FFmpeg
target_dec_fuzzer.c
Go to the documentation of this file.
1 /*
2  * This file is part of FFmpeg.
3  *
4  * FFmpeg is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * FFmpeg is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with FFmpeg; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  */
18 
19 /* Targeted fuzzer that targets specific codecs depending on two
20  compile-time flags.
21  INSTRUCTIONS:
22 
23  * Get the very fresh clang, e.g. see http://libfuzzer.info#versions
24  * Get and build libFuzzer:
25  svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
26  ./Fuzzer/build.sh
27  * build ffmpeg for fuzzing:
28  FLAGS="-fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp -g" CC="clang $FLAGS" CXX="clang++ $FLAGS" ./configure --disable-x86asm
29  make clean && make -j
30  * build the fuzz target.
31  Choose the value of FFMPEG_CODEC (e.g. AV_CODEC_ID_DVD_SUBTITLE) and
32  choose one of FUZZ_FFMPEG_VIDEO, FUZZ_FFMPEG_AUDIO, FUZZ_FFMPEG_SUBTITLE.
33  clang -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp tools/target_dec_fuzzer.c -o target_dec_fuzzer -I. -DFFMPEG_CODEC=AV_CODEC_ID_MPEG1VIDEO -DFUZZ_FFMPEG_VIDEO ../../libfuzzer/libFuzzer.a -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavutil -Llibpostproc -Llibswscale -Llibswresample -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common -Wl,-rpath-link=:libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb -lX11 -lasound -lm -lbz2 -lz -pthread
34  * create a corpus directory and put some samples there (empty dir is ok too):
35  mkdir CORPUS && cp some-files CORPUS
36 
37  * Run fuzzing:
38  ./target_dec_fuzzer -max_len=100000 CORPUS
39 
40  More info:
41  http://libfuzzer.info
42  http://tutorial.libfuzzer.info
43  https://github.com/google/oss-fuzz
44  http://lcamtuf.coredump.cx/afl/
45  https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
46 */
47 
48 #include "config.h"
49 #include "libavutil/avassert.h"
50 #include "libavutil/imgutils.h"
51 #include "libavutil/intreadwrite.h"
52 
53 #include "libavcodec/avcodec.h"
54 #include "libavcodec/bytestream.h"
55 #include "libavformat/avformat.h"
56 
57 //For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected
58 #include "libavcodec/internal.h"
59 
60 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
61 
62 extern const AVCodec * codec_list[];
63 
64 static void error(const char *err)
65 {
66  fprintf(stderr, "%s", err);
67  exit(1);
68 }
69 
70 static const AVCodec *c = NULL;
72 {
73  const AVCodec *res;
74 
76  if (!res)
77  error("Failed to find decoder");
78  return res;
79 }
80 
81 static int subtitle_handler(AVCodecContext *avctx, void *frame,
82  int *got_sub_ptr, AVPacket *avpkt)
83 {
85  int ret = avcodec_decode_subtitle2(avctx, &sub, got_sub_ptr, avpkt);
86  if (ret >= 0 && *got_sub_ptr)
88  return ret;
89 }
90 
92  int *got_frame, const AVPacket *dummy)
93 {
94  int ret = avcodec_receive_frame(avctx, frame);
95  *got_frame = ret >= 0;
96  return ret;
97 }
98 
99 // Ensure we don't loop forever
100 const uint32_t maxiteration = 8096;
101 uint64_t maxpixels_per_frame = 4096 * 4096;
102 uint64_t maxpixels;
103 
104 uint64_t maxsamples_per_frame = 256*1024*32;
105 uint64_t maxsamples;
106 
107 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
108 
109 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
110  const uint64_t fuzz_tag = FUZZ_TAG;
111  const uint8_t *last = data;
112  const uint8_t *end = data + size;
113  uint32_t it = 0;
114  uint64_t ec_pixels = 0;
115  uint64_t nb_samples = 0;
116  int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture,
117  int *got_picture_ptr,
118  const AVPacket *avpkt) = NULL;
119  AVCodecParserContext *parser = NULL;
120  uint64_t keyframes = 0;
121  uint64_t flushpattern = -1;
123 
124  if (!c) {
125 #ifdef FFMPEG_DECODER
126 #define DECODER_SYMBOL0(CODEC) ff_##CODEC##_decoder
127 #define DECODER_SYMBOL(CODEC) DECODER_SYMBOL0(CODEC)
128  extern AVCodec DECODER_SYMBOL(FFMPEG_DECODER);
129  codec_list[0] = &DECODER_SYMBOL(FFMPEG_DECODER);
130 
131 #if FFMPEG_DECODER == tiff || FFMPEG_DECODER == tdsc
132  extern AVCodec DECODER_SYMBOL(mjpeg);
133  codec_list[1] = &DECODER_SYMBOL(mjpeg);
134 #endif
135 
136  c = &DECODER_SYMBOL(FFMPEG_DECODER);
137 #else
138  c = AVCodecInitialize(FFMPEG_CODEC); // Done once.
