1 /*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <datasource/FileSource.h>
18 #include <fcntl.h>
19 #include <fuzzer/FuzzedDataProvider.h>
20 #include <media/NdkMediaFormat.h>
21 #include <sys/mman.h>
22 #include <unistd.h>
23 #include <utils/Log.h>
24 #include <fstream>
25
26 const char* kValidKeys[] = {
27 AMEDIAFORMAT_KEY_AAC_DRC_ATTENUATION_FACTOR,
28 AMEDIAFORMAT_KEY_AAC_DRC_BOOST_FACTOR,
29 AMEDIAFORMAT_KEY_AAC_DRC_HEAVY_COMPRESSION,
30 AMEDIAFORMAT_KEY_AAC_DRC_TARGET_REFERENCE_LEVEL,
31 AMEDIAFORMAT_KEY_AAC_ENCODED_TARGET_LEVEL,
32 AMEDIAFORMAT_KEY_AAC_MAX_OUTPUT_CHANNEL_COUNT,
33 AMEDIAFORMAT_KEY_AAC_PROFILE,
34 AMEDIAFORMAT_KEY_AAC_SBR_MODE,
35 AMEDIAFORMAT_KEY_ALBUM,
36 AMEDIAFORMAT_KEY_ALBUMART,
37 AMEDIAFORMAT_KEY_ALBUMARTIST,
38 AMEDIAFORMAT_KEY_ARTIST,
39 AMEDIAFORMAT_KEY_AUDIO_PRESENTATION_INFO,
40 AMEDIAFORMAT_KEY_AUDIO_PRESENTATION_PRESENTATION_ID,
41 AMEDIAFORMAT_KEY_AUDIO_PRESENTATION_PROGRAM_ID,
42 AMEDIAFORMAT_KEY_AUDIO_SESSION_ID,
43 AMEDIAFORMAT_KEY_AUTHOR,
44 AMEDIAFORMAT_KEY_BITRATE_MODE,
45 AMEDIAFORMAT_KEY_BIT_RATE,
46 AMEDIAFORMAT_KEY_BITS_PER_SAMPLE,
47 AMEDIAFORMAT_KEY_CAPTURE_RATE,
48 AMEDIAFORMAT_KEY_CDTRACKNUMBER,
49 AMEDIAFORMAT_KEY_CHANNEL_COUNT,
50 AMEDIAFORMAT_KEY_CHANNEL_MASK,
51 AMEDIAFORMAT_KEY_COLOR_FORMAT,
52 AMEDIAFORMAT_KEY_COLOR_RANGE,
53 AMEDIAFORMAT_KEY_COLOR_STANDARD,
54 AMEDIAFORMAT_KEY_COLOR_TRANSFER,
55 AMEDIAFORMAT_KEY_COMPILATION,
56 AMEDIAFORMAT_KEY_COMPLEXITY,
57 AMEDIAFORMAT_KEY_COMPOSER,
58 AMEDIAFORMAT_KEY_CREATE_INPUT_SURFACE_SUSPENDED,
59 AMEDIAFORMAT_KEY_CRYPTO_DEFAULT_IV_SIZE,
60 AMEDIAFORMAT_KEY_CRYPTO_ENCRYPTED_BYTE_BLOCK,
61 AMEDIAFORMAT_KEY_CRYPTO_ENCRYPTED_SIZES,
62 AMEDIAFORMAT_KEY_CRYPTO_IV,
63 AMEDIAFORMAT_KEY_CRYPTO_KEY,
64 AMEDIAFORMAT_KEY_CRYPTO_MODE,
65 AMEDIAFORMAT_KEY_CRYPTO_PLAIN_SIZES,
66 AMEDIAFORMAT_KEY_CRYPTO_SKIP_BYTE_BLOCK,
67 AMEDIAFORMAT_KEY_CSD,
68 AMEDIAFORMAT_KEY_CSD_0,
69 AMEDIAFORMAT_KEY_CSD_1,
70 AMEDIAFORMAT_KEY_CSD_2,
71 AMEDIAFORMAT_KEY_CSD_AVC,
72 AMEDIAFORMAT_KEY_CSD_HEVC,
73 AMEDIAFORMAT_KEY_D263,
74 AMEDIAFORMAT_KEY_DATE,
75 AMEDIAFORMAT_KEY_DISCNUMBER,
76 AMEDIAFORMAT_KEY_DISPLAY_CROP,
77 AMEDIAFORMAT_KEY_DISPLAY_HEIGHT,
78 AMEDIAFORMAT_KEY_DISPLAY_WIDTH,
79 AMEDIAFORMAT_KEY_DURATION,
80 AMEDIAFORMAT_KEY_ENCODER_DELAY,
81 AMEDIAFORMAT_KEY_ENCODER_PADDING,
82 AMEDIAFORMAT_KEY_ESDS,
83 AMEDIAFORMAT_KEY_EXIF_OFFSET,
84 AMEDIAFORMAT_KEY_EXIF_SIZE,
85 AMEDIAFORMAT_KEY_FLAC_COMPRESSION_LEVEL,
86 AMEDIAFORMAT_KEY_FRAME_COUNT,
87 AMEDIAFORMAT_KEY_FRAME_RATE,
88 AMEDIAFORMAT_KEY_GENRE,
89 AMEDIAFORMAT_KEY_GRID_COLUMNS,
90 AMEDIAFORMAT_KEY_GRID_ROWS,
91 AMEDIAFORMAT_KEY_HAPTIC_CHANNEL_COUNT,
92 AMEDIAFORMAT_KEY_HDR_STATIC_INFO,
93 AMEDIAFORMAT_KEY_HDR10_PLUS_INFO,
