FFmpeg
target_dec_fuzzer.c
Go to the documentation of this file.
1 /*
2  * This file is part of FFmpeg.
3  *
4  * FFmpeg is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * FFmpeg is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with FFmpeg; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17  */
18 
19 /* Targeted fuzzer that targets specific codecs depending on two
20  compile-time flags.
21  INSTRUCTIONS:
22 
23  * Get the very fresh clang, e.g. see http://libfuzzer.info#versions
24  * Get and build libFuzzer:
25  svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
26  ./Fuzzer/build.sh
27  * build ffmpeg for fuzzing:
28  FLAGS="-fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp -g" CC="clang $FLAGS" CXX="clang++ $FLAGS" ./configure --disable-x86asm
29  make clean && make -j
30  * build the fuzz target.
31  Choose the value of FFMPEG_CODEC (e.g. AV_CODEC_ID_DVD_SUBTITLE) and
32  choose one of FUZZ_FFMPEG_VIDEO, FUZZ_FFMPEG_AUDIO, FUZZ_FFMPEG_SUBTITLE.
33  clang -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp tools/target_dec_fuzzer.c -o target_dec_fuzzer -I. -DFFMPEG_CODEC=AV_CODEC_ID_MPEG1VIDEO -DFUZZ_FFMPEG_VIDEO ../../libfuzzer/libFuzzer.a -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavutil -Llibpostproc -Llibswscale -Llibswresample -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common -Wl,-rpath-link=:libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb -lX11 -lasound -lm -lbz2 -lz -pthread
34  * create a corpus directory and put some samples there (empty dir is ok too):
35  mkdir CORPUS && cp some-files CORPUS
36 
37  * Run fuzzing:
38  ./target_dec_fuzzer -max_len=100000 CORPUS
39 
40  More info:
41  http://libfuzzer.info
42  http://tutorial.libfuzzer.info
43  https://github.com/google/oss-fuzz
44  http://lcamtuf.coredump.cx/afl/
45  https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
46 */
47 
48 #include "config.h"
49 #include "libavutil/avassert.h"
50 #include "libavutil/cpu.h"
51 #include "libavutil/imgutils.h"
52 #include "libavutil/intreadwrite.h"
53 
54 #include "libavcodec/avcodec.h"
55 #include "libavcodec/bytestream.h"
56 #include "libavformat/avformat.h"
57 
58 //For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected
59 #include "libavcodec/internal.h"
60 
61 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
62 
63 extern const AVCodec * codec_list[];
64 
65 static void error(const char *err)
66 {
67  fprintf(stderr, "%s", err);
68  exit(1);
69 }
70 
71 static const AVCodec *c = NULL;
72 static const AVCodec *AVCodecInitialize(enum AVCodecID codec_id)
73 {
74  const AVCodec *res;
75 
76  res = avcodec_find_decoder(codec_id);
77  if (!res)
78  error("Failed to find decoder");
79  return res;
80 }
81 
82 static int subtitle_handler(AVCodecContext *avctx, void *frame,
83  int *got_sub_ptr, AVPacket *avpkt)
84 {
85  AVSubtitle sub;
86  int ret = avcodec_decode_subtitle2(avctx, &sub, got_sub_ptr, avpkt);
87  if (ret >= 0 && *got_sub_ptr)
88  avsubtitle_free(&sub);
89  return ret;
90 }
91 
92 static int audio_video_handler(AVCodecContext *avctx, AVFrame *frame,
93  int *got_frame, const AVPacket *dummy)
94 {
95  int ret = avcodec_receive_frame(avctx, frame);
96  *got_frame = ret >= 0;
97  return ret;
98 }
99 
100 // Ensure we don't loop forever
101 const uint32_t maxiteration = 8096;
102 
103 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
104 
105 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
106  uint64_t maxpixels_per_frame = 4096 * 4096;
107  uint64_t maxpixels;
108 
109  uint64_t maxsamples_per_frame = 256*1024*32;
110  uint64_t maxsamples;
111  const uint64_t fuzz_tag = FUZZ_TAG;
112  const uint8_t *last = data;
113  const uint8_t *end = data + size;
114  uint32_t it = 0;
115  uint64_t ec_pixels = 0;
116  uint64_t nb_samples = 0;
117  int (*decode_handler)(AVCodecContext *avctx, AVFrame *picture,
118  int *got_picture_ptr,
119  const AVPacket *avpkt) = NULL;
120  AVCodecParserContext *parser = NULL;
121  uint64_t keyframes = 0;
122  uint64_t flushpattern = -1;
123  AVDictionary *opts = NULL;
124 
125  if (!c) {
126 #ifdef FFMPEG_DECODER
127 #define DECODER_SYMBOL0(CODEC) ff_##CODEC##_decoder
128 #define DECODER_SYMBOL(CODEC) DECODER_SYMBOL0(CODEC)
129  extern AVCodec DECODER_SYMBOL(FFMPEG_DECODER);
130  codec_list[0] = &DECODER_SYMBOL(FFMPEG_DECODER);
131 
132 #if FFMPEG_DECODER == tiff || FFMPEG_DECODER == tdsc
133  extern AVCodec DECODER_SYMBOL(mjpeg);
134  codec_list[1] = &DECODER_SYMBOL(mjpeg);
135 #endif
136 
137  c = &DECODER_SYMBOL(FFMPEG_DECODER);
138 #else
139  c = AVCodecInitialize(FFMPEG_CODEC); // Done once.