139 #endif
141  }
142 
143  switch (c->type) {
144  case AVMEDIA_TYPE_AUDIO :
145  case AVMEDIA_TYPE_VIDEO : decode_handler = audio_video_handler ; break;
146  case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; break;
147  }
148  switch (c->id) {
149  case AV_CODEC_ID_APE: maxsamples_per_frame /= 256; break;
150  }
153  switch (c->id) {
154  case AV_CODEC_ID_AGM: maxpixels /= 1024; break;
155  case AV_CODEC_ID_ARBC: maxpixels /= 1024; break;
156  case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
157  case AV_CODEC_ID_CFHD: maxpixels /= 128; break;
158  case AV_CODEC_ID_COOK: maxsamples /= 1<<20; break;
159  case AV_CODEC_ID_DIRAC: maxpixels /= 8192; break;
160  case AV_CODEC_ID_DST: maxsamples /= 1<<20; break;
161  case AV_CODEC_ID_DVB_SUBTITLE: av_dict_set_int(&opts, "compute_clut", -2, 0); break;
162  case AV_CODEC_ID_DXV: maxpixels /= 32; break;
163  case AV_CODEC_ID_FFWAVESYNTH: maxsamples /= 16384; break;
164  case AV_CODEC_ID_FLAC: maxsamples /= 1024; break;
165  case AV_CODEC_ID_FLV1: maxpixels /= 1024; break;
166  case AV_CODEC_ID_G2M: maxpixels /= 1024; break;
167  case AV_CODEC_ID_GDV: maxpixels /= 512; break;
168  case AV_CODEC_ID_GIF: maxpixels /= 16; break;
169  case AV_CODEC_ID_H264: maxpixels /= 256; break;
170  case AV_CODEC_ID_HAP: maxpixels /= 128; break;
171  case AV_CODEC_ID_HEVC: maxpixels /= 16384; break;
172  case AV_CODEC_ID_HNM4_VIDEO: maxpixels /= 128; break;
173  case AV_CODEC_ID_IFF_ILBM: maxpixels /= 128; break;
174  case AV_CODEC_ID_INDEO4: maxpixels /= 128; break;
175  case AV_CODEC_ID_INTERPLAY_ACM: maxsamples /= 16384; break;
176  case AV_CODEC_ID_LAGARITH: maxpixels /= 1024; break;
177  case AV_CODEC_ID_LSCR: maxpixels /= 16; break;
178  case AV_CODEC_ID_MOTIONPIXELS:maxpixels /= 256; break;
179  case AV_CODEC_ID_MP4ALS: maxsamples /= 65536; break;
180  case AV_CODEC_ID_MSA1: maxpixels /= 16384; break;
181  case AV_CODEC_ID_MSRLE: maxpixels /= 16; break;
182  case AV_CODEC_ID_MSS2: maxpixels /= 16384; break;
183  case AV_CODEC_ID_MSZH: maxpixels /= 128; break;
184  case AV_CODEC_ID_OPUS: maxsamples /= 16384; break;
185  case AV_CODEC_ID_PNG: maxpixels /= 128; break;
186  case AV_CODEC_ID_APNG: maxpixels /= 128; break;
187  case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
188  case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break;
189  case AV_CODEC_ID_RASC: maxpixels /= 16; break;
190  case AV_CODEC_ID_SANM: maxpixels /= 16; break;
191  case AV_CODEC_ID_SCPR: maxpixels /= 32; break;
192  case AV_CODEC_ID_SCREENPRESSO:maxpixels /= 64; break;
193  case AV_CODEC_ID_SMACKVIDEO: maxpixels /= 64; break;
194  case AV_CODEC_ID_SNOW: maxpixels /= 128; break;
195  case AV_CODEC_ID_TGV: maxpixels /= 32; break;
196  case AV_CODEC_ID_THEORA: maxpixels /= 1024; break;
197  case AV_CODEC_ID_TRUEMOTION2: maxpixels /= 1024; break;
198  case AV_CODEC_ID_TSCC: maxpixels /= 1024; break;
199  case AV_CODEC_ID_VC1IMAGE: maxpixels /= 8192; break;
200  case AV_CODEC_ID_VMNC: maxpixels /= 8192; break;
201  case AV_CODEC_ID_VP4: maxpixels /= 4096; break;
202  case AV_CODEC_ID_VP7: maxpixels /= 256; break;
203  case AV_CODEC_ID_VP9: maxpixels /= 4096; break;
204  case AV_CODEC_ID_WAVPACK: maxsamples /= 1024; break;
205  case AV_CODEC_ID_WMV3IMAGE: maxpixels /= 8192; break;
206  case AV_CODEC_ID_WS_VQA: maxpixels /= 16384; break;
207  case AV_CODEC_ID_WMALOSSLESS: maxsamples /= 1024; break;
208  case AV_CODEC_ID_ZEROCODEC: maxpixels /= 128; break;
209  }
210 
213 
215  AVCodecContext* parser_avctx = avcodec_alloc_context3(NULL);
216  if (!ctx || !parser_avctx)
217  error("Failed memory allocation");
218 
219  if (ctx->max_pixels == 0 || ctx->max_pixels > maxpixels_per_frame)
220  ctx->max_pixels = maxpixels_per_frame; //To reduce false positive OOM and hangs