94 AMEDIAFORMAT_KEY_HEIGHT,
95 AMEDIAFORMAT_KEY_ICC_PROFILE,
96 AMEDIAFORMAT_KEY_INTRA_REFRESH_PERIOD,
97 AMEDIAFORMAT_KEY_IS_ADTS,
98 AMEDIAFORMAT_KEY_IS_AUTOSELECT,
99 AMEDIAFORMAT_KEY_IS_DEFAULT,
100 AMEDIAFORMAT_KEY_IS_FORCED_SUBTITLE,
101 AMEDIAFORMAT_KEY_IS_SYNC_FRAME,
102 AMEDIAFORMAT_KEY_I_FRAME_INTERVAL,
103 AMEDIAFORMAT_KEY_LANGUAGE,
104 AMEDIAFORMAT_KEY_LAST_SAMPLE_INDEX_IN_CHUNK,
105 AMEDIAFORMAT_KEY_LATENCY,
106 AMEDIAFORMAT_KEY_LEVEL,
107 AMEDIAFORMAT_KEY_LOCATION,
108 AMEDIAFORMAT_KEY_LOOP,
109 AMEDIAFORMAT_KEY_LOW_LATENCY,
110 AMEDIAFORMAT_KEY_LYRICIST,
111 AMEDIAFORMAT_KEY_MANUFACTURER,
112 AMEDIAFORMAT_KEY_MAX_BIT_RATE,
113 AMEDIAFORMAT_KEY_MAX_FPS_TO_ENCODER,
114 AMEDIAFORMAT_KEY_MAX_HEIGHT,
115 AMEDIAFORMAT_KEY_MAX_INPUT_SIZE,
116 AMEDIAFORMAT_KEY_MAX_PTS_GAP_TO_ENCODER,
117 AMEDIAFORMAT_KEY_MAX_WIDTH,
118 AMEDIAFORMAT_KEY_MIME,
119 AMEDIAFORMAT_KEY_MPEG_USER_DATA,
120 AMEDIAFORMAT_KEY_MPEG2_STREAM_HEADER,
121 AMEDIAFORMAT_KEY_MPEGH_COMPATIBLE_SETS,
122 AMEDIAFORMAT_KEY_MPEGH_PROFILE_LEVEL_INDICATION,
123 AMEDIAFORMAT_KEY_MPEGH_REFERENCE_CHANNEL_LAYOUT,
124 AMEDIAFORMAT_KEY_OPERATING_RATE,
125 AMEDIAFORMAT_KEY_PCM_ENCODING,
126 AMEDIAFORMAT_KEY_PICTURE_TYPE,
127 AMEDIAFORMAT_KEY_PRIORITY,
128 AMEDIAFORMAT_KEY_PROFILE,
129 AMEDIAFORMAT_KEY_PCM_BIG_ENDIAN,
130 AMEDIAFORMAT_KEY_PSSH,
131 AMEDIAFORMAT_KEY_PUSH_BLANK_BUFFERS_ON_STOP,
132 AMEDIAFORMAT_KEY_REPEAT_PREVIOUS_FRAME_AFTER,
133 AMEDIAFORMAT_KEY_ROTATION,
134 AMEDIAFORMAT_KEY_SAMPLE_FILE_OFFSET,
135 AMEDIAFORMAT_KEY_SAMPLE_RATE,
136 AMEDIAFORMAT_KEY_SAMPLE_TIME_BEFORE_APPEND,
137 AMEDIAFORMAT_KEY_SAR_HEIGHT,
138 AMEDIAFORMAT_KEY_SAR_WIDTH,
139 AMEDIAFORMAT_KEY_SEI,
140 AMEDIAFORMAT_KEY_SLICE_HEIGHT,
141 AMEDIAFORMAT_KEY_SLOW_MOTION_MARKERS,
142 AMEDIAFORMAT_KEY_STRIDE,
143 AMEDIAFORMAT_KEY_TARGET_TIME,
144 AMEDIAFORMAT_KEY_TEMPORAL_LAYER_COUNT,
145 AMEDIAFORMAT_KEY_TEMPORAL_LAYER_ID,
146 AMEDIAFORMAT_KEY_TEMPORAL_LAYERING,
147 AMEDIAFORMAT_KEY_TEXT_FORMAT_DATA,
148 AMEDIAFORMAT_KEY_THUMBNAIL_CSD_AV1C,
149 AMEDIAFORMAT_KEY_THUMBNAIL_CSD_HEVC,
150 AMEDIAFORMAT_KEY_THUMBNAIL_HEIGHT,
151 AMEDIAFORMAT_KEY_THUMBNAIL_TIME,
152 AMEDIAFORMAT_KEY_THUMBNAIL_WIDTH,
153 AMEDIAFORMAT_KEY_TILE_HEIGHT,
154 AMEDIAFORMAT_KEY_TILE_WIDTH,
155 AMEDIAFORMAT_KEY_TIME_US,
156 AMEDIAFORMAT_KEY_TITLE,
157 AMEDIAFORMAT_KEY_TRACK_ID,
158 AMEDIAFORMAT_KEY_TRACK_INDEX,
159 AMEDIAFORMAT_KEY_VALID_SAMPLES,
160 AMEDIAFORMAT_KEY_VIDEO_ENCODING_STATISTICS_LEVEL,
161 AMEDIAFORMAT_KEY_VIDEO_QP_AVERAGE,
162 AMEDIAFORMAT_VIDEO_QP_B_MAX,
163 AMEDIAFORMAT_VIDEO_QP_B_MIN,
164 AMEDIAFORMAT_VIDEO_QP_I_MAX,
165 AMEDIAFORMAT_VIDEO_QP_I_MIN,
166 AMEDIAFORMAT_VIDEO_QP_MAX,
167 AMEDIAFORMAT_VIDEO_QP_MIN,
168 AMEDIAFORMAT_VIDEO_QP_P_MAX,