140 #endif
141  av_log_set_level(AV_LOG_PANIC);
142  }
143 
144  switch (c->type) {
145  case AVMEDIA_TYPE_AUDIO :
146  case AVMEDIA_TYPE_VIDEO : decode_handler = audio_video_handler ; break;
147  case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; break;
148  }
149  switch (c->id) {
150  case AV_CODEC_ID_APE: maxsamples_per_frame /= 256; break;
151  }
152  maxpixels = maxpixels_per_frame * maxiteration;
153  maxsamples = maxsamples_per_frame * maxiteration;
154  switch (c->id) {
155  case AV_CODEC_ID_AGM: maxpixels /= 1024; break;
156  case AV_CODEC_ID_ARBC: maxpixels /= 1024; break;
157  case AV_CODEC_ID_BINKVIDEO: maxpixels /= 32; break;
158  case AV_CODEC_ID_CFHD: maxpixels /= 128; break;
159  case AV_CODEC_ID_COOK: maxsamples /= 1<<20; break;
160  case AV_CODEC_ID_DIRAC: maxpixels /= 8192; break;
161  case AV_CODEC_ID_DST: maxsamples /= 1<<20; break;
162  case AV_CODEC_ID_DVB_SUBTITLE: av_dict_set_int(&opts, "compute_clut", -2, 0); break;
163  case AV_CODEC_ID_DXV: maxpixels /= 32; break;
164  case AV_CODEC_ID_FFWAVESYNTH: maxsamples /= 16384; break;
165  case AV_CODEC_ID_FLAC: maxsamples /= 1024; break;
166  case AV_CODEC_ID_FLV1: maxpixels /= 1024; break;
167  case AV_CODEC_ID_G2M: maxpixels /= 1024; break;
168  case AV_CODEC_ID_GDV: maxpixels /= 512; break;
169  case AV_CODEC_ID_GIF: maxpixels /= 16; break;
170  case AV_CODEC_ID_H264: maxpixels /= 256; break;
171  case AV_CODEC_ID_HAP: maxpixels /= 128; break;
172  case AV_CODEC_ID_HEVC: maxpixels /= 16384; break;
173  case AV_CODEC_ID_HNM4_VIDEO: maxpixels /= 128; break;
174  case AV_CODEC_ID_IFF_ILBM: maxpixels /= 128; break;
175  case AV_CODEC_ID_INDEO4: maxpixels /= 128; break;
176  case AV_CODEC_ID_INTERPLAY_ACM: maxsamples /= 16384; break;
177  case AV_CODEC_ID_JPEG2000: maxpixels /= 16; break;
178  case AV_CODEC_ID_LAGARITH: maxpixels /= 1024; break;
179  case AV_CODEC_ID_VORBIS: maxsamples /= 1024; break;
180  case AV_CODEC_ID_LSCR: maxpixels /= 16; break;
181  case AV_CODEC_ID_MOTIONPIXELS:maxpixels /= 256; break;
182  case AV_CODEC_ID_MP4ALS: maxsamples /= 65536; break;
183  case AV_CODEC_ID_MSA1: maxpixels /= 16384; break;
184  case AV_CODEC_ID_MSRLE: maxpixels /= 16; break;
185  case AV_CODEC_ID_MSS2: maxpixels /= 16384; break;
186  case AV_CODEC_ID_MSZH: maxpixels /= 128; break;
187  case AV_CODEC_ID_OPUS: maxsamples /= 16384; break;
188  case AV_CODEC_ID_PNG: maxpixels /= 128; break;
189  case AV_CODEC_ID_APNG: maxpixels /= 128; break;
190  case AV_CODEC_ID_QTRLE: maxpixels /= 16; break;
191  case AV_CODEC_ID_PAF_VIDEO: maxpixels /= 16; break;
192  case AV_CODEC_ID_RASC: maxpixels /= 16; break;
193  case AV_CODEC_ID_SANM: maxpixels /= 16; break;
194  case AV_CODEC_ID_SCPR: maxpixels /= 32; break;
195  case AV_CODEC_ID_SCREENPRESSO:maxpixels /= 64; break;
196  case AV_CODEC_ID_SMACKVIDEO: maxpixels /= 64; break;
197  case AV_CODEC_ID_SNOW: maxpixels /= 128; break;
198  case AV_CODEC_ID_TAK: maxsamples /= 1024; break;
199  case AV_CODEC_ID_TGV: maxpixels /= 32; break;
200  case AV_CODEC_ID_THEORA: maxpixels /= 16384; break;
201  case AV_CODEC_ID_TRUEMOTION2: maxpixels /= 1024; break;
202  case AV_CODEC_ID_TSCC: maxpixels /= 1024; break;
203  case AV_CODEC_ID_VC1: maxpixels /= 8192; break;
204  case AV_CODEC_ID_VC1IMAGE: maxpixels /= 8192; break;
205  case AV_CODEC_ID_VMNC: maxpixels /= 8192; break;
206  case AV_CODEC_ID_VP3: maxpixels /= 4096; break;
207  case AV_CODEC_ID_VP4: maxpixels /= 4096; break;
208  case AV_CODEC_ID_VP5: maxpixels /= 256; break;
209  case AV_CODEC_ID_VP6F: maxpixels /= 4096; break;
210  case AV_CODEC_ID_VP7: maxpixels /= 256; break;
211  case AV_CODEC_ID_VP9: maxpixels /= 4096; break;
212  case AV_CODEC_ID_WAVPACK: maxsamples /= 1024; break;
213  case AV_CODEC_ID_WMV3IMAGE: maxpixels /= 8192; break;
214  case AV_CODEC_ID_WMV3: maxpixels /= 1024; break;
215  case AV_CODEC_ID_WS_VQA: maxpixels /= 16384; break;
216  case AV_CODEC_ID_WMALOSSLESS: maxsamples /= 1024; break;
217  case AV_CODEC_ID_ZEROCODEC: maxpixels /= 128; break;
218  }
219 
220  maxsamples_per_frame = FFMIN(maxsamples_per_frame, maxsamples);
221  maxpixels_per_frame = FFMIN(maxpixels_per_frame , maxpixels);