221 
222  ctx->max_samples = maxsamples_per_frame;
223 
224  if (size > 1024) {
225  GetByteContext gbc;
226  int extradata_size;
227  int flags;
228  size -= 1024;
229  bytestream2_init(&gbc, data + size, 1024);
230  ctx->width = bytestream2_get_le32(&gbc);
231  ctx->height = bytestream2_get_le32(&gbc);
232  ctx->bit_rate = bytestream2_get_le64(&gbc);
233  ctx->bits_per_coded_sample = bytestream2_get_le32(&gbc);
234  // Try to initialize a parser for this codec, note, this may fail which just means we test without one
235  flags = bytestream2_get_byte(&gbc);
236  if (flags & 1)
237  parser = av_parser_init(c->id);
238  if (flags & 2)
240  if (flags & 4) {
241  ctx->err_recognition = AV_EF_AGGRESSIVE | AV_EF_COMPLIANT | AV_EF_CAREFUL;
242  if (flags & 8)
243  ctx->err_recognition |= AV_EF_EXPLODE;
244  }
245  if ((flags & 0x10) && c->id != AV_CODEC_ID_H264)
246  ctx->flags2 |= AV_CODEC_FLAG2_FAST;
247 
248  if (flags & 0x40)
250 
251  extradata_size = bytestream2_get_le32(&gbc);
252 
253  ctx->sample_rate = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
254  ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
255  ctx->block_align = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
256  ctx->codec_tag = bytestream2_get_le32(&gbc);
257  if (c->codec_tags) {
258  int n;
259  for (n = 0; c->codec_tags[n] != FF_CODEC_TAGS_END; n++);
260  ctx->codec_tag = c->codec_tags[ctx->codec_tag % n];
261  }
262  keyframes = bytestream2_get_le64(&gbc);
263  ctx->request_channel_layout = bytestream2_get_le64(&gbc);
264 
265  ctx->idct_algo = bytestream2_get_byte(&gbc) % 25;
266  flushpattern = bytestream2_get_le64(&gbc);
267 
268  if (flags & 0x20) {
269  switch (ctx->codec_id) {
270  case AV_CODEC_ID_AC3:
271  case AV_CODEC_ID_EAC3:
272  av_dict_set_int(&opts, "cons_noisegen", bytestream2_get_byte(&gbc) & 1, 0);
273  av_dict_set_int(&opts, "heavy_compr", bytestream2_get_byte(&gbc) & 1, 0);
274  av_dict_set_int(&opts, "target_level", (int)(bytestream2_get_byte(&gbc) % 32) - 31, 0);
275  av_dict_set_int(&opts, "dmix_mode", (int)(bytestream2_get_byte(&gbc) % 4) - 1, 0);
276  break;
277  }
278  }
279 
280 
281  if (extradata_size < size) {
282  ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
283  if (ctx->extradata) {
284  ctx->extradata_size = extradata_size;
285  size -= ctx->extradata_size;
286  memcpy(ctx->extradata, data + size, ctx->extradata_size);
287  }
288  }
289  if (av_image_check_size(ctx->width, ctx->height, 0, ctx))
290  ctx->width = ctx->height = 0;
291  }
292 
293  int res = avcodec_open2(ctx, c, &opts);
294  if (res < 0) {
296  av_free(parser_avctx);
297  av_parser_close(parser);
298  av_dict_free(&opts);
299  return 0; // Failure of avcodec_open2() does not imply that a issue was found
300  }
301  parser_avctx->codec_id = ctx->codec_id;
302 
303  int got_frame;
305  AVPacket *avpkt = av_packet_alloc();
306  AVPacket *parsepkt = av_packet_alloc();
307  if (!frame || !avpkt || !parsepkt)
308  error("Failed memory allocation");
309 
310  // Read very simple container
311  while (data < end && it < maxiteration) {
312  // Search for the TAG
313  while (data + sizeof(fuzz_tag) < end) {
314  if (data[0] == (fuzz_tag & 0xFF) && AV_RN64(data) == fuzz_tag)
315  break;
316  data++;
317  }
318  if (data + sizeof(fuzz_tag) > end)
319  data = end;
320 
321  res = av_new_packet(parsepkt, data - last);
322  if (res < 0)
323  error("Failed memory allocation");
324  memcpy(parsepkt->data, last, data - last);
325  parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
326  keyframes = (keyframes >> 2) + (keyframes<<62);
327  data += sizeof(fuzz_tag);
328  last = data;
329 
330  while (parsepkt->size > 0) {
331  int decode_more;
332 
333  if (parser) {
