:186
AV_CODEC_ID_MSZH
@ AV_CODEC_ID_MSZH
Definition: codec_id.h:103
av_parser_init
AVCodecParserContext * av_parser_init(int codec_id)
Definition: parser.c:34
AV_CODEC_ID_FFWAVESYNTH
@ AV_CODEC_ID_FFWAVESYNTH
Definition: codec_id.h:491
AVCodecParserContext::dts
int64_t dts
Definition: avcodec.h:2793
avsubtitle_free
void avsubtitle_free(AVSubtitle *sub)
Free all allocated data in the given subtitle struct.
Definition: avcodec.c:425
av_frame_alloc
AVFrame * av_frame_alloc(void)
Allocate an AVFrame and set its fields to default values.
Definition: frame.c:97
AV_CODEC_ID_DVB_SUBTITLE
@ AV_CODEC_ID_DVB_SUBTITLE
Definition: codec_id.h:523
AVFormatContext::bit_rate
int64_t bit_rate
Total stream bitrate in bit/s, 0 if not available.
Definition: avformat.h:1309
AVCodecInitialize
static const AVCodec * AVCodecInitialize(enum AVCodecID codec_id)
Definition: target_dec_fuzzer.c:72
avassert.h
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition: target_dec_fuzzer.c:105
AV_CODEC_ID_CFHD
@ AV_CODEC_ID_CFHD
Definition: codec_id.h:266
AVCodecContext::extradata_size
int extradata_size
Definition: avcodec.h:485
avcodec_alloc_context3
AVCodecContext * avcodec_alloc_context3(const AVCodec *codec)
Allocate an AVCodecContext and set its fields to default values.
Definition: options.c:141
intreadwrite.h
av_new_packet
int av_new_packet(AVPacket *pkt, int size)
Allocate the payload of a packet and initialize its fields with default values.
Definition: avpacket.c:99
FF_CODEC_TAGS_END
#define FF_CODEC_TAGS_END
AVCodec.codec_tags termination value.
Definition: internal.h:91
AVMEDIA_TYPE_AUDIO
@ AVMEDIA_TYPE_AUDIO
Definition: avutil.h:202
AV_CODEC_ID_VP9
@ AV_CODEC_ID_VP9
Definition: codec_id.h:218
AV_CODEC_ID_WS_VQA
@ AV_CODEC_ID_WS_VQA
Definition: codec_id.h:94
AV_CODEC_ID_WMV2
@ AV_CODEC_ID_WMV2
Definition: codec_id.h:68
avcodec_receive_frame
int avcodec_receive_frame(AVCodecContext *avctx, AVFrame *frame)
Return decoded output data from a decoder.
Definition: decode.c:642
ctx
AVFormatContext * ctx
Definition: movenc.c:48
codec_id
enum AVCodecID codec_id
Definition: vaapi_decode.c:369
AV_CODEC_ID_VC1IMAGE
@ AV_CODEC_ID_VC1IMAGE
Definition: codec_id.h:202
AV_CODEC_ID_H264
@ AV_CODEC_ID_H264
Definition: codec_id.h:77
AVCodecContext::codec_id
enum AVCodecID codec_id
Definition: avcodec.h:393
AV_CODEC_ID_PNG
@ AV_CODEC_ID_PNG
Definition: codec_id.h:111
if
if(ret)
Definition: filter_design.txt:179
AVDISCARD_ALL
@ AVDISCARD_ALL
discard all
Definition: defs.h:54
AV_CODEC_ID_WMV3
@ AV_CODEC_ID_WMV3
Definition: codec_id.h:121
opts
AVDictionary * opts
Definition: movenc.c:50
FUZZ_TAG
static const uint64_t FUZZ_TAG
Definition: target_dec_fuzzer.c:103
AVPacket::buf
AVBufferRef * buf
A reference to the reference-counted buffer where the packet data is stored.
Definition: packet.h:356
NULL
#define NULL
Definition: coverity.c:32
AV_CODEC_ID_DST
@ AV_CODEC_ID_DST
Definition: codec_id.h:504
AV_CODEC_ID_ZEROCODEC
@ AV_CODEC_ID_ZEROCODEC
Definition: codec_id.h:211
AVCodec::type
enum AVMediaType type
Definition: codec.h:215
avcodec_free_context
void avcodec_free_context(AVCodecContext **avctx)
Free the codec context and everything associated with it and write NULL to the provided pointer.