222 
223  AVCodecContext* ctx = avcodec_alloc_context3(c);
224  AVCodecContext* parser_avctx = avcodec_alloc_context3(NULL);
225  if (!ctx || !parser_avctx)
226  error("Failed memory allocation");
227 
228  if (ctx->max_pixels == 0 || ctx->max_pixels > maxpixels_per_frame)
229  ctx->max_pixels = maxpixels_per_frame; //To reduce false positive OOM and hangs
230 
231  ctx->max_samples = maxsamples_per_frame;
232 
233  if (size > 1024) {
234  GetByteContext gbc;
235  int extradata_size;
236  int flags;
237  int64_t flags64;
238 
239  size -= 1024;
240  bytestream2_init(&gbc, data + size, 1024);
241  ctx->width = bytestream2_get_le32(&gbc);
242  ctx->height = bytestream2_get_le32(&gbc);
243  ctx->bit_rate = bytestream2_get_le64(&gbc);
244  ctx->bits_per_coded_sample = bytestream2_get_le32(&gbc);
245  // Try to initialize a parser for this codec, note, this may fail which just means we test without one
246  flags = bytestream2_get_byte(&gbc);
247  if (flags & 1)
248  parser = av_parser_init(c->id);
249  if (flags & 2)
250  ctx->strict_std_compliance = FF_COMPLIANCE_EXPERIMENTAL;
251  if (flags & 4) {
252  ctx->err_recognition = AV_EF_AGGRESSIVE | AV_EF_COMPLIANT | AV_EF_CAREFUL;
253  if (flags & 8)
254  ctx->err_recognition |= AV_EF_EXPLODE;
255  }
256  if ((flags & 0x10) && c->id != AV_CODEC_ID_H264)
257  ctx->flags2 |= AV_CODEC_FLAG2_FAST;
258  if (flags & 0x80)
259  ctx->flags2 |= AV_CODEC_FLAG2_EXPORT_MVS;
260 
261  if (flags & 0x40)
262  av_force_cpu_flags(0);
263 
264  extradata_size = bytestream2_get_le32(&gbc);
265 
266  ctx->sample_rate = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
267  ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS;
268  ctx->block_align = bytestream2_get_le32(&gbc) & 0x7FFFFFFF;
269  ctx->codec_tag = bytestream2_get_le32(&gbc);
270  if (c->codec_tags) {
271  int n;
272  for (n = 0; c->codec_tags[n] != FF_CODEC_TAGS_END; n++);
273  ctx->codec_tag = c->codec_tags[ctx->codec_tag % n];
274  }
275  keyframes = bytestream2_get_le64(&gbc);
276  ctx->request_channel_layout = bytestream2_get_le64(&gbc);
277 
278  ctx->idct_algo = bytestream2_get_byte(&gbc) % 25;
279  flushpattern = bytestream2_get_le64(&gbc);
280  ctx->skip_frame = bytestream2_get_byte(&gbc) - 254 + AVDISCARD_ALL;
281 
282 
283  if (flags & 0x20) {
284  switch (ctx->codec_id) {
285  case AV_CODEC_ID_AC3:
286  case AV_CODEC_ID_EAC3:
287  av_dict_set_int(&opts, "cons_noisegen", bytestream2_get_byte(&gbc) & 1, 0);
288  av_dict_set_int(&opts, "heavy_compr", bytestream2_get_byte(&gbc) & 1, 0);
289  av_dict_set_int(&opts, "target_level", (int)(bytestream2_get_byte(&gbc) % 32) - 31, 0);
290  av_dict_set_int(&opts, "dmix_mode", (int)(bytestream2_get_byte(&gbc) % 4) - 1, 0);
291  break;
292  }
293  }
294 
295  flags64 = bytestream2_get_le64(&gbc);
296  if (flags64 &1)
297  ctx->debug |= FF_DEBUG_SKIP;
298  if (flags64 &2)
299  ctx->debug |= FF_DEBUG_QP;
300  if (flags64 &4)
301  ctx->debug |= FF_DEBUG_MB_TYPE;
302 
303  if (extradata_size < size) {
304  ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE);
305  if (ctx->extradata) {
306  ctx->extradata_size = extradata_size;
307  size -= ctx->extradata_size;
308  memcpy(ctx->extradata, data + size, ctx->extradata_size);
309  }
310  }
311  if (av_image_check_size(ctx->width, ctx->height, 0, ctx))
312  ctx->width = ctx->height = 0;
313  }
314 
315  int res = avcodec_open2(ctx, c, &opts);
316  if (res < 0) {
317  avcodec_free_context(&ctx);
318  av_free(parser_avctx);
319  av_parser_close(parser);
320  av_dict_free(&opts);
321  return 0; // Failure of avcodec_open2() does not imply that a issue was found
322  }
323  parser_avctx->codec_id = ctx->codec_id;
324  parser_avctx->extradata_size = ctx->extradata_size;
325  parser_avctx->extradata = ctx->extradata ? av_memdup(ctx->extradata, ctx->extradata_size + AV_INPUT_BUFFER_PADDING_SIZE) : NULL;
326 
327 
328  int got_frame;
329  AVFrame *frame = av_frame_alloc();
330  AVPacket *avpkt = av_packet_alloc();
331  AVPacket *parsepkt = av_packet_alloc();
332  if (!frame || !avpkt || !parsepkt)
333  error("Failed memory allocation");
334 