334  int ret = av_parser_parse2(parser, parser_avctx, &avpkt->data, &avpkt->size,
335  parsepkt->data, parsepkt->size,
336  parsepkt->pts, parsepkt->dts, parsepkt->pos);
337  if (avpkt->data == parsepkt->data) {
338  avpkt->buf = av_buffer_ref(parsepkt->buf);
339  if (!avpkt->buf)
340  error("Failed memory allocation");
341  } else {
342  if (av_packet_make_refcounted(avpkt) < 0)
343  error("Failed memory allocation");
344  }
345  parsepkt->data += ret;
346  parsepkt->size -= ret;
347  parsepkt->pos += ret;
348  avpkt->pts = parser->pts;
349  avpkt->dts = parser->dts;
350  avpkt->pos = parser->pos;
351  if ( parser->key_frame == 1 ||
352  (parser->key_frame == -1 && parser->pict_type == AV_PICTURE_TYPE_I))
353  avpkt->flags |= AV_PKT_FLAG_KEY;
354  avpkt->flags |= parsepkt->flags & AV_PKT_FLAG_DISCARD;
355  } else {
356  av_packet_move_ref(avpkt, parsepkt);
357  }
358 
359  if (!(flushpattern & 7))
361  flushpattern = (flushpattern >> 3) + (flushpattern << 61);
362 
363  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) {
364  int ret = avcodec_send_packet(ctx, avpkt);
365  decode_more = ret >= 0;
366  if(!decode_more) {
367  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
368  if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
369  ctx->error_concealment = 0;
370  if (ec_pixels > maxpixels)
371  goto maximums_reached;
372  }
373  } else
374  decode_more = 1;
375 
376  // Iterate through all data
377  while (decode_more && it++ < maxiteration) {
379  int ret = decode_handler(ctx, frame, &got_frame, avpkt);
380 
381  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
382  if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
383  ctx->error_concealment = 0;
384  if (ec_pixels > maxpixels)
385  goto maximums_reached;
386 
387  if (ctx->codec_type == AVMEDIA_TYPE_AUDIO &&
388  frame->nb_samples == 0 && !got_frame &&
389  (avpkt->flags & AV_PKT_FLAG_DISCARD))
390  nb_samples += ctx->max_samples;
391 
392  nb_samples += frame->nb_samples;
393  if (nb_samples > maxsamples)
394  goto maximums_reached;
395 
396  if (ret <= 0 || ret > avpkt->size)
397  break;
398 
399  if (ctx->codec_type == AVMEDIA_TYPE_SUBTITLE) {
400  avpkt->data += ret;
401  avpkt->size -= ret;
402  decode_more = avpkt->size > 0;
403  } else
404  decode_more = ret >= 0;
405  }
406  av_packet_unref(avpkt);
407  }
408  av_packet_unref(parsepkt);
409  }
410 maximums_reached:
411 
412  av_packet_unref(avpkt);
413 
414  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE)
416 
417  do {
418  got_frame = 0;
420  decode_handler(ctx, frame, &got_frame, avpkt);
421  } while (got_frame == 1 && it++ < maxiteration);
422 
423  fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it);
424 
427  avcodec_free_context(&parser_avctx);
428  av_parser_close(parser);
429  av_packet_free(&avpkt);
430  av_packet_free(&parsepkt);
431  av_dict_free(&opts);
432  return 0;
433 }
AV_CODEC_ID_TRUEMOTION2
@ AV_CODEC_ID_TRUEMOTION2
Definition: codec_id.h:126
AVSubtitle
Definition: avcodec.h:2389
av_packet_unref
void av_packet_unref(AVPacket *pkt)
Wipe the packet.
Definition: avpacket.c:403
av_force_cpu_flags
void av_force_cpu_flags(int arg)
Disables cpu detection and forces the specified flags.
Definition: cpu.c:67
AVCodec
AVCodec.
Definition: codec.h:197
AVMEDIA_TYPE_SUBTITLE
@ AVMEDIA_TYPE_SUBTITLE
Definition: avutil.h:204
AV_CODEC_ID_SANM
@ AV_CODEC_ID_SANM
Definition: codec_id.h:231
AV_CODEC_ID_LAGARITH
@ AV_CODEC_ID_LAGARITH
Definition: codec_id.h:196
AVCodecParserContext::pts
int64_t pts
Definition: avcodec.h:2895
AV_CODEC_ID_AC3
@ AV_CODEC_ID_AC3
Definition: codec_id.h:423
AV_CODEC_ID_APE
@ AV_CODEC_ID_APE
Definition: codec_id.h:452
FF_COMPLIANCE_EXPERIMENTAL
#define FF_COMPLIANCE_EXPERIMENTAL
Allow nonstandardized experimental things.
