1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <cstddef>
16 #include <cstdint>
17 #include "native_avcodec_videodecoder.h"
18 #include "native_averrors.h"
19 #include "native_avcodec_base.h"
20 #include "videodec_api11_sample.h"
21 #include <fuzzer/FuzzedDataProvider.h>
22 #include <fstream>
23 using namespace std;
24 using namespace OHOS;
25 using namespace OHOS::Media;
26 #define FUZZ_PROJECT_NAME "hwdecoderapi11_fuzzer"
27
28 static VDecApi11FuzzSample *g_vDecSample = nullptr;
29 constexpr uint32_t DEFAULT_WIDTH = 1920;
30 constexpr uint32_t DEFAULT_HEIGHT = 1080;
31 constexpr double DEFAULT_FRAME_RATE = 30.0;
32 constexpr uint32_t SPS_SIZE = 0x19;
33 constexpr uint32_t PPS_SIZE = 0x05;
34 constexpr uint32_t START_CODE_SIZE = 4;
35 constexpr uint8_t SPS[SPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x67, 0x64, 0x00, 0x28, 0xAC,
36 0xB4, 0x03, 0xC0, 0x11, 0x3F, 0x2E, 0x02, 0x20, 0x00,
37 0x00, 0x03, 0x00, 0x20, 0x00, 0x00, 0x07, 0x81, 0xE3,
38 0x06, 0x54};
39 constexpr uint8_t PPS[PPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x68, 0xEF, 0x0F, 0x2C, 0x8B};
40 bool g_isSurfMode = true;
41
42 namespace OHOS {
SaveCorpus(const uint8_t * data,size_t size,const std::string & filename)43 void SaveCorpus(const uint8_t *data, size_t size, const std::string& filename)
44 {
45 std::ofstream file(filename, std::ios::out | std::ios::binary);
46 if (file.is_open()) {
47 file.write(reinterpret_cast<const char*>(data), size);
48 file.close();
49 }
50 }
RunNormalDecoder()51 void RunNormalDecoder()
52 {
53 VDecApi11FuzzSample *vDecSample = new VDecApi11FuzzSample();
54 vDecSample->defaultWidth = DEFAULT_WIDTH;
55 vDecSample->defaultHeight = DEFAULT_HEIGHT;
56 vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
57 int32_t ret = vDecSample->CreateVideoDecoder();
58 if (ret != AV_ERR_OK) {
59 delete vDecSample;
60 vDecSample = nullptr;
61 return;
62 }
63 vDecSample->ConfigureVideoDecoder();
64 vDecSample->SetVideoDecoderCallback();
65 vDecSample->StartVideoDecoder();
66 vDecSample->WaitForEOS();
67 delete vDecSample;
68
69 vDecSample = new VDecApi11FuzzSample();
70 vDecSample->isSurfMode = true;
71 vDecSample->defaultWidth = DEFAULT_WIDTH;
72 vDecSample->defaultHeight = DEFAULT_HEIGHT;
73 vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
74 ret = vDecSample->CreateVideoDecoder();
75 if (ret != AV_ERR_OK) {
76 delete vDecSample;
77 vDecSample = nullptr;
78 return;
79 }
80 vDecSample->ConfigureVideoDecoder();
81 vDecSample->SetVideoDecoderCallback();
82 vDecSample->StartVideoDecoder();
83 vDecSample->WaitForEOS();
84 delete vDecSample;
85 }
86
ReleaseSample()87 bool ReleaseSample()
88 {
89 delete g_vDecSample;
90 g_vDecSample = nullptr;
91 return true;
92 }
93
94 bool g_needRunNormalDecoder = true;
HwdecoderApi11FuzzTest(const uint8_t * data,size_t size)95 bool HwdecoderApi11FuzzTest(const uint8_t *data, size_t size)
96 {
97 if (size < sizeof(int32_t)) {
98 return false;
99 }
100 std::string filename = "/data/test/corpus-HwdecoderAPI11H2658BitFuzzTest";
101 SaveCorpus(data, size, filename);
102 if (g_needRunNormalDecoder) {
103 g_needRunNormalDecoder = false;
104 RunNormalDecoder();
105 }
106 FuzzedDataProvider fdp(data, size);
107 int data0 = fdp.ConsumeIntegral<int32_t>();
108 if (!g_vDecSample) {
109 g_vDecSample = new VDecApi11FuzzSample();
110 g_vDecSample->defaultWidth = DEFAULT_WIDTH;
111 g_vDecSample->defaultHeight = DEFAULT_HEIGHT;
112 g_vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
113 g_vDecSample->renderTimestampNs = fdp.ConsumeIntegral<int64_t>();
114 g_vDecSample->isRenderAttime = fdp.ConsumeBool();
115 int32_t ret = g_vDecSample->CreateVideoDecoder();
116 if (ret != AV_ERR_OK) {
117 return ReleaseSample();
118 }
119 if (g_vDecSample->ConfigureVideoDecoder() != AV_ERR_OK) {
120 return ReleaseSample();
121 }
122 if (g_vDecSample->SetVideoDecoderCallback() != AV_ERR_OK) {
123 return ReleaseSample();
124 }
125 if (g_vDecSample->Start() != AV_ERR_OK) {
126 return ReleaseSample();
127 }
128 g_vDecSample->InputFuncFUZZ(SPS, SPS_SIZE + START_CODE_SIZE);
129 g_vDecSample->InputFuncFUZZ(PPS, PPS_SIZE + START_CODE_SIZE);
130 g_vDecSample->InputFuncFUZZ(data, size);
131 g_vDecSample->SetParameter(data0);
132 g_vDecSample->Flush();
133 g_vDecSample->Stop();
134 g_vDecSample->Reset();
135 delete g_vDecSample;
136 g_vDecSample = nullptr;
137 }
138 return true;
139 }
140 } // namespace OHOS
141
142 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)143 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
144 {
145 /* Run your code on data */
146 OHOS::HwdecoderApi11FuzzTest(data, size);
147 return 0;
148 }
149