335  // Read very simple container
336  while (data < end && it < maxiteration) {
337  // Search for the TAG
338  while (data + sizeof(fuzz_tag) < end) {
339  if (data[0] == (fuzz_tag & 0xFF) && AV_RN64(data) == fuzz_tag)
340  break;
341  data++;
342  }
343  if (data + sizeof(fuzz_tag) > end)
344  data = end;
345 
346  res = av_new_packet(parsepkt, data - last);
347  if (res < 0)
348  error("Failed memory allocation");
349  memcpy(parsepkt->data, last, data - last);
350  parsepkt->flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY;
351  keyframes = (keyframes >> 2) + (keyframes<<62);
352  data += sizeof(fuzz_tag);
353  last = data;
354 
355  while (parsepkt->size > 0) {
356  int decode_more;
357 
358  if (parser) {
359  int ret = av_parser_parse2(parser, parser_avctx, &avpkt->data, &avpkt->size,
360  parsepkt->data, parsepkt->size,
361  parsepkt->pts, parsepkt->dts, parsepkt->pos);
362  if (avpkt->data == parsepkt->data) {
363  avpkt->buf = av_buffer_ref(parsepkt->buf);
364  if (!avpkt->buf)
365  error("Failed memory allocation");
366  } else {
367  if (av_packet_make_refcounted(avpkt) < 0)
368  error("Failed memory allocation");
369  }
370  parsepkt->data += ret;
371  parsepkt->size -= ret;
372  parsepkt->pos += ret;
373  avpkt->pts = parser->pts;
374  avpkt->dts = parser->dts;
375  avpkt->pos = parser->pos;
376  if ( parser->key_frame == 1 ||
377  (parser->key_frame == -1 && parser->pict_type == AV_PICTURE_TYPE_I))
378  avpkt->flags |= AV_PKT_FLAG_KEY;
379  avpkt->flags |= parsepkt->flags & AV_PKT_FLAG_DISCARD;
380  } else {
381  av_packet_move_ref(avpkt, parsepkt);
382  }
383 
384  if (!(flushpattern & 7))
385  avcodec_flush_buffers(ctx);
386  flushpattern = (flushpattern >> 3) + (flushpattern << 61);
387 
388  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) {
389  int ret = avcodec_send_packet(ctx, avpkt);
390  decode_more = ret >= 0;
391  if(!decode_more) {
392  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
393  if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
394  ctx->error_concealment = 0;
395  if (ec_pixels > maxpixels)
396  goto maximums_reached;
397  }
398  } else
399  decode_more = 1;
400 
401  // Iterate through all data
402  while (decode_more && it++ < maxiteration) {
403  av_frame_unref(frame);
404  int ret = decode_handler(ctx, frame, &got_frame, avpkt);
405 
406  ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
407  if (it > 20 || ec_pixels > 4 * ctx->max_pixels)
408  ctx->error_concealment = 0;
409  if (ec_pixels > maxpixels)
410  goto maximums_reached;
411 
412  if (ctx->codec_type == AVMEDIA_TYPE_AUDIO &&
413  frame->nb_samples == 0 && !got_frame &&
414  (avpkt->flags & AV_PKT_FLAG_DISCARD))
415  nb_samples += ctx->max_samples;
416 
417  nb_samples += frame->nb_samples;
418  if (nb_samples > maxsamples)
419  goto maximums_reached;
420 
421  if (ret <= 0 || ret > avpkt->size)
422  break;
423 
424  if (ctx->codec_type == AVMEDIA_TYPE_SUBTITLE) {
425  avpkt->data += ret;
426  avpkt->size -= ret;
427  decode_more = avpkt->size > 0;
428  } else
429  decode_more = ret >= 0;
430  }
431  av_packet_unref(avpkt);
432  }
433  av_packet_unref(parsepkt);
434  }
435 maximums_reached:
436 
437  av_packet_unref(avpkt);
438 
439  if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE)
440  avcodec_send_packet(ctx, NULL);
441 
442  do {
443  got_frame = 0;
444  av_frame_unref(frame);
445  decode_handler(ctx, frame, &got_frame, avpkt);
446 
447  nb_samples += frame->nb_samples;
448  if (nb_samples > maxsamples)
449  break;
450  } while (got_frame == 1 && it++ < maxiteration);
451 
452  fprintf(stderr, "pixels decoded: %"PRId64", samples decoded: %"PRId64", iterations: %d\n", ec_pixels, nb_samples, it);
453 
454  av_frame_free(&frame);
455  avcodec_free_context(&ctx);
456  avcodec_free_context(&parser_avctx);
457  av_parser_close(parser);
458  av_packet_free(&avpkt);
459  av_packet_free(&parsepkt);
460  av_dict_free(&opts);
461  return 0;
462 }
AV_CODEC_ID_TRUEMOTION2
@ AV_CODEC_ID_TRUEMOTION2
Definition: codec_id.h:127
AVSubtitle
Definition: avcodec.h:2289
av_packet_unref
void av_packet_unref(AVPacket *pkt)
Wipe the packet.