Definition: options.c:156
FF_DEBUG_MB_TYPE
#define FF_DEBUG_MB_TYPE
Definition: avcodec.h:1306
AV_CODEC_ID_WMALOSSLESS
@ AV_CODEC_ID_WMALOSSLESS
Definition: codec_id.h:461
AV_CODEC_ID_MOTIONPIXELS
@ AV_CODEC_ID_MOTIONPIXELS
Definition: codec_id.h:169
AV_CODEC_FLAG2_FAST
#define AV_CODEC_FLAG2_FAST
Allow non spec compliant speedup tricks.
Definition: avcodec.h:287
AV_PICTURE_TYPE_I
@ AV_PICTURE_TYPE_I
Intra.
Definition: avutil.h:274
avcodec_open2
int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *codec, AVDictionary **options)
Initialize the AVCodecContext to use the given AVCodec.
Definition: avcodec.c:137
AV_EF_EXPLODE
#define AV_EF_EXPLODE
abort decoding on minor error detection
Definition: avcodec.h:1335
av_packet_move_ref
void av_packet_move_ref(AVPacket *dst, AVPacket *src)
Move every field in src to dst and reset src.
Definition: avpacket.c:481
AV_CODEC_ID_VP4
@ AV_CODEC_ID_VP4
Definition: codec_id.h:295
AV_CODEC_ID_MP4ALS
@ AV_CODEC_ID_MP4ALS
Definition: codec_id.h:468
error
static void error(const char *err)
Definition: target_dec_fuzzer.c:65
AV_EF_CAREFUL
#define AV_EF_CAREFUL
consider things that violate the spec, are fast to calculate and have not been seen in the wild as er...
Definition: avcodec.h:1338
AVCodecID
AVCodecID
Identify the syntax and semantics of the bitstream.
Definition: codec_id.h:47
avcodec_find_decoder
const AVCodec * avcodec_find_decoder(enum AVCodecID id)
Find a registered decoder with a matching codec ID.
Definition: allcodecs.c:921
AV_CODEC_ID_EAC3
@ AV_CODEC_ID_EAC3
Definition: codec_id.h:463
AV_CODEC_ID_LSCR
@ AV_CODEC_ID_LSCR
Definition: codec_id.h:294
subtitle_handler
static int subtitle_handler(AVCodecContext *avctx, void *frame, int *got_sub_ptr, AVPacket *avpkt)
Definition: target_dec_fuzzer.c:82
AV_CODEC_ID_SCPR
@ AV_CODEC_ID_SCPR
Definition: codec_id.h:276
AVPacket::size
int size
Definition: packet.h:374
cpu.h
AV_CODEC_ID_RASC
@ AV_CODEC_ID_RASC
Definition: codec_id.h:290
AV_CODEC_ID_DXV
@ AV_CODEC_ID_DXV
Definition: codec_id.h:241
size
int size
Definition: twinvq_data.h:10344
AV_CODEC_ID_MSRLE
@ AV_CODEC_ID_MSRLE
Definition: codec_id.h:95
AV_CODEC_ID_OPUS
@ AV_CODEC_ID_OPUS
Definition: codec_id.h:483
AVPacket::dts
int64_t dts
Decompression timestamp in AVStream->time_base units; the time at which the packet is decompressed.
Definition: packet.h:372
av_packet_make_refcounted
int av_packet_make_refcounted(AVPacket *pkt)
Ensure the data described by a given packet is reference counted.
Definition: avpacket.c:487
AVPacket::flags
int flags
A combination of AV_PKT_FLAG values.
Definition: packet.h:379
av_packet_alloc
AVPacket * av_packet_alloc(void)
Allocate an AVPacket and set its fields to default values.
Definition: avpacket.c:64
av_dict_free
void av_dict_free(AVDictionary **pm)
Free all the memory allocated for an AVDictionary struct and all keys and values.
