• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2019, Alliance for Open Media. All rights reserved
3  *
4  * This source code is subject to the terms of the BSD 2 Clause License and
5  * the Alliance for Open Media Patent License 1.0. If the BSD 2 Clause License
6  * was not distributed with this source code in the LICENSE file, you can
7  * obtain it at www.aomedia.org/license/software. If the Alliance for Open
8  * Media Patent License 1.0 was not distributed with this source code in the
9  * PATENTS file, you can obtain it at www.aomedia.org/license/patent.
10  */
11 
12 /*
13  * See build_av1_dec_fuzzer.sh for building instructions.
14  */
15 
16 #include <stddef.h>
17 #include <stdint.h>
18 #include <stdio.h>
19 #include <stdlib.h>
20 #include <algorithm>
21 #include <memory>
22 #include "config/aom_config.h"
23 #include "aom/aom_decoder.h"
24 #include "aom/aomdx.h"
25 #include "aom_ports/mem_ops.h"
26 
27 #define IVF_FRAME_HDR_SZ (4 + 8) /* 4 byte size + 8 byte timestamp */
28 #define IVF_FILE_HDR_SZ 32
29 
usage_exit(void)30 extern "C" void usage_exit(void) { exit(EXIT_FAILURE); }
31 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)32 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
33   if (size <= IVF_FILE_HDR_SZ) {
34     return 0;
35   }
36 
37   aom_codec_iface_t *codec_interface = aom_codec_av1_dx();
38   aom_codec_ctx_t codec;
39   // Set thread count in the range [1, 64].
40   const unsigned int threads = (data[IVF_FILE_HDR_SZ] & 0x3f) + 1;
41   aom_codec_dec_cfg_t cfg = { threads, 0, 0, !FORCE_HIGHBITDEPTH_DECODING };
42   if (aom_codec_dec_init(&codec, codec_interface, &cfg, 0)) {
43     return 0;
44   }
45 
46   data += IVF_FILE_HDR_SZ;
47   size -= IVF_FILE_HDR_SZ;
48 
49   while (size > IVF_FRAME_HDR_SZ) {
50     size_t frame_size = mem_get_le32(data);
51     size -= IVF_FRAME_HDR_SZ;
52     data += IVF_FRAME_HDR_SZ;
53     frame_size = std::min(size, frame_size);
54 
55     const aom_codec_err_t err =
56         aom_codec_decode(&codec, data, frame_size, nullptr);
57     static_cast<void>(err);
58     aom_codec_iter_t iter = nullptr;
59     aom_image_t *img = nullptr;
60     while ((img = aom_codec_get_frame(&codec, &iter)) != nullptr) {
61     }
62     data += frame_size;
63     size -= frame_size;
64   }
65   aom_codec_destroy(&codec);
66   return 0;
67 }
68