FFmpeg
target_dec_fuzzer.c
Go to the documentation of this file.
1 /*
2  * This file is part of FFmpeg.
3  *
4  * FFmpeg is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * FFmpeg is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with FFmpeg; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  */
18 
19 /* Targeted fuzzer that targets specific codecs depending on two
20  compile-time flags.
21  INSTRUCTIONS:
22 
23  * Get the very fresh clang, e.g. see http://libfuzzer.info#versions
24  * Get and build libFuzzer:
25  svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
26  ./Fuzzer/build.sh
27  * build ffmpeg for fuzzing:
28  FLAGS="-fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp -g" CC="clang $FLAGS" CXX="clang++ $FLAGS" ./configure --disable-x86asm
29  make clean && make -j
30  * build the fuzz target.
31  Choose the value of FFMPEG_CODEC (e.g. AV_CODEC_ID_DVD_SUBTITLE) and
32  choose one of FUZZ_FFMPEG_VIDEO, FUZZ_FFMPEG_AUDIO, FUZZ_FFMPEG_SUBTITLE.
33  clang -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp tools/target_dec_fuzzer.c -o target_dec_fuzzer -I. -DFFMPEG_CODEC=AV_CODEC_ID_MPEG1VIDEO -DFUZZ_FFMPEG_VIDEO ../../libfuzzer/libFuzzer.a -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavutil -Llibpostproc -Llibswscale -Llibswresample -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common -Wl,-rpath-link=:libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb -lX11 -lasound -lm -lbz2 -lz -pthread
34  * create a corpus directory and put some samples there (empty dir is ok too):
35  mkdir CORPUS && cp some-files CORPUS
36 
37  * Run fuzzing:
38  ./target_dec_fuzzer -max_len=100000 CORPUS
39 
40  More info:
41  http://libfuzzer.info
42  http://tutorial.libfuzzer.info
43  https://github.com/google/oss-fuzz
44  http://lcamtuf.coredump.cx/afl/
45  https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
46 */
47 
48 #include "config.h"
49 #include "libavutil/avassert.h"
50 #include "libavutil/avstring.h"
51 #include "libavutil/cpu.h"
52 #include "libavutil/imgutils.h"
53 #include "libavutil/intreadwrite.h"
54 
55 #include "libavcodec/avcodec.h"
56 #include "libavcodec/bytestream.h"
58 #include "libavformat/avformat.h"
59 
60 //For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected
61 #include "libavcodec/internal.h"
62 
63 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
64 
65 extern const FFCodec * codec_list[];
66 
67 static void error(const char *err)
68 {
69  fprintf(stderr, "%s", err);
70  exit(1);
71 }
72 
73 static const FFCodec *c = NULL;
75 {
76  const AVCodec *res;
77 
79  if (!res)
80  error("Failed to find decoder");
81  return ffcodec(res);
82 }
83 
84 static int subtitle_handler(AVCodecContext *avctx, AVFrame *unused,
85  int *got_sub_ptr, const AVPacket *avpkt)
86 {
87  AVSubtitle sub;
88  int ret = avcodec_decode_subtitle2(avctx, &sub, got_sub_ptr, avpkt);
89  if (ret >= 0 && *got_sub_ptr)
90  avsubtitle_free(&sub);
91  return ret;
92 }
93 
95  int *got_frame, const AVPacket *dummy)
96 {
97  int ret = avcodec_receive_frame(avctx, frame);
98  *got_frame = ret >= 0;
99  return ret;
100 }
101 
102 // Ensure we don't loop forever
103 const uint32_t maxiteration = 8096;
104 
105 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
106 
108 {
109  ptrdiff_t linesize1[4];
110  size_t size[4];
111  int linesize_align[AV_NUM_DATA_POINTERS];
112  int i, ret, w = frame->width, h = frame->height;
113 
114  avcodec_align_dimensions2(ctx, &w, &h, linesize_align);
116  if (ret < 0)
117  return ret;
118 
119  for (i = 0; i < 4 && frame->linesize[i]; i++)
120  linesize1[i] = frame->linesize[i] =
121  FFALIGN(frame->linesize[i], linesize_align[i]);
122  for (; i < 4; i++)
123  linesize1[i] = 0;
124 
125  ret = av_image_fill_plane_sizes(size, ctx->pix_fmt, h, linesize1);
126  if (ret < 0)
127  return ret;
128 
130  for (i = 0; i < 4 && size[i]; i++) {
132  if (!frame->buf[i])
133  goto fail;
134  frame->data[i] = frame->buf[i]->data;
135  }
136  for (; i < AV_NUM_DATA_POINTERS; i++) {
137  frame->data[i] = NULL;
138  frame->linesize[i] = 0;
139  }
140 
141  return 0;
142 fail:
144  return AVERROR(ENOMEM);
145 }
146 
148 {
149  switch (ctx->codec_type) {
150  case AVMEDIA_TYPE_VIDEO:
151  return (ctx->codec->capabilities & AV_CODEC_CAP_DR1)
154  case AVMEDIA_TYPE_AUDIO:
156  default:
157  return AVERROR(EINVAL);
158  }
159 }
160 
161 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
162  uint64_t maxpixels_per_frame = 4096 * 4096;
163  uint64_t maxpixels;
164 
165  uint64_t maxsamples_per_frame = 256*1024*32;
166  uint64_t maxsamples;
167  const uint64_t fuzz_tag = FUZZ_TAG;
168  const uint8_t *last = data;
169  const uint8_t *end = data + size;
170  uint32_t it = 0;
171  uint64_t ec_pixels = 0;
172  uint64_t nb_samples = 0;
173  int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture,
174  int *got_picture_ptr,
175  const AVPacket *avpkt) = NULL;
176  AVCodecParserContext *parser = NULL;
177  uint64_t keyframes = 0;
178  uint64_t flushpattern = -1;
180 
181  if (!c) {
182 #ifdef FFMPEG_DECODER
183 #define DECODER_SYMBOL0(CODEC) ff_##CODEC##_decoder
184 #define DECODER_SYMBOL(CODEC) DECODER_SYMBOL0(CODEC)
185  extern FFCodec DECODER_SYMBOL(FFMPEG_DECODER);
186  codec_list[0] = &DECODER_SYMBOL(FFMPEG_DECODER);
187 
188 #if FFMPEG_DECODER == tiff || FFMPEG_DECODER == tdsc
189  extern FFCodec DECODER_SYMBOL(mjpeg);
190  codec_list[1] = &DECODER_SYMBOL(mjpeg);
191 #endif
192 
193  c = &DECODER_SYMBOL(FFMPEG_DECODER);
194 #else
195  c = AVCodecInitialize(FFMPEG_CODEC); // Done once.