169 AMEDIAFORMAT_VIDEO_QP_P_MIN,
170 AMEDIAFORMAT_KEY_WIDTH,
171 AMEDIAFORMAT_KEY_XMP_OFFSET,
172 AMEDIAFORMAT_KEY_XMP_SIZE,
173 AMEDIAFORMAT_KEY_YEAR,
174 };
175 constexpr size_t kMinBytes = 0;
176 constexpr size_t kMaxBytes = 1000;
177 constexpr size_t kMinChoice = 0;
178 constexpr size_t kMaxChoice = 9;
179
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)180 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
181 FuzzedDataProvider fdp(data, size);
182 AMediaFormat* mediaFormat = AMediaFormat_new();
183 while (fdp.remaining_bytes()) {
184 const char* name = nullptr;
185 std::string nameString;
186 if (fdp.ConsumeBool()) {
187 nameString =
188 fdp.ConsumeBool()
189 ? fdp.PickValueInArray(kValidKeys)
190 : fdp.ConsumeRandomLengthString(
191 fdp.ConsumeIntegralInRange<size_t>(kMinBytes, kMaxBytes));
192 name = nameString.c_str();
193 }
194 switch (fdp.ConsumeIntegralInRange<int32_t>(kMinChoice, kMaxChoice)) {
195 case 0: {
196 AMediaFormat_setInt32(mediaFormat, name,
197 fdp.ConsumeIntegral<int32_t>() /* value */);
198 break;
199 }
200 case 1: {
201 AMediaFormat_setInt64(mediaFormat, name,
202 fdp.ConsumeIntegral<int64_t>() /* value */);
203 break;
204 }
205 case 2: {
206 AMediaFormat_setFloat(mediaFormat, name,
207 fdp.ConsumeFloatingPoint<float>() /* value */);
208 break;
209 }
210 case 3: {
211 AMediaFormat_setDouble(mediaFormat, name,
212 fdp.ConsumeFloatingPoint<double>() /* value */);
213 break;
214 }
215 case 4: {
216 AMediaFormat_setSize(mediaFormat, name, fdp.ConsumeIntegral<size_t>() /* value */);
217 break;
218 }
219 case 5: {
220 std::string value;
221 if (fdp.ConsumeBool()) {
222 value = fdp.ConsumeRandomLengthString(
223 fdp.ConsumeIntegralInRange<size_t>(kMinBytes, kMaxBytes));
224 }
225 AMediaFormat_setString(mediaFormat, name,
226 fdp.ConsumeBool() ? nullptr : value.c_str());
227 break;
228 }
229 case 6: {
230 AMediaFormat_setRect(mediaFormat, name, fdp.ConsumeIntegral<int32_t>() /* left */,
231 fdp.ConsumeIntegral<int32_t>() /* top */,
232 fdp.ConsumeIntegral<int32_t>() /* bottom */,
233 fdp.ConsumeIntegral<int32_t>() /* right */);
234 break;
235 }
236 case 7: {
237 std::vector<uint8_t> bufferData = fdp.ConsumeBytes<uint8_t>(
238 fdp.ConsumeIntegralInRange<size_t>(kMinBytes, kMaxBytes));
239 AMediaFormat_setBuffer(mediaFormat, name, bufferData.data(), bufferData.size());
240 break;
241 }
242 case 8: {
243 AMediaFormat_toString(mediaFormat);
244 break;
245 }
246 default: {
247 AMediaFormat* format = fdp.ConsumeBool() ? nullptr : AMediaFormat_new();
248 AMediaFormat_copy(format, mediaFormat);
249 AMediaFormat_delete(format);
250 break;
251 }
252 }
253 }
254 AMediaFormat_clear(mediaFormat);
255 AMediaFormat_delete(mediaFormat);
256 return 0;
257 }
258