diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2020-06-08 11:26:45 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2020-06-11 13:49:54 +0200 |
| commit | d3747f44315e2c6a07fcb85c973b863dd1a6614a (patch) | |
| tree | 5e3e841d8e35c62847df6f466c5f7299dc431919 /tools | |
| parent | bc8ab084fb07419b7cb13b460460b1ae8facf1d1 (diff) | |
tools/target_dem_fuzzer: Use file extensions listed in input formats
This should make it easier for the fuzzer to fuzz formats being detected only by
file extension and thus increase coverage
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/target_dem_fuzzer.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c index cc097da0d7..b8356c5aa1 100644 --- a/tools/target_dem_fuzzer.c +++ b/tools/target_dem_fuzzer.c @@ -18,6 +18,7 @@ #include "config.h" #include "libavutil/avassert.h" +#include "libavutil/avstring.h" #include "libavcodec/avcodec.h" #include "libavcodec/bytestream.h" @@ -110,14 +111,38 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { error("Failed avformat_alloc_context()"); if (size > 2048) { + int flags; + char extension[64]; + GetByteContext gbc; memcpy (filename, data + size - 1024, 1024); bytestream2_init(&gbc, data + size - 2048, 1024); size -= 2048; io_buffer_size = bytestream2_get_le32(&gbc) & 0xFFFFFFF; - seekable = bytestream2_get_byte(&gbc) & 1; + flags = bytestream2_get_byte(&gbc); + seekable = flags & 1; filesize = bytestream2_get_le64(&gbc) & 0x7FFFFFFFFFFFFFFF; + + if ((flags & 2) && strlen(filename) < sizeof(filename) / 2) { + AVInputFormat *avif = NULL; + int avif_count = 0; + while ((avif = av_iformat_next(avif))) { + if (avif->extensions) + avif_count ++; + } + avif_count = bytestream2_get_le32(&gbc) % avif_count; + + while ((avif = av_iformat_next(avif))) { + if (avif->extensions) + if (!avif_count--) + break; + } + av_strlcpy(extension, avif->extensions, sizeof(extension)); + if (strchr(extension, ',')) + *strchr(extension, ',') = 0; + av_strlcatf(filename, sizeof(filename), ".%s", extension); + } } io_buffer = av_malloc(io_buffer_size); if (!io_buffer) |