Definition: avcodec.h:1391
AVCodecParserContext::pict_type
int pict_type
Definition: avcodec.h:2884
GetByteContext
Definition: bytestream.h:33
AV_CODEC_ID_INTERPLAY_ACM
@ AV_CODEC_ID_INTERPLAY_ACM
Definition: codec_id.h:498
sub
static float sub(float src0, float src1)
Definition: dnn_backend_native_layer_mathbinary.c:32
AV_LOG_PANIC
#define AV_LOG_PANIC
Something went really wrong and we will crash now.
Definition: log.h:168
AV_PKT_FLAG_DISCARD
#define AV_PKT_FLAG_DISCARD
Flag is used to discard packets which are required to maintain valid decoder state but are not requir...
Definition: packet.h:403
AV_CODEC_ID_DIRAC
@ AV_CODEC_ID_DIRAC
Definition: codec_id.h:165
av_frame_free
void av_frame_free(AVFrame **frame)
Free the frame and any dynamically allocated objects in it, e.g.
Definition: frame.c:111
AV_RN64
#define AV_RN64(p)
Definition: intreadwrite.h:368
AVFrame
This structure describes decoded (raw) audio or video data.
Definition: frame.h:303
AVFormatContext::strict_std_compliance
int strict_std_compliance
Allow non-standard and experimental extension.
Definition: avformat.h:1397
avcodec_decode_subtitle2
int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, int *got_sub_ptr, AVPacket *avpkt)
Decode a subtitle message.
Definition: decode.c:791
internal.h
AVPacket::data
uint8_t * data
Definition: packet.h:365
data
const char data[16]
Definition: mxf.c:142
codec_list
const AVCodec * codec_list[]
AV_CODEC_ID_GDV
@ AV_CODEC_ID_GDV
Definition: codec_id.h:283
AV_CODEC_ID_ARBC
@ AV_CODEC_ID_ARBC
Definition: codec_id.h:291
AV_CODEC_ID_SCREENPRESSO
@ AV_CODEC_ID_SCREENPRESSO
Definition: codec_id.h:241
AV_EF_COMPLIANT
#define AV_EF_COMPLIANT
consider all spec non compliances as errors
Definition: avcodec.h:1445
AVDictionary
Definition: dict.c:30
AV_CODEC_ID_FLAC
@ AV_CODEC_ID_FLAC
Definition: codec_id.h:432
AV_CODEC_ID_APNG
@ AV_CODEC_ID_APNG
Definition: codec_id.h:263
AV_PKT_FLAG_KEY
#define AV_PKT_FLAG_KEY
The packet contains a keyframe.
Definition: packet.h:396
av_packet_free
void av_packet_free(AVPacket **pkt)
Free the packet, if the packet is reference counted, it will be unreferenced first.
Definition: avpacket.c:70
maxsamples
uint64_t maxsamples
Definition: target_dec_fuzzer.c:105
AVCodecParserContext::key_frame
int key_frame
Set by parser to 1 for key frames and 0 for non-key frames.
Definition: avcodec.h:2925
AV_CODEC_ID_IFF_ILBM
@ AV_CODEC_ID_IFF_ILBM
Definition: codec_id.h:185
AV_CODEC_ID_MSZH
@ AV_CODEC_ID_MSZH
Definition: codec_id.h:102
av_parser_init
AVCodecParserContext * av_parser_init(int codec_id)
Definition: parser.c:34
AV_CODEC_ID_FFWAVESYNTH
@ AV_CODEC_ID_FFWAVESYNTH
Definition: codec_id.h:488
AVCodecParserContext::dts
int64_t dts
Definition: avcodec.h:2896
avsubtitle_free
void avsubtitle_free(AVSubtitle *sub)
Free all allocated data in the given subtitle struct.
Definition: avcodec.c:436
av_frame_alloc
AVFrame * av_frame_alloc(void)
Allocate an AVFrame and set its fields to default values.
Definition: frame.c:98
AV_CODEC_ID_DVB_SUBTITLE
@ AV_CODEC_ID_DVB_SUBTITLE
Definition: codec_id.h:519
AVFormatContext::bit_rate
int64_t bit_rate
Total stream bitrate in bit/s, 0 if not available.
Definition: avformat.h:1215
AVCodecInitialize
static const AVCodec * AVCodecInitialize(enum AVCodecID codec_id)
Definition: target_dec_fuzzer.c:71
avassert.h
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition: target_dec_fuzzer.c:109
AV_CODEC_ID_CFHD
@ AV_CODEC_ID_CFHD
Definition: codec_id.h:265
avcodec_alloc_context3
AVCodecContext * avcodec_alloc_context3(const AVCodec *codec)
Allocate an AVCodecContext and set its fields to default values.