Definition: avpacket.c:417
av_force_cpu_flags
void av_force_cpu_flags(int arg)
Disables cpu detection and forces the specified flags.
Definition: cpu.c:68
AVCodec
AVCodec.
Definition: codec.h:202
AVMEDIA_TYPE_SUBTITLE
@ AVMEDIA_TYPE_SUBTITLE
Definition: avutil.h:204
AV_CODEC_ID_VP6F
@ AV_CODEC_ID_VP6F
Definition: codec_id.h:142
AV_CODEC_ID_SANM
@ AV_CODEC_ID_SANM
Definition: codec_id.h:232
AV_CODEC_ID_LAGARITH
@ AV_CODEC_ID_LAGARITH
Definition: codec_id.h:197
AVCodecParserContext::pts
int64_t pts
Definition: avcodec.h:2794
AV_CODEC_ID_AC3
@ AV_CODEC_ID_AC3
Definition: codec_id.h:425
AV_CODEC_ID_APE
@ AV_CODEC_ID_APE
Definition: codec_id.h:454
FF_COMPLIANCE_EXPERIMENTAL
#define FF_COMPLIANCE_EXPERIMENTAL
Allow nonstandardized experimental things.
Definition: avcodec.h:1285
AVCodecParserContext::pict_type
int pict_type
Definition: avcodec.h:2783
GetByteContext
Definition: bytestream.h:33
AV_CODEC_ID_INTERPLAY_ACM
@ AV_CODEC_ID_INTERPLAY_ACM
Definition: codec_id.h:500
sub
static float sub(float src0, float src1)
Definition: dnn_backend_native_layer_mathbinary.c:31
AV_LOG_PANIC
#define AV_LOG_PANIC
Something went really wrong and we will crash now.
Definition: log.h:167
AV_PKT_FLAG_DISCARD
#define AV_PKT_FLAG_DISCARD
Flag is used to discard packets which are required to maintain valid decoder state but are not requir...
Definition: packet.h:432
AV_CODEC_ID_DIRAC
@ AV_CODEC_ID_DIRAC
Definition: codec_id.h:166
av_frame_free
void av_frame_free(AVFrame **frame)
Free the frame and any dynamically allocated objects in it, e.g.
Definition: frame.c:112
AV_RN64
#define AV_RN64(p)
Definition: intreadwrite.h:368
AVFrame
This structure describes decoded (raw) audio or video data.
Definition: frame.h:303
AVFormatContext::strict_std_compliance
int strict_std_compliance
Allow non-standard and experimental extension.
Definition: avformat.h:1394
avcodec_decode_subtitle2
int avcodec_decode_subtitle2(AVCodecContext *avctx, AVSubtitle *sub, int *got_sub_ptr, AVPacket *avpkt)
Decode a subtitle message.
Definition: decode.c:806
internal.h
AVPacket::data
uint8_t * data
Definition: packet.h:373
data
const char data[16]
Definition: mxf.c:143
codec_list
const AVCodec * codec_list[]
AV_CODEC_ID_GDV
@ AV_CODEC_ID_GDV
Definition: codec_id.h:284
AV_CODEC_ID_ARBC
@ AV_CODEC_ID_ARBC
Definition: codec_id.h:292
AV_CODEC_ID_SCREENPRESSO
@ AV_CODEC_ID_SCREENPRESSO
Definition: codec_id.h:242
AV_EF_COMPLIANT
#define AV_EF_COMPLIANT
consider all spec non compliances as errors
Definition: avcodec.h:1339
AVDictionary
Definition: dict.c:30
AV_CODEC_ID_FLAC
@ AV_CODEC_ID_FLAC
Definition: codec_id.h:434
av_buffer_ref
AVBufferRef * av_buffer_ref(const AVBufferRef *buf)
Create a new reference to an AVBuffer.
Definition: buffer.c:103
AV_CODEC_ID_APNG
@ AV_CODEC_ID_APNG
Definition: codec_id.h:264
AV_PKT_FLAG_KEY
#define AV_PKT_FLAG_KEY
The packet contains a keyframe.
Definition: packet.h:425
av_packet_free
void av_packet_free(AVPacket **pkt)
Free the packet, if the packet is reference counted, it will be unreferenced first.
Definition: avpacket.c:75
av_memdup
void * av_memdup(const void *p, size_t size)
Duplicate a buffer with av_malloc().
Definition: mem.c:311
AVCodecParserContext::key_frame
int key_frame
Set by parser to 1 for key frames and 0 for non-key frames.
Definition: avcodec.h:2824
AV_CODEC_ID_IFF_ILBM
@ AV_CODEC_ID_IFF_ILBM
Definition: codec_id.h:186
AV_CODEC_ID_MSZH
@ AV_CODEC_ID_MSZH
Definition: codec_id.h:103
av_parser_init
AVCodecParserContext * av_parser_init(int codec_id)
Definition: parser.c:34
AV_CODEC_ID_FFWAVESYNTH
@ AV_CODEC_ID_FFWAVESYNTH
Definition: codec_id.h:490
AVCodecParserContext::dts
int64_t dts
Definition: avcodec.h:2795
avsubtitle_free
void avsubtitle_free(AVSubtitle *sub)
Free all allocated data in the given subtitle struct.
Definition: avcodec.c:429
av_frame_alloc
AVFrame * av_frame_alloc(void)
Allocate an AVFrame and set its fields to default values.