196 #endif
198  }
199 
200  switch (c->p.type) {
201  case AVMEDIA_TYPE_AUDIO :
202  case AVMEDIA_TYPE_VIDEO : decode_handler = audio_video_handler ; break;
203  case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; break;
204  }
205  switch (c->p.id) {
206  case AV_CODEC_ID_APE: maxsamples_per_frame /= 256; break;
207  }
208  maxpixels = maxpixels_per_frame * maxiteration;
209  maxsamples = maxsamples_per_frame * maxiteration;
210  switch (c->p.id) {
211  case AV_CODEC_ID_AASC: maxpixels /= 1024; break;
212  case AV_CODEC_ID_AGM: maxpixels /= 1024; break;
213  case AV_CODEC_ID_ANM: maxpixels /= 1024; break;
214  case AV_CODEC_ID_APE: maxsamples /= 16384; break;
215  case AV_CODEC_ID_ARBC: maxpixels /= 1024; break;
216  case AV_CODEC_ID_ARGO: maxpixels /= 1024; break;
217  case AV_CODEC_ID_BETHSOFTVID: maxpixels /= 8192; break;
218  case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
219  case AV_CODEC_ID_BONK: maxsamples /= 1<<20; break;
220  case AV_CODEC_ID_CDTOONS: maxpixels /= 1024; break;
221  case AV_CODEC_ID_CFHD: maxpixels /= 16384; break;
222  case AV_CODEC_ID_CINEPAK: maxpixels /= 128; break;
223  case AV_CODEC_ID_COOK: maxsamples /= 1<<20; break;
224  case AV_CODEC_ID_CSCD: maxpixels /= 1024; break;
225  case AV_CODEC_ID_DFA: maxpixels /= 1024; break;
226  case AV_CODEC_ID_DIRAC: maxpixels /= 8192; break;
227  case AV_CODEC_ID_DSICINVIDEO: maxpixels /= 1024; break;
228  case AV_CODEC_ID_DST: maxsamples /= 1<<20; break;
229  case AV_CODEC_ID_DVB_SUBTITLE: av_dict_set_int(&opts, "compute_clut", -2, 0); break;
230  case AV_CODEC_ID_DXA: maxpixels /= 32; break;
231  case AV_CODEC_ID_DXV: maxpixels /= 32; break;
232  case AV_CODEC_ID_EXR: maxpixels /= 1024; break;
233  case AV_CODEC_ID_FFV1: maxpixels /= 32; break;
234  case AV_CODEC_ID_FFWAVESYNTH: maxsamples /= 16384; break;
235  case AV_CODEC_ID_FLAC: maxsamples /= 1024; break;
236  case AV_CODEC_ID_FLIC: maxpixels /= 1024; break;
237  case AV_CODEC_ID_FLV1: maxpixels /= 1024; break;
238  case AV_CODEC_ID_FMVC: maxpixels /= 1024; break;
239  case AV_CODEC_ID_G2M: maxpixels /= 1024; break;
240  case AV_CODEC_ID_GEM: maxpixels /= 512; break;
241  case AV_CODEC_ID_GDV: maxpixels /= 512; break;
242  case AV_CODEC_ID_GIF: maxpixels /= 16; break;
243  case AV_CODEC_ID_H264: maxpixels /= 256; break;
244  case AV_CODEC_ID_HAP: maxpixels /= 128; break;
245  case AV_CODEC_ID_HEVC: maxpixels /= 16384; break;
246  case AV_CODEC_ID_HNM4_VIDEO: maxpixels /= 128; break;
247  case AV_CODEC_ID_HQ_HQA: maxpixels /= 128; break;
248  case AV_CODEC_ID_IFF_ILBM: maxpixels /= 128; break;
249  case AV_CODEC_ID_INDEO4: maxpixels /= 128; break;
250  case AV_CODEC_ID_INTERPLAY_ACM: maxsamples /= 16384; break;
251  case AV_CODEC_ID_JPEG2000: maxpixels /= 4096; break;
252  case AV_CODEC_ID_LAGARITH: maxpixels /= 1024; break;
253  case AV_CODEC_ID_LOCO: maxpixels /= 1024; break;
254  case AV_CODEC_ID_VORBIS: maxsamples /= 1024; break;
255  case AV_CODEC_ID_LSCR: maxpixels /= 16; break;
256  case AV_CODEC_ID_MMVIDEO: maxpixels /= 256; break;
257  case AV_CODEC_ID_MOTIONPIXELS:maxpixels /= 256; break;
258  case AV_CODEC_ID_MP4ALS: maxsamples /= 65536; break;
259  case AV_CODEC_ID_MSA1: maxpixels /= 16384; break;
260  case AV_CODEC_ID_MSRLE: maxpixels /= 16; break;
261  case AV_CODEC_ID_MSS2: maxpixels /= 16384; break;
262  case AV_CODEC_ID_MSZH: maxpixels /= 128; break;
263  case AV_CODEC_ID_MTS2: maxpixels /= 4096; break;
264  case AV_CODEC_ID_MVC2: maxpixels /= 128; break;
265  case AV_CODEC_ID_MVHA: maxpixels /= 16384; break;
266  case AV_CODEC_ID_MVDV: maxpixels /= 1024; break;
267  case AV_CODEC_ID_MWSC: maxpixels /= 256; break;
268  case AV_CODEC_ID_MXPEG: maxpixels /= 128; break;
269  case AV_CODEC_ID_NUV: maxpixels /= 128; break;
270  case AV_CODEC_ID_OPUS: maxsamples /= 16384; break;
271  case AV_CODEC_ID_PNG: maxpixels /= 128; break;
272  case AV_CODEC_ID_APNG: maxpixels /= 128; break;
273  case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
274  case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break;
275  case AV_CODEC_ID_PRORES: maxpixels /= 256; break;
276  case AV_CODEC_ID_RKA: maxsamples /= 65536; break;
277  case AV_CODEC_ID_RSCC: maxpixels /= 256; break;
278  case AV_CODEC_ID_RASC: maxpixels /= 16; break;
279  case AV_CODEC_ID_RTV1: maxpixels /= 16; break;
280  case AV_CODEC_ID_SANM: maxpixels /= 16; break;
281  case AV_CODEC_ID_SCPR: maxpixels /= 32; break;
282  case AV_CODEC_ID_SCREENPRESSO:maxpixels /= 64; break;
283  case AV_CODEC_ID_SIMBIOSIS_IMX:maxpixels /= 16384; break;
284  case AV_CODEC_ID_SPEEX: maxsamples /= 128; break;
285  case AV_CODEC_ID_SMACKAUDIO: maxsamples /= 4096; break;
286  case AV_CODEC_ID_SMACKVIDEO: maxpixels /= 64; break;
