[FFmpeg-cvslog] tools/target_dec_fuzzer: Fuzz private options of AC3/E-AC3

Michael Niedermayer git at videolan.org
Tue Jan 21 22:41:57 EET 2020 

ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sun Dec 29 17:09:44 2019 +0100| [4b733a7f5feadbd35a18b4463ebe34f2ca9b4a00] | committer: Michael Niedermayer

tools/target_dec_fuzzer: Fuzz private options of AC3/E-AC3

This should improve AC-3 coverage

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4b733a7f5feadbd35a18b4463ebe34f2ca9b4a00
---

 tools/target_dec_fuzzer.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index d6dc7a44a4..281decae94 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -110,7 +110,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
                           const AVPacket *avpkt) = NULL;
     AVCodecParserContext *parser = NULL;
     uint64_t keyframes = 0;
-
+    AVDictionary *opts = NULL;
 
     if (!c) {
 #ifdef FFMPEG_DECODER
@@ -216,6 +216,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
         ctx->idct_algo                          = bytestream2_get_byte(&gbc) % 25;
 
+        if (flags & 0x20) {
+            switch (ctx->codec_id) {
+            case AV_CODEC_ID_AC3:
+            case AV_CODEC_ID_EAC3:
+                av_dict_set_int(&opts, "cons_noisegen", bytestream2_get_byte(&gbc) & 1, 0);
+                av_dict_set_int(&opts, "heavy_compr",   bytestream2_get_byte(&gbc) & 1, 0);
+                av_dict_set_int(&opts, "target_level",  (int)(bytestream2_get_byte(&gbc) % 32) - 31, 0);
+                av_dict_set_int(&opts, "dmix_mode",     (int)(bytestream2_get_byte(&gbc) %  4) -  1, 0);
+                break;
+            }
+        }
+
+
         if (extradata_size < size) {
             ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
             if (ctx->extradata) {
@@ -228,11 +241,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             ctx->width = ctx->height = 0;
     }
 
-    int res = avcodec_open2(ctx, c, NULL);
+    int res = avcodec_open2(ctx, c, &opts);
     if (res < 0) {
         avcodec_free_context(&ctx);
         av_free(parser_avctx);
         av_parser_close(parser);
+        av_dict_free(&opts);
         return 0; // Failure of avcodec_open2() does not imply that a issue was found
     }
     parser_avctx->codec_id = ctx->codec_id;
@@ -337,5 +351,6 @@ maximums_reached:
     avcodec_free_context(&parser_avctx);
     av_parser_close(parser);
     av_packet_unref(&parsepkt);
+    av_dict_free(&opts);
     return 0;
 }

More information about the ffmpeg-cvslog mailing list