From 837eb320b818eec11005ae63eaa777c5ee17f536 Mon Sep 17 00:00:00 2001 From: James Almer Date: Sat, 14 Nov 2020 22:11:17 -0300 Subject: tools/target_bsf_fuzzer: Call av_bsf_flush() in a fuzzer choosen pattern This should increase coverage. Based on a commit by Michael Niedermayer Signed-off-by: James Almer --- tools/target_bsf_fuzzer.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'tools/target_bsf_fuzzer.c') diff --git a/tools/target_bsf_fuzzer.c b/tools/target_bsf_fuzzer.c index 5d9f90075d..da8d62dd0b 100644 --- a/tools/target_bsf_fuzzer.c +++ b/tools/target_bsf_fuzzer.c @@ -43,6 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { AVBSFContext *bsf = NULL; AVPacket in, out; uint64_t keyframes = 0; + uint64_t flushpattern = -1; int res; if (!f) { @@ -86,6 +87,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { bsf->par_in->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS; bsf->par_in->block_align = bytestream2_get_le32(&gbc); keyframes = bytestream2_get_le64(&gbc); + flushpattern = bytestream2_get_le64(&gbc); if (extradata_size < size) { bsf->par_in->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); @@ -128,6 +130,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { data += sizeof(fuzz_tag); last = data; + if (!(flushpattern & 7)) + av_bsf_flush(bsf); + flushpattern = (flushpattern >> 3) + (flushpattern << 61); + while (in.size) { res = av_bsf_send_packet(bsf, &in); if (res < 0 && res != AVERROR(EAGAIN)) -- cgit v1.2.3