287  case AV_CODEC_ID_SNOW: maxpixels /= 128; break;
288  case AV_CODEC_ID_TARGA: maxpixels /= 128; break;
289  case AV_CODEC_ID_TAK: maxsamples /= 1024; break;
290  case AV_CODEC_ID_TGV: maxpixels /= 32; break;
291  case AV_CODEC_ID_THEORA: maxpixels /= 16384; break;
292  case AV_CODEC_ID_TQI: maxpixels /= 1024; break;
293  case AV_CODEC_ID_TRUEMOTION2: maxpixels /= 1024; break;
294  case AV_CODEC_ID_TSCC: maxpixels /= 1024; break;
295  case AV_CODEC_ID_UTVIDEO: maxpixels /= 1024; break;
296  case AV_CODEC_ID_VB: maxpixels /= 1024; break;
297  case AV_CODEC_ID_VC1: maxpixels /= 8192; break;
298  case AV_CODEC_ID_VC1IMAGE: maxpixels /= 8192; break;
299  case AV_CODEC_ID_VMNC: maxpixels /= 8192; break;
300  case AV_CODEC_ID_VMDVIDEO: maxpixels /= 1024; break;
301  case AV_CODEC_ID_VMIX: maxpixels /= 8192; break;
302  case AV_CODEC_ID_VP3: maxpixels /= 4096; break;
303  case AV_CODEC_ID_VP4: maxpixels /= 4096; break;
304  case AV_CODEC_ID_VP5: maxpixels /= 256; break;
305  case AV_CODEC_ID_VP6F: maxpixels /= 4096; break;
306  case AV_CODEC_ID_VP7: maxpixels /= 256; break;
307  case AV_CODEC_ID_VP9: maxpixels /= 4096; break;
308  case AV_CODEC_ID_WAVPACK: maxsamples /= 1024; break;
309  case AV_CODEC_ID_WCMV: maxpixels /= 1024; break;
310  case AV_CODEC_ID_WMV3IMAGE: maxpixels /= 8192; break;
311  case AV_CODEC_ID_WMV2: maxpixels /= 1024; break;
312  case AV_CODEC_ID_WMV3: maxpixels /= 1024; break;
313  case AV_CODEC_ID_WS_VQA: maxpixels /= 16384; break;
314  case AV_CODEC_ID_WMALOSSLESS: maxsamples /= 1024; break;
315  case AV_CODEC_ID_WMAPRO: maxsamples /= 16384; break;
316  case AV_CODEC_ID_YLC: maxpixels /= 1024; break;
317  case AV_CODEC_ID_ZEROCODEC: maxpixels /= 128; break;
318  case AV_CODEC_ID_ZLIB: maxpixels /= 4096; break;
319  }
320 
321  maxsamples_per_frame = FFMIN(maxsamples_per_frame, maxsamples);
322  maxpixels_per_frame = FFMIN(maxpixels_per_frame , maxpixels);
323 
325  AVCodecContext* parser_avctx = avcodec_alloc_context3(NULL);
326  if (!ctx || !parser_avctx)
327  error("Failed memory allocation");
328 
329  if (ctx->max_pixels == 0 || ctx->max_pixels > maxpixels_per_frame)
330  ctx->max_pixels = maxpixels_per_frame; //To reduce false positive OOM and hangs
331 
332  ctx->max_samples = maxsamples_per_frame;
333  ctx->get_buffer2 = fuzz_get_buffer2;
334 
335  if (size > 1024) {
336  GetByteContext gbc;
337  int extradata_size;
338  int flags;
339  uint64_t request_channel_layout;
340  int64_t flags64;
341 
342  size -= 1024;
343  bytestream2_init(&gbc, data + size, 1024);
344  ctx->width = bytestream2_get_le32(&gbc);
345  ctx->height = bytestream2_get_le32(&gbc);
346  ctx->bit_rate = bytestream2_get_le64(&gbc);
347  ctx->bits_per_coded_sample = bytestream2_get_le32(&gbc);
348  // Try to initialize a parser for this codec, note, this may fail which just means we test without one
349  flags = bytestream2_get_byte(&gbc);
350  if (flags & 1)
351  parser = av_parser_init(c->p.id);
352  if (flags & 2)
354  if (flags & 4) {
355  ctx->err_recognition = AV_EF_AGGRESSIVE | AV_EF_COMPLIANT | AV_EF_CAREFUL;
356  if (flags & 8)
357  ctx->err_recognition |= AV_EF_EXPLODE;
358  }
359  if ((flags & 0x10) && c->p.id != AV_CODEC_ID_H264)
360  ctx->flags2 |= AV_CODEC_FLAG2_FAST;
361  if (flags & 0x80)
362  ctx->export_side_data |= AV_CODEC_EXPORT_DATA_MVS;
363 
364  if (flags & 0x40)
366 
367  extradata_size = bytestream2_get_le32(&gbc);
368 
369  ctx->sample_rate = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
370  ctx->ch_layout.nb_channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
371  ctx->block_align = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
372  ctx->codec_tag = bytestream2_get_le32(&gbc);
373  if (c->codec_tags) {
374  int n;
375  for (n = 0; c->codec_tags[n] != FF_CODEC_TAGS_END; n++);
376  ctx->codec_tag = c->codec_tags[ctx->codec_tag % n];
377  }
378  keyframes = bytestream2_get_le64(&gbc);
379  request_channel_layout = bytestream2_get_le64(&gbc);
380 
381  ctx->idct_algo = bytestream2_get_byte(&gbc) % 25;
382  flushpattern = bytestream2_get_le64(&gbc);
383  ctx->skip_frame = bytestream2_get_byte(&gbc) - 254 + AVDISCARD_ALL;
384 
385 
386  if (flags & 0x20) {
387  switch (ctx->codec_id) {
388  case AV_CODEC_ID_AC3:
389  case AV_CODEC_ID_EAC3:
390  av_dict_set_int(&opts, "cons_noisegen", bytestream2_get_byte(&gbc) & 1, 0);
391  av_dict_set_int(&opts, "heavy_compr", bytestream2_get_byte(&gbc) & 1, 0);
392  av_dict_set_int(&opts, "target_level", (int)(bytestream2_get_byte(&gbc) % 32) - 31, 0);
393  av_dict_set_int(&opts, "dmix_mode", (int)(bytestream2_get_byte(&gbc) % 4) - 1, 0);
394  break;
395  }
396  }
397 
398  // Keep the deprecated request_channel_layout behavior to ensure old fuzzing failures
399  // remain reproducible.
