1
0
mirror of https://github.com/mstorsjo/fdk-aac.git synced 2024-12-11 16:05:20 +01:00

Merge changes Iad37ae76,I4870251b,Icd937cad am: 662d974400 am: 0b8c6e731f am: 0f130d51b8

Change-Id: Id0ab338ed4f6cce21e4983bd2903faa56eadc51b
This commit is contained in:
Kris Alder 2020-04-09 16:58:21 +00:00 committed by Automerger Merge Worker
commit 2b45df88f6
15 changed files with 201 additions and 11 deletions

View File

@ -1,6 +1,7 @@
cc_library_static { cc_library_static {
name: "libFraunhoferAAC", name: "libFraunhoferAAC",
vendor_available: true, vendor_available: true,
host_supported:true,
srcs: [ srcs: [
"libAACdec/src/*.cpp", "libAACdec/src/*.cpp",
"libAACenc/src/*.cpp", "libAACenc/src/*.cpp",
@ -23,6 +24,7 @@ cc_library_static {
"-Wuninitialized", "-Wuninitialized",
"-Wno-self-assign", "-Wno-self-assign",
"-Wno-implicit-fallthrough", "-Wno-implicit-fallthrough",
"-DSUPPRESS_BUILD_DATE_INFO",
], ],
sanitize: { sanitize: {
misc_undefined:[ misc_undefined:[
@ -51,4 +53,10 @@ cc_library_static {
"libSACdec/include", "libSACdec/include",
"libSACenc/include", "libSACenc/include",
], ],
target: {
darwin: {
enabled: false,
},
},
} }

39
fuzzer/Android.bp Normal file
View File

@ -0,0 +1,39 @@
/******************************************************************************
*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*****************************************************************************
* Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
*/
cc_fuzz {
name: "aac_dec_fuzzer",
host_supported:true,
static_libs: [
"libFraunhoferAAC",
"liblog",
],
srcs: [
"aac_dec_fuzzer.cpp",
],
target: {
darwin: {
enabled: false,
},
},
}