Definition: frame.c:99
AV_CODEC_ID_DVB_SUBTITLE
@ AV_CODEC_ID_DVB_SUBTITLE
Definition: codec_id.h:522
AVFormatContext::bit_rate
int64_t bit_rate
Total stream bitrate in bit/s, 0 if not available.
Definition: avformat.h:1206
AVCodecInitialize
static const AVCodec * AVCodecInitialize(enum AVCodecID codec_id)
Definition: target_dec_fuzzer.c:72
avassert.h
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition: target_dec_fuzzer.c:105
AV_CODEC_ID_CFHD
@ AV_CODEC_ID_CFHD
Definition: codec_id.h:266
AVCodecContext::extradata_size
int extradata_size
Definition: avcodec.h:485
avcodec_alloc_context3
AVCodecContext * avcodec_alloc_context3(const AVCodec *codec)
Allocate an AVCodecContext and set its fields to default values.
Definition: options.c:141
intreadwrite.h
av_new_packet
int av_new_packet(AVPacket *pkt, int size)
Allocate the payload of a packet and initialize its fields with default values.
Definition: avpacket.c:99
FF_CODEC_TAGS_END
#define FF_CODEC_TAGS_END
AVCodec.codec_tags termination value.
Definition: internal.h:91
AVMEDIA_TYPE_AUDIO
@ AVMEDIA_TYPE_AUDIO
Definition: avutil.h:202
AV_CODEC_ID_VP9
@ AV_CODEC_ID_VP9
Definition: codec_id.h:218
AV_CODEC_ID_WS_VQA
@ AV_CODEC_ID_WS_VQA
Definition: codec_id.h:94
avcodec_receive_frame
int avcodec_receive_frame(AVCodecContext *avctx, AVFrame *frame)
Return decoded output data from a decoder.
Definition: decode.c:643
ctx
AVFormatContext * ctx
Definition: movenc.c:48
codec_id
enum AVCodecID codec_id
Definition: vaapi_decode.c:369
AV_CODEC_ID_VC1IMAGE
@ AV_CODEC_ID_VC1IMAGE
Definition: codec_id.h:202
AV_CODEC_ID_H264
@ AV_CODEC_ID_H264
Definition: codec_id.h:77
AVCodecContext::codec_id
enum AVCodecID codec_id
Definition: avcodec.h:393
AV_CODEC_ID_PNG
@ AV_CODEC_ID_PNG
Definition: codec_id.h:111
if
if(ret)
Definition: filter_design.txt:179
AVDISCARD_ALL
@ AVDISCARD_ALL
discard all
Definition: defs.h:54
AV_CODEC_ID_WMV3
@ AV_CODEC_ID_WMV3
Definition: codec_id.h:121
opts
AVDictionary * opts
Definition: movenc.c:50
FUZZ_TAG
static const uint64_t FUZZ_TAG
Definition: target_dec_fuzzer.c:103
AVPacket::buf
AVBufferRef * buf
A reference to the reference-counted buffer where the packet data is stored.
Definition: packet.h:356
NULL
#define NULL
Definition: coverity.c:32
AV_CODEC_ID_DST
@ AV_CODEC_ID_DST
Definition: codec_id.h:503
AV_CODEC_ID_ZEROCODEC
@ AV_CODEC_ID_ZEROCODEC
Definition: codec_id.h:211
AVCodec::type
enum AVMediaType type
Definition: codec.h:215
avcodec_free_context
void avcodec_free_context(AVCodecContext **avctx)
Free the codec context and everything associated with it and write NULL to the provided pointer.
Definition: options.c:156
FF_DEBUG_MB_TYPE
#define FF_DEBUG_MB_TYPE
Definition: avcodec.h:1306
AV_CODEC_ID_WMALOSSLESS
@ AV_CODEC_ID_WMALOSSLESS
Definition: codec_id.h:460
AV_CODEC_ID_MOTIONPIXELS
@ AV_CODEC_ID_MOTIONPIXELS
Definition: codec_id.h:169
AV_CODEC_FLAG2_FAST
#define AV_CODEC_FLAG2_FAST
Allow non spec compliant speedup tricks.
Definition: avcodec.h:287
AV_PICTURE_TYPE_I
@ AV_PICTURE_TYPE_I
Intra.
Definition: avutil.h:274
avcodec_open2
int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *codec, AVDictionary **options)
Initialize the AVCodecContext to use the given AVCodec.
Definition: avcodec.c:137
AV_EF_EXPLODE
#define AV_EF_EXPLODE
abort decoding on minor error detection
Definition: avcodec.h:1335
av_packet_move_ref
void av_packet_move_ref(AVPacket *dst, AVPacket *src)
Move every field in src to dst and reset src.
Definition: avpacket.c:474
AV_CODEC_ID_VP4
@ AV_CODEC_ID_VP4
Definition: codec_id.h:295
AV_CODEC_ID_MP4ALS
@ AV_CODEC_ID_MP4ALS
Definition: codec_id.h:467
error
static void error(const char *err)
Definition: target_dec_fuzzer.c:65
AV_EF_CAREFUL
#define AV_EF_CAREFUL
consider things that violate the spec, are fast to calculate and have not been seen in the wild as er...
Definition: avcodec.h:1338
AVCodecID
AVCodecID
Identify the syntax and semantics of the bitstream.
Definition: codec_id.h:47
avcodec_find_decoder
const AVCodec * avcodec_find_decoder(enum AVCodecID id)
Find a registered decoder with a matching codec ID.
