1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "playersei_fuzzer.h"
17 #include <unistd.h>
18 #include <fcntl.h>
19 #include "fuzzer/FuzzedDataProvider.h"
20 #include <cstddef>
21 #include <cstdint>
22 #include <fcntl.h>
23 #include <fstream>
24
25 using namespace std;
26 using namespace OHOS;
27 using namespace OHOS::Media;
28
29 namespace OHOS {
30 namespace Media {
31 const char *DATA_PATH = "/data/test/fuzz_create.mp4";
32 const std::string TYPE_HEVC = "video/hevc";
33
PlayerSeiFuzzer()34 PlayerSeiFuzzer::PlayerSeiFuzzer()
35 {
36 }
37
~PlayerSeiFuzzer()38 PlayerSeiFuzzer::~PlayerSeiFuzzer()
39 {
40 }
41
ReadAVBufferFromLocalFile()42 std::shared_ptr<AVBuffer> ReadAVBufferFromLocalFile()
43 {
44 std::ifstream inputFile(DATA_PATH, std::ios::binary);
45 if (!inputFile.is_open()) {
46 return nullptr;
47 }
48 inputFile.seekg(0, std::ios::end);
49 std::streampos fileSize = inputFile.tellg();
50
51 inputFile.seekg(0, std::ios::beg);
52
53 AVBufferConfig config;
54 config.size = fileSize;
55 config.memoryType = MemoryType::VIRTUAL_MEMORY;
56 auto avBuffer = AVBuffer::CreateAVBuffer(config);
57 if (avBuffer == nullptr || avBuffer->memory_ == nullptr || avBuffer->memory_->GetAddr() == nullptr) {
58 return nullptr;
59 }
60 inputFile.read(reinterpret_cast<char *>(avBuffer->memory_->GetAddr()), fileSize);
61 avBuffer->memory_->SetSize(fileSize);
62 return avBuffer;
63 }
64
RunFuzz(uint8_t * data,size_t size)65 bool PlayerSeiFuzzer::RunFuzz(uint8_t *data, size_t size)
66 {
67 int32_t fd = open(DATA_PATH, O_RDONLY);
68 std::shared_ptr<SeiParserHelper> seiParserHelper = SeiParserHelperFactory::CreateHelper(TYPE_HEVC);
69 if (seiParserHelper == nullptr) {
70 return false;
71 }
72
73 auto buffer = ReadAVBufferFromLocalFile();
74
75 FuzzedDataProvider fdp(data, size);
76 seiParserHelper->SetPayloadTypeVec({ 5 });
77 std::shared_ptr<SeiPayloadInfoGroup> group = std::make_shared<SeiPayloadInfoGroup>();
78 seiParserHelper->ParseSeiPayload(buffer, group);
79 close(fd);
80 return true;
81 }
82 }
83 }
84
85 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)86 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size)
87 {
88 if (size < sizeof(int64_t)) {
89 return false;
90 }
91 int32_t fd = open(DATA_PATH, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
92 if (fd < 0) {
93 return false;
94 }
95 int len = write(fd, data, size);
96 if (len <= 0) {
97 close(fd);
98 return false;
99 }
100 close(fd);
101 PlayerSeiFuzzer player;
102 player.RunFuzz(data, size);
103 unlink(DATA_PATH);
104 return 0;
105 }
106
107