Definition: options.c:141
intreadwrite.h
av_new_packet
int av_new_packet(AVPacket *pkt, int size)
Allocate the payload of a packet and initialize its fields with default values.
Definition: avpacket.c:94
FF_CODEC_TAGS_END
#define FF_CODEC_TAGS_END
AVCodec.codec_tags termination value.
Definition: internal.h:85
AVMEDIA_TYPE_AUDIO
@ AVMEDIA_TYPE_AUDIO
Definition: avutil.h:202
AV_CODEC_ID_VP9
@ AV_CODEC_ID_VP9
Definition: codec_id.h:217
AV_CODEC_ID_WS_VQA
@ AV_CODEC_ID_WS_VQA
Definition: codec_id.h:93
avcodec_receive_frame
int avcodec_receive_frame(AVCodecContext *avctx, AVFrame *frame)
Return decoded output data from a decoder.
Definition: decode.c:628
ctx
AVFormatContext * ctx
Definition: movenc.c:48
codec_id
enum AVCodecID codec_id
Definition: vaapi_decode.c:369
AV_CODEC_ID_VC1IMAGE
@ AV_CODEC_ID_VC1IMAGE
Definition: codec_id.h:201
AV_CODEC_ID_H264
@ AV_CODEC_ID_H264
Definition: codec_id.h:76
AVCodecContext::codec_id
enum AVCodecID codec_id
Definition: avcodec.h:511
AV_CODEC_ID_PNG
@ AV_CODEC_ID_PNG
Definition: codec_id.h:110
if
if(ret)
Definition: filter_design.txt:179
opts
AVDictionary * opts
Definition: movenc.c:50
FUZZ_TAG
static const uint64_t FUZZ_TAG
Definition: target_dec_fuzzer.c:107
AVPacket::buf
AVBufferRef * buf
A reference to the reference-counted buffer where the packet data is stored.
Definition: packet.h:348
NULL
#define NULL
Definition: coverity.c:32
AV_CODEC_ID_DST
@ AV_CODEC_ID_DST
Definition: codec_id.h:501
AV_CODEC_ID_ZEROCODEC
@ AV_CODEC_ID_ZEROCODEC
Definition: codec_id.h:210
AVCodec::type
enum AVMediaType type
Definition: codec.h:210
avcodec_free_context
void avcodec_free_context(AVCodecContext **avctx)
Free the codec context and everything associated with it and write NULL to the provided pointer.
Definition: options.c:156
AV_CODEC_ID_WMALOSSLESS
@ AV_CODEC_ID_WMALOSSLESS
Definition: codec_id.h:458
AV_CODEC_ID_MOTIONPIXELS
@ AV_CODEC_ID_MOTIONPIXELS
Definition: codec_id.h:168
AV_CODEC_FLAG2_FAST
#define AV_CODEC_FLAG2_FAST
Allow non spec compliant speedup tricks.
Definition: avcodec.h:325
AV_PICTURE_TYPE_I
@ AV_PICTURE_TYPE_I
Intra.
Definition: avutil.h:274
avcodec_open2
int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *codec, AVDictionary **options)
Initialize the AVCodecContext to use the given AVCodec.
Definition: avcodec.c:135
AV_EF_EXPLODE
#define AV_EF_EXPLODE
abort decoding on minor error detection
Definition: avcodec.h:1441
av_packet_move_ref
void av_packet_move_ref(AVPacket *dst, AVPacket *src)
Move every field in src to dst and reset src.
Definition: avpacket.c:459
AV_CODEC_ID_VP4
@ AV_CODEC_ID_VP4
Definition: codec_id.h:294
AV_CODEC_ID_MP4ALS
@ AV_CODEC_ID_MP4ALS
Definition: codec_id.h:465
error
static void error(const char *err)
Definition: target_dec_fuzzer.c:64
AV_EF_CAREFUL
#define AV_EF_CAREFUL
consider things that violate the spec, are fast to calculate and have not been seen in the wild as er...
Definition: avcodec.h:1444
AVCodecID
AVCodecID
Identify the syntax and semantics of the bitstream.
Definition: codec_id.h:46
avcodec_find_decoder
const AVCodec * avcodec_find_decoder(enum AVCodecID id)
Find a registered decoder with a matching codec ID.