Definition: allcodecs.c:917
AV_CODEC_ID_EAC3
@ AV_CODEC_ID_EAC3
Definition: codec_id.h:462
AV_CODEC_ID_LSCR
@ AV_CODEC_ID_LSCR
Definition: codec_id.h:294
subtitle_handler
static int subtitle_handler(AVCodecContext *avctx, void *frame, int *got_sub_ptr, AVPacket *avpkt)
Definition: target_dec_fuzzer.c:82
AV_CODEC_ID_SCPR
@ AV_CODEC_ID_SCPR
Definition: codec_id.h:276
AVPacket::size
int size
Definition: packet.h:374
cpu.h
AV_CODEC_ID_RASC
@ AV_CODEC_ID_RASC
Definition: codec_id.h:290
AV_CODEC_ID_DXV
@ AV_CODEC_ID_DXV
Definition: codec_id.h:241
size
int size
Definition: twinvq_data.h:10344
AV_CODEC_ID_MSRLE
@ AV_CODEC_ID_MSRLE
Definition: codec_id.h:95
AV_CODEC_ID_OPUS
@ AV_CODEC_ID_OPUS
Definition: codec_id.h:482
AVPacket::dts
int64_t dts
Decompression timestamp in AVStream->time_base units; the time at which the packet is decompressed.
Definition: packet.h:372
av_packet_make_refcounted
int av_packet_make_refcounted(AVPacket *pkt)
Ensure the data described by a given packet is reference counted.
Definition: avpacket.c:480
AVPacket::flags
int flags
A combination of AV_PKT_FLAG values.
Definition: packet.h:379
av_packet_alloc
AVPacket * av_packet_alloc(void)
Allocate an AVPacket and set its fields to default values.
Definition: avpacket.c:64
av_dict_free
void av_dict_free(AVDictionary **pm)
Free all the memory allocated for an AVDictionary struct and all keys and values.
Definition: dict.c:203
AV_CODEC_ID_INDEO4
@ AV_CODEC_ID_INDEO4
Definition: codec_id.h:161
AV_CODEC_ID_MSS2
@ AV_CODEC_ID_MSS2
Definition: codec_id.h:217
AVCodec::id
enum AVCodecID id
Definition: codec.h:216
AV_CODEC_ID_VP5
@ AV_CODEC_ID_VP5
Definition: codec_id.h:140
AV_CODEC_ID_VP3
@ AV_CODEC_ID_VP3
Definition: codec_id.h:79
AV_CODEC_ID_GIF
@ AV_CODEC_ID_GIF
Definition: codec_id.h:147
AV_CODEC_ID_TGV
@ AV_CODEC_ID_TGV
Definition: codec_id.h:170
AV_CODEC_ID_VP7
@ AV_CODEC_ID_VP7
Definition: codec_id.h:231
avcodec_send_packet
int avcodec_send_packet(AVCodecContext *avctx, const AVPacket *avpkt)
Supply raw packet data as input to a decoder.
Definition: decode.c:580
av_log_set_level
void av_log_set_level(int level)
Set the log level.
Definition: log.c:440
AVCodecParserContext::pos
int64_t pos
Byte position of currently parsed frame in stream.
Definition: avcodec.h:2877
AVPacket::pts
int64_t pts
Presentation timestamp in AVStream->time_base units; the time at which the decompressed packet will b...
Definition: packet.h:366
AVCodecContext::extradata
uint8_t * extradata
some codecs need / can use extradata like Huffman tables.
Definition: avcodec.h:484
AV_CODEC_ID_THEORA
@ AV_CODEC_ID_THEORA
Definition: codec_id.h:80
FF_DEBUG_SKIP
#define FF_DEBUG_SKIP
Definition: avcodec.h:1309
AV_CODEC_ID_PAF_VIDEO
@ AV_CODEC_ID_PAF_VIDEO
Definition: codec_id.h:229
AV_CODEC_ID_HEVC
@ AV_CODEC_ID_HEVC
Definition: codec_id.h:224
FFMIN
#define FFMIN(a, b)
Definition: macros.h:49
AV_CODEC_ID_HNM4_VIDEO
@ AV_CODEC_ID_HNM4_VIDEO
Definition: codec_id.h:223
av_frame_unref
void av_frame_unref(AVFrame *frame)
Unreference all the buffers referenced by frame and reset the frame fields.
Definition: frame.c:437
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: mem.c:263
AV_CODEC_ID_VC1
@ AV_CODEC_ID_VC1
Definition: codec_id.h:120
AV_CODEC_ID_JPEG2000
@ AV_CODEC_ID_JPEG2000
Definition: codec_id.h:138
avcodec.h
AVCodecParserContext
Definition: avcodec.h:2775
AV_CODEC_ID_SMACKVIDEO
@ AV_CODEC_ID_SMACKVIDEO
Definition: codec_id.h:133
ret
ret
Definition: filter_design.txt:187
avcodec_flush_buffers
void avcodec_flush_buffers(AVCodecContext *avctx)
Reset the internal codec state / flush internal buffers.