400  if (request_channel_layout) {
401  switch (ctx->codec_id) {
402  case AV_CODEC_ID_AC3:
403  case AV_CODEC_ID_EAC3:
404  case AV_CODEC_ID_MLP:
405  case AV_CODEC_ID_TRUEHD:
406  case AV_CODEC_ID_DTS:
407  if (request_channel_layout & ~INT64_MIN) {
408  char *downmix_layout = av_mallocz(19);
409  if (!downmix_layout)
410  error("Failed memory allocation");
411  av_strlcatf(downmix_layout, 19, "0x%"PRIx64, request_channel_layout & ~INT64_MIN);
412  av_dict_set(&opts, "downmix", downmix_layout, AV_DICT_DONT_STRDUP_VAL);
413  }
414  if (ctx->codec_id != AV_CODEC_ID_DTS)
415  break;
416  // fall-through
417  case AV_CODEC_ID_DOLBY_E:
418  av_dict_set_int(&opts, "channel_order", !!(request_channel_layout & INT64_MIN), 0);
419  break;
420  }
421  }
422 
423  flags64 = bytestream2_get_le64(&gbc);
424  if (flags64 &1)
425  ctx->debug |= FF_DEBUG_SKIP;
426  if (flags64 &2)
427  ctx->debug |= FF_DEBUG_QP;
428  if (flags64 &4)
430  if (flags64 & 8)
431  ctx->export_side_data |= AV_CODEC_EXPORT_DATA_VIDEO_ENC_PARAMS;
432  if (flags64 & 0x10)
433  ctx->err_recognition |= AV_EF_CRCCHECK;
434 
435  ctx->workaround_bugs = bytestream2_get_le32(&gbc);
436 
437  if (c->p.max_lowres) {
438  ctx->lowres = bytestream2_get_byte(&gbc) % (c->p.max_lowres+1);
439  }
440 
441  if (extradata_size < size) {
442  ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
443  if (ctx->extradata) {
444  ctx->extradata_size = extradata_size;
445  size -= ctx->extradata_size;
446  memcpy(ctx->extradata, data + size, ctx->extradata_size);
447  }
448  }
449  if (av_image_check_size(ctx->width, ctx->height, 0, ctx))
450  ctx->width = ctx->height = 0;
451  }
452 
453  int res = avcodec_open2(ctx, &c->p, &opts);
454  if (res < 0) {
456  av_free(parser_avctx);
457  av_parser_close(parser);
458  av_dict_free(&opts);
459  return 0; // Failure of avcodec_open2() does not imply that a issue was found
460  }
461  parser_avctx->codec_id = ctx->codec_id;
462  parser_avctx->extradata_size = ctx->extradata_size;
463  parser_avctx->extradata = ctx->extradata ? av_memdup(ctx->extradata, ctx->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE) : NULL;
464 
465 
466  int got_frame;
468  AVPacket *avpkt = av_packet_alloc();
469  AVPacket *parsepkt = av_packet_alloc();
470  if (!frame || !avpkt || !parsepkt)
471  error("Failed memory allocation");
472 
473  // Read very simple container
474  while (data < end && it < maxiteration) {
475  // Search for the TAG
476  while (data + sizeof(fuzz_tag) < end) {
477  if (data[0] == (fuzz_tag & 0xFF) && AV_RN64(data) == fuzz_tag)
478  break;
479  data++;
480  }
481  if (data + sizeof(fuzz_tag) > end)
482  data = end;
483 
484  res = av_new_packet(parsepkt, data - last);
485  if (res < 0)
486  error("Failed memory allocation");
487  memcpy(parsepkt->data, last, data - last);
488  parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
489  keyframes = (keyframes >> 2) + (keyframes<<62);
490  data += sizeof(fuzz_tag);
491  last = data;
492 
493  while (parsepkt->size > 0) {
494  int decode_more;
495 
496  if (parser) {
497  int ret = av_parser_parse2(parser, parser_avctx, &avpkt->data, &avpkt->size,
498  parsepkt->data, parsepkt->size,
499  parsepkt->pts, parsepkt->dts, parsepkt->pos);
500  if (avpkt->data == parsepkt->data) {
501  avpkt->buf = av_buffer_ref(parsepkt->buf);
502  if (!avpkt->buf)
503  error("Failed memory allocation");
504  } else {
505  if (av_packet_make_refcounted(avpkt) < 0)
506  error("Failed memory allocation");
507  }
508  parsepkt->data += ret;
509  parsepkt->size -= ret;
510  parsepkt->pos += ret;
511  avpkt->pts = parser->pts;
512  avpkt->dts = parser->dts;
513  avpkt->pos = parser->pos;
514  if ( parser->key_frame == 1 ||
515  (parser->key_frame == -1 && parser->pict_type == AV_PICTURE_TYPE_I))
516  avpkt->flags |= AV_PKT_FLAG_KEY;
517  avpkt->flags |= parsepkt->flags & AV_PKT_FLAG_DISCARD;
518  } else {
519  av_packet_move_ref(avpkt, parsepkt);
520  }
521 
522  if (!(flushpattern & 7))
524  flushpattern = (flushpattern >> 3) + (flushpattern << 61);
525 
526  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) {
527  int ret = avcodec_send_packet(ctx, avpkt);
528  decode_more = ret >= 0;
529  if(!decode_more) {
530  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
531  if (it > 20 || ec_pixels > 4 * ctx->max_pixels) {
532  ctx->error_concealment = 0;
534  }
535  if (ec_pixels > maxpixels)
536  goto maximums_reached;
537  }
538  } else
539  decode_more = 1;
540 
541  // Iterate through all data
542  while (decode_more && it++ < maxiteration) {
544  int ret = decode_handler(ctx, frame, &got_frame, avpkt);
545 
546  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
547  if (it > 20 || ec_pixels > 4 * ctx->max_pixels) {
548  ctx->error_concealment = 0;
550  }
551  if (ec_pixels > maxpixels)
552  goto maximums_reached;
553 
554  if (ctx->codec_type == AVMEDIA_TYPE_AUDIO &&
555  frame->nb_samples == 0 && !got_frame &&
556  (avpkt->flags & AV_PKT_FLAG_DISCARD))
557  nb_samples += ctx->max_samples;
558 
559  nb_samples += frame->nb_samples;
560  if (nb_samples > maxsamples)
561  goto maximums_reached;
562 
563  if (ret <= 0 || ret > avpkt->size)
564  break;
565 
566  if (ctx->codec_type == AVMEDIA_TYPE_SUBTITLE) {
567  avpkt->data += ret;
568  avpkt->size -= ret;
569  decode_more = avpkt->size > 0;
570  } else
571  decode_more = ret >= 0;
572  }
573  av_packet_unref(avpkt);
574  }
575  av_packet_unref(parsepkt);
576  }
577 maximums_reached:
578 
579  av_packet_unref(avpkt);
580 
581  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE)
583 
584  do {
585  got_frame = 0;
587  decode_handler(ctx, frame, &got_frame, avpkt);
588 
589  nb_samples += frame->nb_samples;
590  if (nb_samples > maxsamples)
591  break;
592  } while (got_frame == 1 && it++ < maxiteration);
593 
594  fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it);
595 
598  avcodec_free_context(&parser_avctx);
599  av_parser_close(parser);
600  av_packet_free(&avpkt);
601  av_packet_free(&parsepkt);
602  av_dict_free(&opts);
603  return 0;
604 }
AV_CODEC_ID_TRUEMOTION2
@ AV_CODEC_ID_TRUEMOTION2
Definition: codec_id.h:129
AVSubtitle
Definition: avcodec.h:2269
av_packet_unref
void av_packet_unref(AVPacket *pkt)
Wipe the packet.
Definition: avpacket.c:423
av_force_cpu_flags
void av_force_cpu_flags(int arg)
Disables cpu detection and forces the specified flags.
Definition: cpu.c:75
AVCodec
AVCodec.
Definition: codec.h:187
AVMEDIA_TYPE_SUBTITLE
@ AVMEDIA_TYPE_SUBTITLE
Definition: avutil.h:204
AV_CODEC_ID_VP6F
@ AV_CODEC_ID_VP6F
Definition: codec_id.h:144
AV_CODEC_ID_SANM
@ AV_CODEC_ID_SANM
Definition: codec_id.h:234
AV_CODEC_ID_LAGARITH
@ AV_CODEC_ID_LAGARITH
Definition: codec_id.h:199
AVCodecParserContext::pts
int64_t pts
Definition: avcodec.h:2793
AV_EF_EXPLODE
#define AV_EF_EXPLODE
abort decoding on minor error detection
Definition: defs.h:51
AV_CODEC_ID_AC3
@ AV_CODEC_ID_AC3
Definition: codec_id.h:445
AV_EF_CAREFUL
#define AV_EF_CAREFUL
consider things that violate the spec, are fast to calculate and have not been seen in the wild as er...
Definition: defs.h:54
AVERROR
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
AV_CODEC_ID_APE
@ AV_CODEC_ID_APE
Definition: codec_id.h:474
AV_CODEC_ID_TQI
@ AV_CODEC_ID_TQI
Definition: codec_id.h:174
AV_EF_COMPLIANT
#define AV_EF_COMPLIANT
consider all spec non compliances as errors
Definition: defs.h:55
AVCodecParserContext::pict_type
int pict_type
Definition: avcodec.h:2782
GetByteContext
Definition: bytestream.h:33
AV_CODEC_ID_INTERPLAY_ACM
@ AV_CODEC_ID_INTERPLAY_ACM
Definition: codec_id.h:520
AVBufferRef::data
uint8_t * data
The data buffer.