Definition: dict.c:203
AV_CODEC_ID_DXA
@ AV_CODEC_ID_DXA
Definition: codec_id.h:148
AV_CODEC_ID_INDEO4
@ AV_CODEC_ID_INDEO4
Definition: codec_id.h:161
AV_CODEC_ID_MSS2
@ AV_CODEC_ID_MSS2
Definition: codec_id.h:217
AVCodec::id
enum AVCodecID id
Definition: codec.h:216
AV_CODEC_ID_HQ_HQA
@ AV_CODEC_ID_HQ_HQA
Definition: codec_id.h:238
AV_CODEC_ID_VP5
@ AV_CODEC_ID_VP5
Definition: codec_id.h:140
AV_CODEC_ID_VP3
@ AV_CODEC_ID_VP3
Definition: codec_id.h:79
AV_CODEC_ID_GIF
@ AV_CODEC_ID_GIF
Definition: codec_id.h:147
AV_CODEC_ID_TGV
@ AV_CODEC_ID_TGV
Definition: codec_id.h:170
AV_CODEC_ID_VP7
@ AV_CODEC_ID_VP7
Definition: codec_id.h:231
avcodec_send_packet
int avcodec_send_packet(AVCodecContext *avctx, const AVPacket *avpkt)
Supply raw packet data as input to a decoder.
Definition: decode.c:579
av_log_set_level
void av_log_set_level(int level)
Set the log level.
Definition: log.c:440
AVCodecParserContext::pos
int64_t pos
Byte position of currently parsed frame in stream.
Definition: avcodec.h:2875
AVPacket::pts
int64_t pts
Presentation timestamp in AVStream->time_base units; the time at which the decompressed packet will b...
Definition: packet.h:366
AVCodecContext::extradata
uint8_t * extradata
some codecs need / can use extradata like Huffman tables.
Definition: avcodec.h:484
AV_CODEC_ID_THEORA
@ AV_CODEC_ID_THEORA
Definition: codec_id.h:80
FF_DEBUG_SKIP
#define FF_DEBUG_SKIP
Definition: avcodec.h:1309
AV_CODEC_ID_PAF_VIDEO
@ AV_CODEC_ID_PAF_VIDEO
Definition: codec_id.h:229
AV_CODEC_ID_HEVC
@ AV_CODEC_ID_HEVC
Definition: codec_id.h:224
FFMIN
#define FFMIN(a, b)
Definition: macros.h:49
AV_CODEC_ID_HNM4_VIDEO
@ AV_CODEC_ID_HNM4_VIDEO
Definition: codec_id.h:223
av_frame_unref
void av_frame_unref(AVFrame *frame)
Unreference all the buffers referenced by frame and reset the frame fields.
Definition: frame.c:435
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: mem.c:263
AV_CODEC_ID_VC1
@ AV_CODEC_ID_VC1
Definition: codec_id.h:120
AV_CODEC_ID_JPEG2000
@ AV_CODEC_ID_JPEG2000
Definition: codec_id.h:138
avcodec.h
AVCodecParserContext
Definition: avcodec.h:2773
AV_CODEC_ID_SMACKVIDEO
@ AV_CODEC_ID_SMACKVIDEO
Definition: codec_id.h:133
ret
ret
Definition: filter_design.txt:187
avcodec_flush_buffers
void avcodec_flush_buffers(AVCodecContext *avctx)
Reset the internal codec state / flush internal buffers.
Definition: avcodec.c:379
frame
these buffered frames must be flushed immediately if a new input produces new the filter must not call request_frame to get more It must just process the frame or queue it The task of requesting more frames is left to the filter s request_frame method or the application If a filter has several the filter must be ready for frames arriving randomly on any input any filter with several inputs will most likely require some kind of queuing mechanism It is perfectly acceptable to have a limited queue and to drop frames when the inputs are too unbalanced request_frame For filters that do not use the this method is called when a frame is wanted on an output For a it should directly call filter_frame on the corresponding output For a if there are queued frames already one of these frames should be pushed If the filter should request a frame on one of its repeatedly until at least one frame has been pushed Return or at least make progress towards producing a frame
Definition: filter_design.txt:264
avformat.h
audio_video_handler
static int audio_video_handler(AVCodecContext *avctx, AVFrame *frame, int *got_frame, const AVPacket *dummy)
Definition: target_dec_fuzzer.c:92
FF_DEBUG_QP
#define FF_DEBUG_QP
Definition: avcodec.h:1307
AV_INPUT_BUFFER_PADDING_SIZE
#define AV_INPUT_BUFFER_PADDING_SIZE
Definition: defs.h:40
AV_CODEC_ID_AGM
@ AV_CODEC_ID_AGM
Definition: codec_id.h:293
AVCodec::codec_tags
const uint32_t * codec_tags
List of supported codec_tags, terminated by FF_CODEC_TAGS_END.
Definition: codec.h:356
AVFormatContext::debug
int debug
Flags to enable debugging.
Definition: avformat.h:1472
AVCodecContext
main external API structure.
