1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <cstddef>
16 #include <cstdint>
17 #include "native_avcodec_videodecoder.h"
18 #include "native_averrors.h"
19 #include "native_avcodec_base.h"
20 #include "videodec_api11_sample.h"
21 #include <fuzzer/FuzzedDataProvider.h>
22 #include <fstream>
23 using namespace std;
24 using namespace OHOS;
25 using namespace OHOS::Media;
26 #define FUZZ_PROJECT_NAME "hwdecoderapi11_fuzzer"
27
28 static VDecApi11FuzzSample *g_vDecSample = nullptr;
29 constexpr uint32_t DEFAULT_WIDTH = 1920;
30 constexpr uint32_t DEFAULT_HEIGHT = 1080;
31 constexpr double DEFAULT_FRAME_RATE = 30.0;
32 constexpr uint32_t SPS_SIZE = 0x19;
33 constexpr uint32_t PPS_SIZE = 0x05;
34 constexpr uint32_t START_CODE_SIZE = 4;
35 constexpr uint32_t UINT32_SIZE = 32;
36 constexpr uint8_t SPS[SPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x67, 0x64, 0x00, 0x28, 0xAC,
37 0xB4, 0x03, 0xC0, 0x11, 0x3F, 0x2E, 0x02, 0x20, 0x00,
38 0x00, 0x03, 0x00, 0x20, 0x00, 0x00, 0x07, 0x81, 0xE3,
39 0x06, 0x54};
40 constexpr uint8_t PPS[PPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x68, 0xEF, 0x0F, 0x2C, 0x8B};
41 bool g_isSurfMode = true;
42
43 namespace OHOS {
44
SaveCorpus(const uint8_t * data,size_t size,const std::string & filename)45 void SaveCorpus(const uint8_t *data, size_t size, const std::string& filename)
46 {
47 std::ofstream file(filename, std::ios::out | std::ios::binary);
48 if (file.is_open()) {
49 file.write(reinterpret_cast<const char*>(data), size);
50 file.close();
51 }
52 }
RunNormalDecoder()53 void RunNormalDecoder()
54 {
55 VDecApi11FuzzSample *vDecSample = new VDecApi11FuzzSample();
56 vDecSample->defaultWidth = DEFAULT_WIDTH;
57 vDecSample->defaultHeight = DEFAULT_HEIGHT;
58 vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
59 int32_t ret = vDecSample->CreateVideoDecoder();
60 if (ret != AV_ERR_OK) {
61 delete vDecSample;
62 vDecSample = nullptr;
63 return;
64 }
65 vDecSample->ConfigureVideoDecoder();
66 vDecSample->SetVideoDecoderCallback();
67 vDecSample->StartVideoDecoder();
68 vDecSample->WaitForEOS();
69 delete vDecSample;
70
71 vDecSample = new VDecApi11FuzzSample();
72 vDecSample->isSurfMode = true;
73 vDecSample->defaultWidth = DEFAULT_WIDTH;
74 vDecSample->defaultHeight = DEFAULT_HEIGHT;
75 vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
76 ret = vDecSample->CreateVideoDecoder();
77 if (ret != AV_ERR_OK) {
78 delete vDecSample;
79 vDecSample = nullptr;
80 return;
81 }
82 vDecSample->ConfigureVideoDecoder();
83 vDecSample->SetVideoDecoderCallback();
84 vDecSample->StartVideoDecoder();
85 vDecSample->WaitForEOS();
86 delete vDecSample;
87 }
88
ReleaseSample()89 bool ReleaseSample()
90 {
91 delete g_vDecSample;
92 g_vDecSample = nullptr;
93 return true;
94 }
95
96 bool g_needRunNormalDecoder = true;
HwdecoderApi11FuzzTest(const uint8_t * data,size_t size)97 bool HwdecoderApi11FuzzTest(const uint8_t *data, size_t size)
98 {
99 if (size < sizeof(int32_t)) {
100 return false;
101 }
102 std::string filename = "/data/test/corpus-HwdecoderApi11FuzzTest";
103 SaveCorpus(data, size, filename);
104 if (g_needRunNormalDecoder) {
105 g_needRunNormalDecoder = false;
106 RunNormalDecoder();
107 }
108 FuzzedDataProvider fdp(data, size);
109 int data0 = fdp.ConsumeIntegral<int32_t>();
110 if (!g_vDecSample) {
111 g_vDecSample = new VDecApi11FuzzSample();
112 g_vDecSample->defaultWidth = DEFAULT_WIDTH;
113 g_vDecSample->defaultHeight = DEFAULT_HEIGHT;
114 g_vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
115 g_vDecSample->enbleBlankFrame = fdp.ConsumeIntegral<int>();
116 g_vDecSample->renderTimestampNs = fdp.ConsumeIntegral<int64_t>();
117 g_vDecSample->isRenderAttime = (data0 << (UINT32_SIZE - 1));
118 int32_t ret = g_vDecSample->CreateVideoDecoder();
119 if (ret != AV_ERR_OK) {
120 return ReleaseSample();
121 }
122 if (g_vDecSample->ConfigureVideoDecoder() != AV_ERR_OK) {
123 return ReleaseSample();
124 }
125 if (g_vDecSample->SetVideoDecoderCallback() != AV_ERR_OK) {
126 return ReleaseSample();
127 }
128 if (g_vDecSample->Start() != AV_ERR_OK) {
129 return ReleaseSample();
130 }
131 g_vDecSample->InputFuncFUZZ(SPS, SPS_SIZE + START_CODE_SIZE);
132 g_vDecSample->InputFuncFUZZ(PPS, PPS_SIZE + START_CODE_SIZE);
133 g_vDecSample->InputFuncFUZZ(data, size);
134 g_vDecSample->SetParameter(data0);
135 g_vDecSample->Flush();
136 g_vDecSample->Stop();
137 g_vDecSample->Reset();
138 delete g_vDecSample;
139 g_vDecSample = nullptr;
140 }
141 return true;
142 }
143 } // namespace OHOS
144
145 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)146 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
147 {
148 /* Run your code on data */
149 OHOS::HwdecoderApi11FuzzTest(data, size);
150 return 0;
151 }
152