Definition: buffer.h:90
AV_CODEC_ID_LOCO
@ AV_CODEC_ID_LOCO
Definition: codec_id.h:124
AV_LOG_PANIC
#define AV_LOG_PANIC
Something went really wrong and we will crash now.
Definition: log.h:167
AV_PKT_FLAG_DISCARD
#define AV_PKT_FLAG_DISCARD
Flag is used to discard packets which are required to maintain valid decoder state but are not requir...
Definition: packet.h:553
AV_CODEC_ID_DIRAC
@ AV_CODEC_ID_DIRAC
Definition: codec_id.h:168
AV_CODEC_ID_MVC2
@ AV_CODEC_ID_MVC2
Definition: codec_id.h:237
av_frame_free
void av_frame_free(AVFrame **frame)
Free the frame and any dynamically allocated objects in it, e.g.
Definition: frame.c:100
AV_RN64
#define AV_RN64(p)
Definition: intreadwrite.h:366
AVFrame
This structure describes decoded (raw) audio or video data.
Definition: frame.h:340
AVFrame::width
int width
Definition: frame.h:412
w
uint8_t w
Definition: llviddspenc.c:38
AVFormatContext::strict_std_compliance
int strict_std_compliance
Allow non-standard and experimental extension.
Definition: avformat.h:1411
AV_CODEC_ID_MWSC
@ AV_CODEC_ID_MWSC
Definition: codec_id.h:292
internal.h
AVPacket::data
uint8_t * data
Definition: packet.h:491
AV_CODEC_ID_FLIC
@ AV_CODEC_ID_FLIC
Definition: codec_id.h:102
data
const char data[16]
Definition: mxf.c:148
AV_CODEC_ID_CDTOONS
@ AV_CODEC_ID_CDTOONS
Definition: codec_id.h:303
FFCodec
Definition: codec_internal.h:127
c
static const FFCodec * c
Definition: target_dec_fuzzer.c:73
AV_CODEC_ID_GDV
@ AV_CODEC_ID_GDV
Definition: codec_id.h:288
AV_CODEC_ID_ARBC
@ AV_CODEC_ID_ARBC
Definition: codec_id.h:296
AV_CODEC_ID_RTV1
@ AV_CODEC_ID_RTV1
Definition: codec_id.h:325
AV_CODEC_ID_SCREENPRESSO
@ AV_CODEC_ID_SCREENPRESSO
Definition: codec_id.h:244
FF_COMPLIANCE_EXPERIMENTAL
#define FF_COMPLIANCE_EXPERIMENTAL
Allow nonstandardized experimental things.
Definition: defs.h:62
AV_CODEC_ID_VB
@ AV_CODEC_ID_VB
Definition: codec_id.h:160
AVDictionary
Definition: dict.c:34
AV_CODEC_ID_FLAC
@ AV_CODEC_ID_FLAC
Definition: codec_id.h:454
av_buffer_ref
AVBufferRef * av_buffer_ref(const AVBufferRef *buf)
Create a new reference to an AVBuffer.
Definition: buffer.c:103
AV_CODEC_ID_APNG
@ AV_CODEC_ID_APNG
Definition: codec_id.h:268
AV_CODEC_ID_MXPEG
@ AV_CODEC_ID_MXPEG
Definition: codec_id.h:198
AVFrame::buf
AVBufferRef * buf[AV_NUM_DATA_POINTERS]
AVBuffer references backing the data for this frame.
Definition: frame.h:590
av_strlcatf
size_t av_strlcatf(char *dst, size_t size, const char *fmt,...)
Definition: avstring.c:103
AV_CODEC_ID_TRUEHD
@ AV_CODEC_ID_TRUEHD
Definition: codec_id.h:486
AV_PKT_FLAG_KEY
#define AV_PKT_FLAG_KEY
The packet contains a keyframe.
Definition: packet.h:546
av_packet_free
void av_packet_free(AVPacket **pkt)
Free the packet, if the packet is reference counted, it will be unreferenced first.
Definition: avpacket.c:74
AV_CODEC_ID_DSICINVIDEO
@ AV_CODEC_ID_DSICINVIDEO
Definition: codec_id.h:146
AV_CODEC_ID_RSCC
@ AV_CODEC_ID_RSCC
Definition: codec_id.h:245
AVFrame::data
uint8_t * data[AV_NUM_DATA_POINTERS]
pointer to the picture/channel planes.
Definition: frame.h:361
av_memdup
void * av_memdup(const void *p, size_t size)
Duplicate a buffer with av_malloc().
Definition: mem.c:302
AVCodec::max_lowres
uint8_t max_lowres
maximum value for lowres supported by the decoder
Definition: codec.h:207
AVCodecParserContext::key_frame
int key_frame
Set by parser to 1 for key frames and 0 for non-key frames.
Definition: avcodec.h:2823
FFCodec::p
AVCodec p
The public AVCodec.
Definition: codec_internal.h:131
AV_CODEC_ID_IFF_ILBM
@ AV_CODEC_ID_IFF_ILBM
Definition: codec_id.h:188
AV_CODEC_ID_SPEEX
@ AV_CODEC_ID_SPEEX
Definition: codec_id.h:477
fail
#define fail()
Definition: checkasm.h:138
AV_CODEC_ID_MSZH
@ AV_CODEC_ID_MSZH
Definition: codec_id.h:105
dummy
int dummy
Definition: motion.c:66
AV_CODEC_ID_SMACKAUDIO
@ AV_CODEC_ID_SMACKAUDIO
Definition: codec_id.h:465
AV_CODEC_ID_RKA
@ AV_CODEC_ID_RKA
Definition: codec_id.h:544
av_parser_init
AVCodecParserContext * av_parser_init(int codec_id)
Definition: parser.c:32
AV_CODEC_ID_VMIX
@ AV_CODEC_ID_VMIX
Definition: codec_id.h:326
AV_CODEC_ID_FFWAVESYNTH
@ AV_CODEC_ID_FFWAVESYNTH
Definition: codec_id.h:510
AVCodecParserContext::dts
int64_t dts
Definition: avcodec.h:2794
FF_CODEC_TAGS_END
#define FF_CODEC_TAGS_END
FFCodec.codec_tags termination value.
Definition: codec_internal.h:95
avsubtitle_free
void avsubtitle_free(AVSubtitle *sub)
Free all allocated data in the given subtitle struct.
Definition: avcodec.c:413
AV_DICT_DONT_STRDUP_VAL
#define AV_DICT_DONT_STRDUP_VAL
Take ownership of a value that's been allocated with av_malloc() or another memory allocation functio...
Definition: dict.h:79
av_frame_alloc
AVFrame * av_frame_alloc(void)
Allocate an AVFrame and set its fields to default values.
Definition: frame.c:88
AV_CODEC_ID_DVB_SUBTITLE
@ AV_CODEC_ID_DVB_SUBTITLE
Definition: codec_id.h:551
AVFormatContext::bit_rate
int64_t bit_rate
Total stream bitrate in bit/s, 0 if not available.
Definition: avformat.h:1224
avcodec_decode_subtitle2
int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, int *got_sub_ptr, const AVPacket *avpkt)
Decode a subtitle message.