Definition: avcodec.c:380
frame
these buffered frames must be flushed immediately if a new input produces new the filter must not call request_frame to get more It must just process the frame or queue it The task of requesting more frames is left to the filter s request_frame method or the application If a filter has several the filter must be ready for frames arriving randomly on any input any filter with several inputs will most likely require some kind of queuing mechanism It is perfectly acceptable to have a limited queue and to drop frames when the inputs are too unbalanced request_frame For filters that do not use the this method is called when a frame is wanted on an output For a it should directly call filter_frame on the corresponding output For a if there are queued frames already one of these frames should be pushed If the filter should request a frame on one of its repeatedly until at least one frame has been pushed Return or at least make progress towards producing a frame
Definition: filter_design.txt:264
avformat.h
audio_video_handler
static int audio_video_handler(AVCodecContext *avctx, AVFrame *frame, int *got_frame, const AVPacket *dummy)
Definition: target_dec_fuzzer.c:92
FF_DEBUG_QP
#define FF_DEBUG_QP
Definition: avcodec.h:1307
AV_INPUT_BUFFER_PADDING_SIZE
#define AV_INPUT_BUFFER_PADDING_SIZE
Definition: defs.h:40
AV_CODEC_ID_AGM
@ AV_CODEC_ID_AGM
Definition: codec_id.h:293
AVCodec::codec_tags
const uint32_t * codec_tags
List of supported codec_tags, terminated by FF_CODEC_TAGS_END.
Definition: codec.h:356
AVFormatContext::debug
int debug
Flags to enable debugging.
Definition: avformat.h:1369
AVCodecContext
main external API structure.
Definition: avcodec.h:383
AV_CODEC_ID_SNOW
@ AV_CODEC_ID_SNOW
Definition: codec_id.h:262
AV_CODEC_ID_HAP
@ AV_CODEC_ID_HAP
Definition: codec_id.h:239
AV_CODEC_ID_BINKVIDEO
@ AV_CODEC_ID_BINKVIDEO
Definition: codec_id.h:185
dummy
int dummy
Definition: motion.c:65
c
static const AVCodec * c
Definition: target_dec_fuzzer.c:71
AV_CODEC_ID_MSA1
@ AV_CODEC_ID_MSA1
Definition: codec_id.h:213
AV_CODEC_ID_VMNC
@ AV_CODEC_ID_VMNC
Definition: codec_id.h:139
AV_EF_AGGRESSIVE
#define AV_EF_AGGRESSIVE
consider things that a sane encoder should not do as an error
Definition: avcodec.h:1340
av_dict_set_int
int av_dict_set_int(AVDictionary **pm, const char *key, int64_t value, int flags)
Convenience wrapper for av_dict_set that converts the value to a string and stores it.
Definition: dict.c:147
AVMEDIA_TYPE_VIDEO
@ AVMEDIA_TYPE_VIDEO
Definition: avutil.h:201
av_parser_parse2
int av_parser_parse2(AVCodecParserContext *s, AVCodecContext *avctx, uint8_t **poutbuf, int *poutbuf_size, const uint8_t *buf, int buf_size, int64_t pts, int64_t dts, int64_t pos)
Parse a packet.
Definition: parser.c:117
AV_CODEC_ID_QTRLE
@ AV_CODEC_ID_QTRLE
Definition: codec_id.h:105
it
s EdgeDetect Foobar g libavfilter vf_edgedetect c libavfilter vf_foobar c edit libavfilter and add an entry for foobar following the pattern of the other filters edit libavfilter allfilters and add an entry for foobar following the pattern of the other filters configure make j< whatever > ffmpeg ffmpeg i you should get a foobar png with Lena edge detected That s it
Definition: writing_filters.txt:31
AV_CODEC_ID_G2M
@ AV_CODEC_ID_G2M
Definition: codec_id.h:221
AV_CODEC_ID_TSCC
@ AV_CODEC_ID_TSCC
Definition: codec_id.h:106
AV_CODEC_FLAG2_EXPORT_MVS
#define AV_CODEC_FLAG2_EXPORT_MVS
Export motion vectors through frame side data.
Definition: avcodec.h:319
av_free
#define av_free(p)
Definition: tableprint_vlc.h:34
AVPacket
This structure stores compressed data.
Definition: packet.h:350
AVPacket::pos
int64_t pos
byte position in stream, -1 if unknown
Definition: packet.h:393
AV_CODEC_ID_TAK
@ AV_CODEC_ID_TAK
Definition: codec_id.h:484
bytestream.h
imgutils.h
bytestream2_init
static av_always_inline void bytestream2_init(GetByteContext *g, const uint8_t *buf, int buf_size)
Definition: bytestream.h:137
flags
#define flags(name, subs,...)
Definition: cbs_av1.c:561
AV_CODEC_ID_WAVPACK
@ AV_CODEC_ID_WAVPACK
Definition: codec_id.h:447
AV_CODEC_ID_COOK
@ AV_CODEC_ID_COOK
Definition: codec_id.h:442
AV_CODEC_ID_VORBIS
@ AV_CODEC_ID_VORBIS
Definition: codec_id.h:427
AV_CODEC_ID_WMV3IMAGE
@ AV_CODEC_ID_WMV3IMAGE
Definition: codec_id.h:201
av_image_check_size
int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *log_ctx)
Check if the given dimension of an image is valid, meaning that all bytes of the image can be address...
Definition: imgutils.c:318
FF_SANE_NB_CHANNELS
#define FF_SANE_NB_CHANNELS
Definition: internal.h:101
AV_CODEC_ID_FLV1
@ AV_CODEC_ID_FLV1
Definition: codec_id.h:71
int
int
Definition: ffmpeg_filter.c:156
maxiteration
const uint32_t maxiteration
Definition: target_dec_fuzzer.c:101
av_parser_close
void av_parser_close(AVCodecParserContext *s)
Definition: parser.c:191
Generated on Sat Sep 25 2021 19:22:17 for FFmpeg by   doxygen 1.8.17