Definition: allcodecs.c:909
AV_CODEC_ID_EAC3
@ AV_CODEC_ID_EAC3
Definition: codec_id.h:460
AV_CODEC_ID_LSCR
@ AV_CODEC_ID_LSCR
Definition: codec_id.h:293
subtitle_handler
static int subtitle_handler(AVCodecContext *avctx, void *frame, int *got_sub_ptr, AVPacket *avpkt)
Definition: target_dec_fuzzer.c:81
AV_CODEC_ID_SCPR
@ AV_CODEC_ID_SCPR
Definition: codec_id.h:275
AVPacket::size
int size
Definition: packet.h:366
AV_CODEC_ID_RASC
@ AV_CODEC_ID_RASC
Definition: codec_id.h:289
AV_CODEC_ID_DXV
@ AV_CODEC_ID_DXV
Definition: codec_id.h:240
size
int size
Definition: twinvq_data.h:10344
AV_CODEC_ID_MSRLE
@ AV_CODEC_ID_MSRLE
Definition: codec_id.h:94
AV_CODEC_ID_OPUS
@ AV_CODEC_ID_OPUS
Definition: codec_id.h:480
AVPacket::dts
int64_t dts
Decompression timestamp in AVStream->time_base units; the time at which the packet is decompressed.
Definition: packet.h:364
FFMIN
#define FFMIN(a, b)
Definition: common.h:105
av_packet_make_refcounted
int av_packet_make_refcounted(AVPacket *pkt)
Ensure the data described by a given packet is reference counted.
Definition: avpacket.c:465
AVPacket::flags
int flags
A combination of AV_PKT_FLAG values.
Definition: packet.h:371
av_packet_alloc
AVPacket * av_packet_alloc(void)
Allocate an AVPacket and set its fields to default values.
Definition: avpacket.c:59
av_dict_free
void av_dict_free(AVDictionary **pm)
Free all the memory allocated for an AVDictionary struct and all keys and values.
Definition: dict.c:203
AV_CODEC_ID_INDEO4
@ AV_CODEC_ID_INDEO4
Definition: codec_id.h:160
AV_CODEC_ID_MSS2
@ AV_CODEC_ID_MSS2
Definition: codec_id.h:216
AVCodec::id
enum AVCodecID id
Definition: codec.h:211
AV_CODEC_ID_GIF
@ AV_CODEC_ID_GIF
Definition: codec_id.h:146
AV_CODEC_ID_TGV
@ AV_CODEC_ID_TGV
Definition: codec_id.h:169
AV_CODEC_ID_VP7
@ AV_CODEC_ID_VP7
Definition: codec_id.h:230
avcodec_send_packet
int avcodec_send_packet(AVCodecContext *avctx, const AVPacket *avpkt)
Supply raw packet data as input to a decoder.
Definition: decode.c:565
av_log_set_level
void av_log_set_level(int level)
Set the log level.
Definition: log.c:440
AVCodecParserContext::pos
int64_t pos
Byte position of currently parsed frame in stream.
Definition: avcodec.h:2978
AVPacket::pts
int64_t pts
Presentation timestamp in AVStream->time_base units; the time at which the decompressed packet will b...
Definition: packet.h:358
AV_CODEC_ID_THEORA
@ AV_CODEC_ID_THEORA
Definition: codec_id.h:79
AV_CODEC_ID_PAF_VIDEO
@ AV_CODEC_ID_PAF_VIDEO
Definition: codec_id.h:228
AV_CODEC_ID_HEVC
@ AV_CODEC_ID_HEVC
Definition: codec_id.h:223
AV_CODEC_ID_HNM4_VIDEO
@ AV_CODEC_ID_HNM4_VIDEO
Definition: codec_id.h:222
av_frame_unref
void av_frame_unref(AVFrame *frame)
Unreference all the buffers referenced by frame and reset the frame fields.
Definition: frame.c:436
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: mem.c:243
maxpixels_per_frame
uint64_t maxpixels_per_frame
Definition: target_dec_fuzzer.c:101
avcodec.h
AVCodecParserContext
Definition: avcodec.h:2876
AV_CODEC_ID_SMACKVIDEO
@ AV_CODEC_ID_SMACKVIDEO
Definition: codec_id.h:132
ret
ret
Definition: filter_design.txt:187
avcodec_flush_buffers
void avcodec_flush_buffers(AVCodecContext *avctx)
Reset the internal codec state / flush internal buffers.
Definition: avcodec.c:387
frame
these buffered frames must be flushed immediately if a new input produces new the filter must not call request_frame to get more It must just process the frame or queue it The task of requesting more frames is left to the filter s request_frame method or the application If a filter has several the filter must be ready for frames arriving randomly on any input any filter with several inputs will most likely require some kind of queuing mechanism It is perfectly acceptable to have a limited queue and to drop frames when the inputs are too unbalanced request_frame For filters that do not use the this method is called when a frame is wanted on an output For a it should directly call filter_frame on the corresponding output For a if there are queued frames already one of these frames should be pushed If the filter should request a frame on one of its repeatedly until at least one frame has been pushed Return or at least make progress towards producing a frame
Definition: filter_design.txt:264
avformat.h
audio_video_handler
static int audio_video_handler(AVCodecContext *avctx, AVFrame *frame, int *got_frame, const AVPacket *dummy)
Definition: target_dec_fuzzer.c:91
AV_INPUT_BUFFER_PADDING_SIZE
#define AV_INPUT_BUFFER_PADDING_SIZE
Definition: avcodec.h:192
AV_CODEC_ID_AGM
@ AV_CODEC_ID_AGM
Definition: codec_id.h:292
AVCodec::codec_tags
const uint32_t * codec_tags
List of supported codec_tags, terminated by FF_CODEC_TAGS_END.