Definition: decode.c:969
avassert.h
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition: target_dec_fuzzer.c:161
AV_CODEC_ID_CFHD
@ AV_CODEC_ID_CFHD
Definition: codec_id.h:270
AVCodecContext::extradata_size
int extradata_size
Definition: avcodec.h:543
avcodec_alloc_context3
AVCodecContext * avcodec_alloc_context3(const AVCodec *codec)
Allocate an AVCodecContext and set its fields to default values.
Definition: options.c:153
av_image_fill_linesizes
int av_image_fill_linesizes(int linesizes[4], enum AVPixelFormat pix_fmt, int width)
Fill plane linesizes for an image with pixel format pix_fmt and width width.
Definition: imgutils.c:89
intreadwrite.h
av_new_packet
int av_new_packet(AVPacket *pkt, int size)
Allocate the payload of a packet and initialize its fields with default values.
Definition: avpacket.c:98
AV_CODEC_ID_WMAPRO
@ AV_CODEC_ID_WMAPRO
Definition: codec_id.h:479
AVMEDIA_TYPE_AUDIO
@ AVMEDIA_TYPE_AUDIO
Definition: avutil.h:202
AV_CODEC_ID_VP9
@ AV_CODEC_ID_VP9
Definition: codec_id.h:220
AV_CODEC_ID_NUV
@ AV_CODEC_ID_NUV
Definition: codec_id.h:136
AV_CODEC_ID_WS_VQA
@ AV_CODEC_ID_WS_VQA
Definition: codec_id.h:96
AV_CODEC_ID_ARGO
@ AV_CODEC_ID_ARGO
Definition: codec_id.h:310
AV_CODEC_ID_WMV2
@ AV_CODEC_ID_WMV2
Definition: codec_id.h:70
avcodec_receive_frame
int attribute_align_arg avcodec_receive_frame(AVCodecContext *avctx, AVFrame *frame)
Return decoded output data from a decoder or encoder (when the AV_CODEC_FLAG_RECON_FRAME flag is used...
Definition: avcodec.c:713
AV_CODEC_ID_UTVIDEO
@ AV_CODEC_ID_UTVIDEO
Definition: codec_id.h:205
ctx
AVFormatContext * ctx
Definition: movenc.c:48
avcodec_align_dimensions2
void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int linesize_align[AV_NUM_DATA_POINTERS])
Modify width and height values so that they will result in a memory buffer that is acceptable for the...
Definition: utils.c:144
codec_id
enum AVCodecID codec_id
Definition: vaapi_decode.c:389
AV_CODEC_ID_DOLBY_E
@ AV_CODEC_ID_DOLBY_E
Definition: codec_id.h:526
AV_CODEC_ID_VC1IMAGE
@ AV_CODEC_ID_VC1IMAGE
Definition: codec_id.h:204
AV_CODEC_ID_H264
@ AV_CODEC_ID_H264
Definition: codec_id.h:79
frame
static AVFrame * frame
Definition: demux_decode.c:54
AVCodecContext::codec_id
enum AVCodecID codec_id
Definition: avcodec.h:451
AV_CODEC_ID_PNG
@ AV_CODEC_ID_PNG
Definition: codec_id.h:113
if
if(ret)
Definition: filter_design.txt:179
AVDISCARD_ALL
@ AVDISCARD_ALL
discard all
Definition: defs.h:219
AV_CODEC_ID_WMV3
@ AV_CODEC_ID_WMV3
Definition: codec_id.h:123
opts
AVDictionary * opts
Definition: movenc.c:50
FUZZ_TAG
static const uint64_t FUZZ_TAG
Definition: target_dec_fuzzer.c:105
AV_CODEC_ID_EXR
@ AV_CODEC_ID_EXR
Definition: codec_id.h:232
AVPacket::buf
AVBufferRef * buf
A reference to the reference-counted buffer where the packet data is stored.
Definition: packet.h:474
NULL
#define NULL
Definition: coverity.c:32
AV_CODEC_ID_DST
@ AV_CODEC_ID_DST
Definition: codec_id.h:523
AV_CODEC_ID_ZEROCODEC
@ AV_CODEC_ID_ZEROCODEC
Definition: codec_id.h:213
AVCodec::type
enum AVMediaType type
Definition: codec.h:200
av_image_fill_plane_sizes
int av_image_fill_plane_sizes(size_t sizes[4], enum AVPixelFormat pix_fmt, int height, const ptrdiff_t linesizes[4])
Fill plane sizes for an image with pixel format pix_fmt and height height.
Definition: imgutils.c:111
avcodec_free_context
void avcodec_free_context(AVCodecContext **avctx)
Free the codec context and everything associated with it and write NULL to the provided pointer.
Definition: options.c:168
FF_DEBUG_MB_TYPE
#define FF_DEBUG_MB_TYPE
Definition: avcodec.h:1392
AV_CODEC_ID_WMALOSSLESS
@ AV_CODEC_ID_WMALOSSLESS
Definition: codec_id.h:480
AV_CODEC_ID_MVDV
@ AV_CODEC_ID_MVDV
Definition: codec_id.h:301
AV_CODEC_ID_CINEPAK
@ AV_CODEC_ID_CINEPAK
Definition: codec_id.h:95
AV_CODEC_ID_MOTIONPIXELS
@ AV_CODEC_ID_MOTIONPIXELS
Definition: codec_id.h:171
AV_CODEC_FLAG2_FAST
#define AV_CODEC_FLAG2_FAST
Allow non spec compliant speedup tricks.
Definition: avcodec.h:353
AV_PICTURE_TYPE_I
@ AV_PICTURE_TYPE_I
Intra.
Definition: avutil.h:279
AV_CODEC_ID_ZLIB
@ AV_CODEC_ID_ZLIB
Definition: codec_id.h:106
AV_CODEC_ID_FMVC
@ AV_CODEC_ID_FMVC
Definition: codec_id.h:279
AV_CODEC_ID_ANM
@ AV_CODEC_ID_ANM
Definition: codec_id.h:186
avcodec_open2
int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *codec, AVDictionary **options)
Initialize the AVCodecContext to use the given AVCodec.
Definition: avcodec.c:128
av_packet_move_ref
void av_packet_move_ref(AVPacket *dst, AVPacket *src)
Move every field in src to dst and reset src.
Definition: avpacket.c:480
AV_EF_CRCCHECK
#define AV_EF_CRCCHECK
Verify checksums embedded in the bitstream (could be of either encoded or decoded data,...
Definition: defs.h:48
AV_CODEC_ID_VMDVIDEO
@ AV_CODEC_ID_VMDVIDEO
Definition: codec_id.h:104
AV_CODEC_ID_VP4
@ AV_CODEC_ID_VP4
Definition: codec_id.h:299
AV_CODEC_ID_MP4ALS
@ AV_CODEC_ID_MP4ALS
Definition: codec_id.h:487
error
static void error(const char *err)
Definition: target_dec_fuzzer.c:67
AVCodecID
AVCodecID
Identify the syntax and semantics of the bitstream.
Definition: codec_id.h:49
avcodec_find_decoder
const AVCodec * avcodec_find_decoder(enum AVCodecID id)
Find a registered decoder with a matching codec ID.
