1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <cstddef>
16 #include <cstdint>
17 #include "native_avcodec_videodecoder.h"
18 #include "native_averrors.h"
19 #include "native_avcodec_base.h"
20 #include "videodec_sample.h"
21 #include <fuzzer/FuzzedDataProvider.h>
22 #include <fstream>
23 using namespace std;
24 using namespace OHOS;
25 using namespace OHOS::Media;
26 #define FUZZ_PROJECT_NAME "hwdecoder_fuzzer"
27
28 static VDecFuzzSample *g_vDecSample = nullptr;
29 constexpr uint32_t DEFAULT_WIDTH = 1920;
30 constexpr uint32_t DEFAULT_HEIGHT = 1080;
31 constexpr uint32_t SPS_SIZE = 0x19;
32 constexpr uint32_t PPS_SIZE = 0x05;
33 constexpr uint32_t START_CODE_SIZE = 4;
34 constexpr uint8_t SPS[SPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x67, 0x64, 0x00, 0x28, 0xAC,
35 0xB4, 0x03, 0xC0, 0x11, 0x3F, 0x2E, 0x02, 0x20, 0x00,
36 0x00, 0x03, 0x00, 0x20, 0x00, 0x00, 0x07, 0x81, 0xE3,
37 0x06, 0x54};
38 constexpr uint8_t PPS[PPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x68, 0xEF, 0x0F, 0x2C, 0x8B};
39 bool g_isSurfMode = true;
40
SaveCorpus(const uint8_t * data,size_t size,const std::string & filename)41 void SaveCorpus(const uint8_t *data, size_t size, const std::string& filename)
42 {
43 std::ofstream file(filename, std::ios::out | std::ios::binary);
44 if (file.is_open()) {
45 file.write(reinterpret_cast<const char*>(data), size);
46 file.close();
47 }
48 }
RunNormalDecoder()49 void RunNormalDecoder()
50 {
51 VDecFuzzSample *vDecSample = new VDecFuzzSample();
52 vDecSample->defaultWidth = DEFAULT_WIDTH;
53 vDecSample->defaultHeight = DEFAULT_HEIGHT;
54 vDecSample->CreateVideoDecoder();
55 vDecSample->ConfigureVideoDecoder();
56 vDecSample->SetVideoDecoderCallback();
57 vDecSample->StartVideoDecoder();
58 vDecSample->WaitForEOS();
59 delete vDecSample;
60
61 vDecSample = new VDecFuzzSample();
62 vDecSample->isSurfMode = true;
63 vDecSample->defaultWidth = DEFAULT_WIDTH;
64 vDecSample->defaultHeight = DEFAULT_HEIGHT;
65 vDecSample->CreateVideoDecoder();
66 vDecSample->ConfigureVideoDecoder();
67 vDecSample->SetVideoDecoderCallback();
68 vDecSample->StartVideoDecoder();
69 vDecSample->WaitForEOS();
70 delete vDecSample;
71 }
72
73 bool g_needRunNormalDecoder = true;
74 namespace OHOS {
HwdecoderFuzzTest(const uint8_t * data,size_t size)75 bool HwdecoderFuzzTest(const uint8_t *data, size_t size)
76 {
77 if (size < sizeof(int32_t)) {
78 return false;
79 }
80 std::string filename = "/data/test/corpus-HwdecoderFuzzTest";
81 SaveCorpus(data, size, filename);
82 if (g_needRunNormalDecoder) {
83 g_needRunNormalDecoder = false;
84 RunNormalDecoder();
85 }
86 FuzzedDataProvider fdp(data, size);
87 int data0 = fdp.ConsumeIntegral<int32_t>();
88 if (!g_vDecSample) {
89 g_vDecSample = new VDecFuzzSample();
90 g_vDecSample->defaultWidth = DEFAULT_WIDTH;
91 g_vDecSample->defaultHeight = DEFAULT_HEIGHT;
92 int32_t ret = g_vDecSample->CreateVideoDecoder();
93 if (ret != 0) {
94 delete g_vDecSample;
95 g_vDecSample = nullptr;
96 return true;
97 }
98 g_vDecSample->ConfigureVideoDecoder();
99 g_vDecSample->SetVideoDecoderCallback();
100 g_vDecSample->Start();
101 g_vDecSample->InputFuncFUZZ(SPS, SPS_SIZE + START_CODE_SIZE);
102 g_vDecSample->InputFuncFUZZ(PPS, PPS_SIZE + START_CODE_SIZE);
103 }
104 g_vDecSample->InputFuncFUZZ(data, size);
105 g_vDecSample->SetParameter(data0);
106 g_vDecSample->Flush();
107 g_vDecSample->Stop();
108 g_vDecSample->Reset();
109 delete g_vDecSample;
110 g_vDecSample = nullptr;
111 return true;
112 }
113 } // namespace OHOS
114
115 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)116 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
117 {
118 /* Run your code on data */
119 OHOS::HwdecoderFuzzTest(data, size);
120 return 0;
121 }
122