Definition: codec.h:350
AVCodecContext
main external API structure.
Definition: avcodec.h:501
AV_CODEC_ID_SNOW
@ AV_CODEC_ID_SNOW
Definition: codec_id.h:261
AV_CODEC_ID_HAP
@ AV_CODEC_ID_HAP
Definition: codec_id.h:238
AV_CODEC_ID_BINKVIDEO
@ AV_CODEC_ID_BINKVIDEO
Definition: codec_id.h:184
dummy
int dummy
Definition: motion.c:64
c
static const AVCodec * c
Definition: target_dec_fuzzer.c:70
AV_CODEC_ID_MSA1
@ AV_CODEC_ID_MSA1
Definition: codec_id.h:212
av_buffer_ref
AVBufferRef * av_buffer_ref(AVBufferRef *buf)
Create a new reference to an AVBuffer.
Definition: buffer.c:93
AV_CODEC_ID_VMNC
@ AV_CODEC_ID_VMNC
Definition: codec_id.h:138
AV_EF_AGGRESSIVE
#define AV_EF_AGGRESSIVE
consider things that a sane encoder should not do as an error
Definition: avcodec.h:1446
av_dict_set_int
int av_dict_set_int(AVDictionary **pm, const char *key, int64_t value, int flags)
Convenience wrapper for av_dict_set that converts the value to a string and stores it.
Definition: dict.c:147
AVMEDIA_TYPE_VIDEO
@ AVMEDIA_TYPE_VIDEO
Definition: avutil.h:201
av_parser_parse2
int av_parser_parse2(AVCodecParserContext *s, AVCodecContext *avctx, uint8_t **poutbuf, int *poutbuf_size, const uint8_t *buf, int buf_size, int64_t pts, int64_t dts, int64_t pos)
Parse a packet.
Definition: parser.c:115
AV_CODEC_ID_QTRLE
@ AV_CODEC_ID_QTRLE
Definition: codec_id.h:104
it
s EdgeDetect Foobar g libavfilter vf_edgedetect c libavfilter vf_foobar c edit libavfilter and add an entry for foobar following the pattern of the other filters edit libavfilter allfilters and add an entry for foobar following the pattern of the other filters configure make j< whatever > ffmpeg ffmpeg i you should get a foobar png with Lena edge detected That s it
Definition: writing_filters.txt:31
AV_CODEC_ID_G2M
@ AV_CODEC_ID_G2M
Definition: codec_id.h:220
AV_CODEC_ID_TSCC
@ AV_CODEC_ID_TSCC
Definition: codec_id.h:105
av_free
#define av_free(p)
Definition: tableprint_vlc.h:34
AVPacket
This structure stores compressed data.
Definition: packet.h:342
AVPacket::pos
int64_t pos
byte position in stream, -1 if unknown
Definition: packet.h:385
bytestream.h
imgutils.h
bytestream2_init
static av_always_inline void bytestream2_init(GetByteContext *g, const uint8_t *buf, int buf_size)
Definition: bytestream.h:137
flags
#define flags(name, subs,...)
Definition: cbs_av1.c:561
AV_CODEC_ID_WAVPACK
@ AV_CODEC_ID_WAVPACK
Definition: codec_id.h:445
AV_CODEC_ID_COOK
@ AV_CODEC_ID_COOK
Definition: codec_id.h:440
maxpixels
uint64_t maxpixels
Definition: target_dec_fuzzer.c:102
AV_CODEC_ID_WMV3IMAGE
@ AV_CODEC_ID_WMV3IMAGE
Definition: codec_id.h:200
av_image_check_size
int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx)
Check if the given dimension of an image is valid, meaning that all bytes of the image can be address...
Definition: imgutils.c:315
FF_SANE_NB_CHANNELS
#define FF_SANE_NB_CHANNELS
Definition: internal.h:102
AV_CODEC_ID_FLV1
@ AV_CODEC_ID_FLV1
Definition: codec_id.h:70
int
int
Definition: ffmpeg_filter.c:156
maxiteration
const uint32_t maxiteration
Definition: target_dec_fuzzer.c:100
av_parser_close
void av_parser_close(AVCodecParserContext *s)
Definition: parser.c:187
maxsamples_per_frame
uint64_t maxsamples_per_frame
Definition: target_dec_fuzzer.c:104