Definition: allcodecs.c:975
AV_CODEC_ID_EAC3
@ AV_CODEC_ID_EAC3
Definition: codec_id.h:482
AV_CODEC_ID_LSCR
@ AV_CODEC_ID_LSCR
Definition: codec_id.h:298
AV_CODEC_ID_WCMV
@ AV_CODEC_ID_WCMV
Definition: codec_id.h:293
AV_CODEC_ID_FFV1
@ AV_CODEC_ID_FFV1
Definition: codec_id.h:85
AV_CODEC_CAP_DR1
#define AV_CODEC_CAP_DR1
Codec uses get_buffer() or get_encode_buffer() for allocating buffers and supports custom allocators.
Definition: codec.h:52
AV_CODEC_ID_SCPR
@ AV_CODEC_ID_SCPR
Definition: codec_id.h:280
AVPacket::size
int size
Definition: packet.h:492
codec_internal.h
AV_CODEC_ID_YLC
@ AV_CODEC_ID_YLC
Definition: codec_id.h:275
cpu.h
AV_CODEC_ID_RASC
@ AV_CODEC_ID_RASC
Definition: codec_id.h:294
codec_list
const FFCodec * codec_list[]
AV_CODEC_ID_DXV
@ AV_CODEC_ID_DXV
Definition: codec_id.h:243
AV_CODEC_ID_DTS
@ AV_CODEC_ID_DTS
Definition: codec_id.h:446
size
int size
Definition: twinvq_data.h:10344
AV_NUM_DATA_POINTERS
#define AV_NUM_DATA_POINTERS
Definition: frame.h:341
ffcodec
static const av_always_inline FFCodec * ffcodec(const AVCodec *codec)
Definition: codec_internal.h:325
AV_CODEC_ID_MSRLE
@ AV_CODEC_ID_MSRLE
Definition: codec_id.h:97
AV_CODEC_ID_OPUS
@ AV_CODEC_ID_OPUS
Definition: codec_id.h:502
AVPacket::dts
int64_t dts
Decompression timestamp in AVStream->time_base units; the time at which the packet is decompressed.
Definition: packet.h:490
AV_CODEC_ID_MMVIDEO
@ AV_CODEC_ID_MMVIDEO
Definition: codec_id.h:132
av_packet_make_refcounted
int av_packet_make_refcounted(AVPacket *pkt)
Ensure the data described by a given packet is reference counted.
Definition: avpacket.c:486
AVPacket::flags
int flags
A combination of AV_PKT_FLAG values.
Definition: packet.h:497
av_packet_alloc
AVPacket * av_packet_alloc(void)
Allocate an AVPacket and set its fields to default values.
Definition: avpacket.c:63
av_dict_free
void av_dict_free(AVDictionary **pm)
Free all the memory allocated for an AVDictionary struct and all keys and values.
Definition: dict.c:225
av_buffer_alloc
AVBufferRef * av_buffer_alloc(size_t size)
Allocate an AVBuffer of the given size using av_malloc().
Definition: buffer.c:77
AV_CODEC_ID_DXA
@ AV_CODEC_ID_DXA
Definition: codec_id.h:150
AV_CODEC_ID_INDEO4
@ AV_CODEC_ID_INDEO4
Definition: codec_id.h:163
AV_CODEC_ID_MSS2
@ AV_CODEC_ID_MSS2
Definition: codec_id.h:219
AVCodec::id
enum AVCodecID id
Definition: codec.h:201
AV_CODEC_ID_HQ_HQA
@ AV_CODEC_ID_HQ_HQA
Definition: codec_id.h:240
AV_CODEC_ID_VP5
@ AV_CODEC_ID_VP5
Definition: codec_id.h:142
AV_CODEC_ID_VP3
@ AV_CODEC_ID_VP3
Definition: codec_id.h:81
AV_CODEC_ID_GIF
@ AV_CODEC_ID_GIF
Definition: codec_id.h:149
AV_CODEC_ID_TGV
@ AV_CODEC_ID_TGV
Definition: codec_id.h:172
AV_CODEC_ID_VP7
@ AV_CODEC_ID_VP7
Definition: codec_id.h:233
avcodec_default_get_buffer2
int avcodec_default_get_buffer2(AVCodecContext *s, AVFrame *frame, int flags)
The default callback for AVCodecContext.get_buffer2().
Definition: get_buffer.c:260
avcodec_send_packet
int avcodec_send_packet(AVCodecContext *avctx, const AVPacket *avpkt)
Supply raw packet data as input to a decoder.
Definition: decode.c:709
av_log_set_level
void av_log_set_level(int level)
Set the log level.
Definition: log.c:442
AVFrame::nb_samples
int nb_samples
number of audio samples (per channel) described by this frame
Definition: frame.h:420
AVCodecParserContext::pos
int64_t pos
Byte position of currently parsed frame in stream.
Definition: avcodec.h:2876
i
#define i(width, name, range_min, range_max)
Definition: cbs_h2645.c:255
AVPacket::pts
int64_t pts
Presentation timestamp in AVStream->time_base units; the time at which the decompressed packet will b...
Definition: packet.h:484
AV_CODEC_ID_MTS2
@ AV_CODEC_ID_MTS2
Definition: codec_id.h:217
AVCodecContext::extradata
uint8_t * extradata
some codecs need / can use extradata like Huffman tables.
Definition: avcodec.h:542
AV_CODEC_ID_THEORA
@ AV_CODEC_ID_THEORA
Definition: codec_id.h:82
AVFrame::extended_data
uint8_t ** extended_data
pointers to the data planes/channels.
Definition: frame.h:401
FF_DEBUG_SKIP
#define FF_DEBUG_SKIP
Definition: avcodec.h:1395
AV_CODEC_ID_PAF_VIDEO
@ AV_CODEC_ID_PAF_VIDEO
Definition: codec_id.h:231
AV_CODEC_ID_BONK
@ AV_CODEC_ID_BONK
Definition: codec_id.h:539
AV_CODEC_ID_HEVC
@ AV_CODEC_ID_HEVC
Definition: codec_id.h:226
FFMIN
#define FFMIN(a, b)
Definition: macros.h:49
AV_CODEC_ID_HNM4_VIDEO
@ AV_CODEC_ID_HNM4_VIDEO
Definition: codec_id.h:225
av_frame_unref
void av_frame_unref(AVFrame *frame)
Unreference all the buffers referenced by frame and reset the frame fields.
Definition: frame.c:622
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: mem.c:254
AV_CODEC_ID_VC1
@ AV_CODEC_ID_VC1
Definition: codec_id.h:122
AV_CODEC_ID_JPEG2000
@ AV_CODEC_ID_JPEG2000
Definition: codec_id.h:140
AV_CODEC_ID_BETHSOFTVID
@ AV_CODEC_ID_BETHSOFTVID
Definition: codec_id.h:155
AV_CODEC_ID_MVHA
@ AV_CODEC_ID_MVHA
Definition: codec_id.h:302
avcodec.h
AVCodecParserContext
Definition: avcodec.h:2774
AVCodecInitialize
static const FFCodec * AVCodecInitialize(enum AVCodecID codec_id)
Definition: target_dec_fuzzer.c:74
fuzz_video_get_buffer
static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame)
Definition: target_dec_fuzzer.c:107
AV_CODEC_ID_SMACKVIDEO
@ AV_CODEC_ID_SMACKVIDEO
Definition: codec_id.h:135
ret
ret
Definition: filter_design.txt:187
AV_EF_AGGRESSIVE
#define AV_EF_AGGRESSIVE
consider things that a sane encoder/muxer should not do as an error
Definition: defs.h:56
avcodec_flush_buffers
void avcodec_flush_buffers(AVCodecContext *avctx)
Reset the internal codec state / flush internal buffers.