59
fuzzer/README.md Normal file
View File

@ -0,0 +1,59 @@
# Fuzzer for libFraunhoferAAC decoder
## Plugin Design Considerations
The fuzzer plugin for aac decoder is designed based on the understanding of the
codec and tries to achieve the following:
##### Maximize code coverage
This fuzzer makes use of the following config parameters:
1. Transport type (parameter name: `TRANSPORT_TYPE`)
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
| `TRANSPORT_TYPE` | 0.`TT_UNKNOWN ` 1.`TT_MP4_RAW ` 2.`TT_MP4_ADIF ` 3.`TT_MP4_ADTS ` 4.`TT_MP4_LATM_MCP1 ` 5.`TT_MP4_LATM_MCP0 ` 6.`TT_MP4_LOAS ` 7.`TT_DRM ` | `TT_MP4_ADIF ` |
Note: Value of `TRANSPORT_TYPE` could be set to any of these values.
It is set to `TT_MP4_ADIF` in the fuzzer plugin.
##### Maximize utilization of input data
The plugin feeds the entire input data to the codec using a loop.
* If the decode operation was successful, the input is advanced by an
offset calculated using valid bytes.
* If the decode operation was un-successful, the input is advanced by 1 byte
till it reaches a valid frame or end of stream.
This ensures that the plugin tolerates any kind of input (empty, huge,
malformed, etc) and doesnt `exit()` on any input and thereby increasing the
chance of identifying vulnerabilities.
## Build
This describes steps to build aac_dec_fuzzer binary.
## Android
### Steps to build
Build the fuzzer
```
$ mm -j$(nproc) aac_dec_fuzzer
```
### Steps to run
Create a directory CORPUS_DIR and copy some aac files to that folder.
Push this directory to device.
To run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/aac_dec_fuzzer/aac_dec_fuzzer CORPUS_DIR
```
To run on host
```
$ $ANDROID_HOST_OUT/fuzz/x86_64/aac_dec_fuzzer/aac_dec_fuzzer CORPUS_DIR
```
## References:
* http://llvm.org/docs/LibFuzzer.html
* https://github.com/google/oss-fuzz

84
fuzzer/aac_dec_fuzzer.cpp Normal file
View File

@ -0,0 +1,84 @@
/******************************************************************************
*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*****************************************************************************
* Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
*/
#include <stdint.h>
#include "aacdecoder_lib.h"
constexpr uint8_t kNumberOfLayers = 1;
constexpr uint8_t kMaxChannelCount = 8;
class Codec {
public:
Codec() = default;
~Codec() { deInitDecoder(); }
bool initDecoder();
void decodeFrames(UCHAR *data, UINT size);
void deInitDecoder();
private:
HANDLE_AACDECODER mAacDecoderHandle = nullptr;
AAC_DECODER_ERROR mErrorCode = AAC_DEC_OK;
};
bool Codec::initDecoder() {
mAacDecoderHandle = aacDecoder_Open(TT_MP4_ADIF, kNumberOfLayers);
if (!mAacDecoderHandle) {
return false;
}
return true;
}
void Codec::deInitDecoder() {
aacDecoder_Close(mAacDecoderHandle);
mAacDecoderHandle = nullptr;
}
void Codec::decodeFrames(UCHAR *data, UINT size) {
while (size > 0) {
UINT inputSize = size;
UINT valid = size;
mErrorCode = aacDecoder_Fill(mAacDecoderHandle, &data, &inputSize, &valid);
if (mErrorCode != AAC_DEC_OK) {
++data;
--size;
} else {
INT_PCM outputBuf[2048 * kMaxChannelCount];
aacDecoder_DecodeFrame(mAacDecoderHandle, outputBuf, 2048 * kMaxChannelCount, 0);
if (valid >= inputSize) {
return;
}
UINT offset = inputSize - valid;
data += offset;
size = valid;
}
}
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
Codec *codec = new Codec();
if (!codec) {
return 0;
}
if (codec->initDecoder()) {
codec->decodeFrames((UCHAR *)(data), static_cast<UINT>(size));
}
delete codec;
return 0;
}

View File

@ -122,7 +122,7 @@ amm-info@iis.fraunhofer.de
#define AACDECODER_LIB_VL1 2 #define AACDECODER_LIB_VL1 2
#define AACDECODER_LIB_VL2 0 #define AACDECODER_LIB_VL2 0
#define AACDECODER_LIB_TITLE "AAC Decoder Lib" #define AACDECODER_LIB_TITLE "AAC Decoder Lib"
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
#define AACDECODER_LIB_BUILD_DATE "" #define AACDECODER_LIB_BUILD_DATE ""
#define AACDECODER_LIB_BUILD_TIME "" #define AACDECODER_LIB_BUILD_TIME ""
#else #else

View File

@ -112,7 +112,7 @@ amm-info@iis.fraunhofer.de
#define AACENCODER_LIB_VL1 0 #define AACENCODER_LIB_VL1 0