Definition: avcodec.h:383
AV_CODEC_ID_SNOW
@ AV_CODEC_ID_SNOW
Definition: codec_id.h:262
AV_CODEC_ID_HAP
@ AV_CODEC_ID_HAP
Definition: codec_id.h:239
AV_CODEC_ID_BINKVIDEO
@ AV_CODEC_ID_BINKVIDEO
Definition: codec_id.h:185
dummy
int dummy
Definition: motion.c:65
c
static const AVCodec * c
Definition: target_dec_fuzzer.c:71
AV_CODEC_ID_MSA1
@ AV_CODEC_ID_MSA1
Definition: codec_id.h:213
AV_CODEC_ID_VMNC
@ AV_CODEC_ID_VMNC
Definition: codec_id.h:139
AV_EF_AGGRESSIVE
#define AV_EF_AGGRESSIVE
consider things that a sane encoder should not do as an error
Definition: avcodec.h:1340
av_dict_set_int
int av_dict_set_int(AVDictionary **pm, const char *key, int64_t value, int flags)
Convenience wrapper for av_dict_set that converts the value to a string and stores it.
Definition: dict.c:147
AVMEDIA_TYPE_VIDEO
@ AVMEDIA_TYPE_VIDEO
Definition: avutil.h:201
av_parser_parse2
int av_parser_parse2(AVCodecParserContext *s, AVCodecContext *avctx, uint8_t **poutbuf, int *poutbuf_size, const uint8_t *buf, int buf_size, int64_t pts, int64_t dts, int64_t pos)
Parse a packet.
Definition: parser.c:117
AV_CODEC_ID_QTRLE
@ AV_CODEC_ID_QTRLE
Definition: codec_id.h:105
AV_CODEC_ID_GEM
@ AV_CODEC_ID_GEM
Definition: codec_id.h:310
it
s EdgeDetect Foobar g libavfilter vf_edgedetect c libavfilter vf_foobar c edit libavfilter and add an entry for foobar following the pattern of the other filters edit libavfilter allfilters and add an entry for foobar following the pattern of the other filters configure make j< whatever > ffmpeg ffmpeg i you should get a foobar png with Lena edge detected That s it
Definition: writing_filters.txt:31
AV_CODEC_ID_G2M
@ AV_CODEC_ID_G2M
Definition: codec_id.h:221
AV_CODEC_ID_TSCC
@ AV_CODEC_ID_TSCC
Definition: codec_id.h:106
AV_CODEC_FLAG2_EXPORT_MVS
#define AV_CODEC_FLAG2_EXPORT_MVS
Export motion vectors through frame side data.
Definition: avcodec.h:319
av_free
#define av_free(p)
Definition: tableprint_vlc.h:34
AVPacket
This structure stores compressed data.
Definition: packet.h:350
AVPacket::pos
int64_t pos
byte position in stream, -1 if unknown
Definition: packet.h:393
AV_CODEC_ID_TAK
@ AV_CODEC_ID_TAK
Definition: codec_id.h:485
bytestream.h
imgutils.h
bytestream2_init
static av_always_inline void bytestream2_init(GetByteContext *g, const uint8_t *buf, int buf_size)
Definition: bytestream.h:137
flags
#define flags(name, subs,...)
Definition: cbs_av1.c:561
AV_CODEC_ID_WAVPACK
@ AV_CODEC_ID_WAVPACK
Definition: codec_id.h:448
AV_CODEC_ID_COOK
@ AV_CODEC_ID_COOK
Definition: codec_id.h:443
AV_CODEC_ID_VORBIS
@ AV_CODEC_ID_VORBIS
Definition: codec_id.h:428
AV_CODEC_ID_WMV3IMAGE
@ AV_CODEC_ID_WMV3IMAGE
Definition: codec_id.h:201
av_image_check_size
int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx)
Check if the given dimension of an image is valid, meaning that all bytes of the image can be address...
Definition: imgutils.c:318
FF_SANE_NB_CHANNELS
#define FF_SANE_NB_CHANNELS
Definition: internal.h:101
AV_CODEC_ID_FLV1
@ AV_CODEC_ID_FLV1
Definition: codec_id.h:71
int
int
Definition: ffmpeg_filter.c:153
maxiteration
const uint32_t maxiteration
Definition: target_dec_fuzzer.c:101
av_parser_close
void av_parser_close(AVCodecParserContext *s)
Definition: parser.c:191
AV_CODEC_ID_PRORES
@ AV_CODEC_ID_PRORES
Definition: codec_id.h:198