Definition: avcodec.c:384
AV_CODEC_ID_CSCD
@ AV_CODEC_ID_CSCD
Definition: codec_id.h:131
avformat.h
audio_video_handler
static int audio_video_handler(AVCodecContext *avctx, AVFrame *frame, int *got_frame, const AVPacket *dummy)
Definition: target_dec_fuzzer.c:94
FF_DEBUG_QP
#define FF_DEBUG_QP
Definition: avcodec.h:1393
AV_INPUT_BUFFER_PADDING_SIZE
#define AV_INPUT_BUFFER_PADDING_SIZE
Definition: defs.h:40
AV_CODEC_EXPORT_DATA_VIDEO_ENC_PARAMS
#define AV_CODEC_EXPORT_DATA_VIDEO_ENC_PARAMS
Decoding only.
Definition: avcodec.h:411
fuzz_get_buffer2
static int fuzz_get_buffer2(AVCodecContext *ctx, AVFrame *frame, int flags)
Definition: target_dec_fuzzer.c:147
AV_CODEC_ID_AGM
@ AV_CODEC_ID_AGM
Definition: codec_id.h:297
AVFormatContext::debug
int debug
Flags to enable debugging.
Definition: avformat.h:1386
AVCodecContext
main external API structure.
Definition: avcodec.h:441
AVFrame::height
int height
Definition: frame.h:412
AV_CODEC_ID_SNOW
@ AV_CODEC_ID_SNOW
Definition: codec_id.h:266
AV_CODEC_ID_HAP
@ AV_CODEC_ID_HAP
Definition: codec_id.h:241
AV_CODEC_ID_BINKVIDEO
@ AV_CODEC_ID_BINKVIDEO
Definition: codec_id.h:187
FFCodec::codec_tags
const uint32_t * codec_tags
List of supported codec_tags, terminated by FF_CODEC_TAGS_END.
Definition: codec_internal.h:266
AV_CODEC_ID_SIMBIOSIS_IMX
@ AV_CODEC_ID_SIMBIOSIS_IMX
Definition: codec_id.h:312
AV_CODEC_ID_MSA1
@ AV_CODEC_ID_MSA1
Definition: codec_id.h:215
AV_CODEC_ID_VMNC
@ AV_CODEC_ID_VMNC
Definition: codec_id.h:141
av_dict_set_int
int av_dict_set_int(AVDictionary **pm, const char *key, int64_t value, int flags)
Convenience wrapper for av_dict_set() that converts the value to a string and stores it.
Definition: dict.c:169
AVMEDIA_TYPE_VIDEO
@ AVMEDIA_TYPE_VIDEO
Definition: avutil.h:201
av_parser_parse2
int av_parser_parse2(AVCodecParserContext *s, AVCodecContext *avctx, uint8_t **poutbuf, int *poutbuf_size, const uint8_t *buf, int buf_size, int64_t pts, int64_t dts, int64_t pos)
Parse a packet.
Definition: parser.c:115
AV_CODEC_ID_QTRLE
@ AV_CODEC_ID_QTRLE
Definition: codec_id.h:107
AV_CODEC_ID_GEM
@ AV_CODEC_ID_GEM
Definition: codec_id.h:314
AV_CODEC_EXPORT_DATA_MVS
#define AV_CODEC_EXPORT_DATA_MVS
Export motion vectors through frame side data.
Definition: avcodec.h:402
it
s EdgeDetect Foobar g libavfilter vf_edgedetect c libavfilter vf_foobar c edit libavfilter and add an entry for foobar following the pattern of the other filters edit libavfilter allfilters and add an entry for foobar following the pattern of the other filters configure make j< whatever > ffmpeg ffmpeg i you should get a foobar png with Lena edge detected That s it
Definition: writing_filters.txt:31
AV_CODEC_ID_G2M
@ AV_CODEC_ID_G2M
Definition: codec_id.h:223
AV_CODEC_ID_TSCC
@ AV_CODEC_ID_TSCC
Definition: codec_id.h:108
av_free
#define av_free(p)
Definition: tableprint_vlc.h:33
FFALIGN
#define FFALIGN(x, a)
Definition: macros.h:78
AVPacket
This structure stores compressed data.
Definition: packet.h:468
av_dict_set
int av_dict_set(AVDictionary **pm, const char *key, const char *value, int flags)
Set the given entry in *pm, overwriting an existing entry.
Definition: dict.c:88
AVPacket::pos
int64_t pos
byte position in stream, -1 if unknown
Definition: packet.h:511
AV_CODEC_ID_TAK
@ AV_CODEC_ID_TAK
Definition: codec_id.h:504
bytestream.h
imgutils.h
bytestream2_init
static av_always_inline void bytestream2_init(GetByteContext *g, const uint8_t *buf, int buf_size)
Definition: bytestream.h:137
flags
#define flags(name, subs,...)
Definition: cbs_av1.c:474
AVFrame::linesize
int linesize[AV_NUM_DATA_POINTERS]
For video, a positive or negative value, which is typically indicating the size in bytes of each pict...
Definition: frame.h:385
AV_CODEC_ID_WAVPACK
@ AV_CODEC_ID_WAVPACK
Definition: codec_id.h:467
AV_CODEC_ID_COOK
@ AV_CODEC_ID_COOK
Definition: codec_id.h:462
h
h
Definition: vp9dsp_template.c:2038
AV_CODEC_ID_TARGA
@ AV_CODEC_ID_TARGA
Definition: codec_id.h:145
AV_CODEC_ID_VORBIS
@ AV_CODEC_ID_VORBIS
Definition: codec_id.h:447
AV_CODEC_ID_WMV3IMAGE
@ AV_CODEC_ID_WMV3IMAGE
Definition: codec_id.h:203
avstring.h
av_image_check_size
int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx)
Check if the given dimension of an image is valid, meaning that all bytes of the image can be address...
Definition: imgutils.c:318
FF_SANE_NB_CHANNELS
#define FF_SANE_NB_CHANNELS
Definition: internal.h:40
AV_CODEC_ID_FLV1
@ AV_CODEC_ID_FLV1
Definition: codec_id.h:73
AV_CODEC_ID_DFA
@ AV_CODEC_ID_DFA
Definition: codec_id.h:202
int
int
Definition: ffmpeg_filter.c:368
AV_CODEC_ID_AASC
@ AV_CODEC_ID_AASC
Definition: codec_id.h:126
subtitle_handler
static int subtitle_handler(AVCodecContext *avctx, AVFrame *unused, int *got_sub_ptr, const AVPacket *avpkt)
Definition: target_dec_fuzzer.c:84
maxiteration
const uint32_t maxiteration
Definition: target_dec_fuzzer.c:103
AV_CODEC_ID_MLP
@ AV_CODEC_ID_MLP
Definition: codec_id.h:471
av_parser_close
void av_parser_close(AVCodecParserContext *s)
Definition: parser.c:193
AV_CODEC_ID_PRORES
@ AV_CODEC_ID_PRORES
Definition: codec_id.h:200