#define AACENCODER_LIB_VL2 1 #define AACENCODER_LIB_VL2 1
#define AACENCODER_LIB_TITLE "AAC Encoder" #define AACENCODER_LIB_TITLE "AAC Encoder"
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
#define AACENCODER_LIB_BUILD_DATE "" #define AACENCODER_LIB_BUILD_DATE ""
#define AACENCODER_LIB_BUILD_TIME "" #define AACENCODER_LIB_BUILD_TIME ""
#else #else

View File

@ -112,7 +112,7 @@ amm-info@iis.fraunhofer.de
#define DRCDEC_LIB_VL1 1 #define DRCDEC_LIB_VL1 1
#define DRCDEC_LIB_VL2 0 #define DRCDEC_LIB_VL2 0
#define DRCDEC_LIB_TITLE "MPEG-D DRC Decoder Lib" #define DRCDEC_LIB_TITLE "MPEG-D DRC Decoder Lib"
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
#define DRCDEC_LIB_BUILD_DATE "" #define DRCDEC_LIB_BUILD_DATE ""
#define DRCDEC_LIB_BUILD_TIME "" #define DRCDEC_LIB_BUILD_TIME ""
#else #else

View File

@ -107,7 +107,7 @@ amm-info@iis.fraunhofer.de
#define FDK_TOOLS_LIB_VL1 1 #define FDK_TOOLS_LIB_VL1 1
#define FDK_TOOLS_LIB_VL2 0 #define FDK_TOOLS_LIB_VL2 0
#define FDK_TOOLS_LIB_TITLE "FDK Tools" #define FDK_TOOLS_LIB_TITLE "FDK Tools"
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
#define FDK_TOOLS_LIB_BUILD_DATE "" #define FDK_TOOLS_LIB_BUILD_DATE ""
#define FDK_TOOLS_LIB_BUILD_TIME "" #define FDK_TOOLS_LIB_BUILD_TIME ""
#else #else

View File

@ -1769,7 +1769,7 @@ TRANSPORTDEC_ERROR transportDec_GetLibInfo(LIB_INFO *info) {
info += i; info += i;
info->module_id = FDK_TPDEC; info->module_id = FDK_TPDEC;
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
info->build_date = ""; info->build_date = "";
info->build_time = ""; info->build_time = "";
#else #else

View File

@ -647,7 +647,7 @@ TRANSPORTENC_ERROR transportEnc_GetLibInfo(LIB_INFO *info) {
info->module_id = FDK_TPENC; info->module_id = FDK_TPENC;
info->version = LIB_VERSION(TP_LIB_VL0, TP_LIB_VL1, TP_LIB_VL2); info->version = LIB_VERSION(TP_LIB_VL0, TP_LIB_VL1, TP_LIB_VL2);
LIB_VERSION_STRING(info); LIB_VERSION_STRING(info);
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
info->build_date = ""; info->build_date = "";
info->build_time = ""; info->build_time = "";
#else #else

View File

@ -108,7 +108,7 @@ amm-info@iis.fraunhofer.de
#define PCMUTIL_LIB_VL1 1 #define PCMUTIL_LIB_VL1 1
#define PCMUTIL_LIB_VL2 0 #define PCMUTIL_LIB_VL2 0
#define PCMUTIL_LIB_TITLE "PCM Utility Lib" #define PCMUTIL_LIB_TITLE "PCM Utility Lib"
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
#define PCMUTIL_LIB_BUILD_DATE "" #define PCMUTIL_LIB_BUILD_DATE ""
#define PCMUTIL_LIB_BUILD_TIME "" #define PCMUTIL_LIB_BUILD_TIME ""
#else #else

View File

@ -1804,7 +1804,7 @@ int mpegSurroundDecoder_GetLibInfo(LIB_INFO *info) {
info += i; info += i;
info->module_id = FDK_MPSDEC; info->module_id = FDK_MPSDEC;
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
info->build_date = ""; info->build_date = "";
info->build_time = ""; info->build_time = "";
#else #else

View File

@ -130,7 +130,7 @@ Description of file contents
#define SACENC_LIB_VL1 0 #define SACENC_LIB_VL1 0
#define SACENC_LIB_VL2 0 #define SACENC_LIB_VL2 0
#define SACENC_LIB_TITLE "MPEG Surround Encoder" #define SACENC_LIB_TITLE "MPEG Surround Encoder"
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
#define SACENC_LIB_BUILD_DATE "" #define SACENC_LIB_BUILD_DATE ""
#define SACENC_LIB_BUILD_TIME "" #define SACENC_LIB_BUILD_TIME ""
#else #else

View File

@ -158,7 +158,7 @@ amm-info@iis.fraunhofer.de
#define SBRDECODER_LIB_VL1 1 #define SBRDECODER_LIB_VL1 1
#define SBRDECODER_LIB_VL2 0 #define SBRDECODER_LIB_VL2 0
#define SBRDECODER_LIB_TITLE "SBR Decoder" #define SBRDECODER_LIB_TITLE "SBR Decoder"
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
#define SBRDECODER_LIB_BUILD_DATE "" #define SBRDECODER_LIB_BUILD_DATE ""
#define SBRDECODER_LIB_BUILD_TIME "" #define SBRDECODER_LIB_BUILD_TIME ""
#else #else

View File

@ -2560,7 +2560,7 @@ INT sbrEncoder_GetLibInfo(LIB_INFO *info) {
info->version = info->version =
LIB_VERSION(SBRENCODER_LIB_VL0, SBRENCODER_LIB_VL1, SBRENCODER_LIB_VL2); LIB_VERSION(SBRENCODER_LIB_VL0, SBRENCODER_LIB_VL1, SBRENCODER_LIB_VL2);
LIB_VERSION_STRING(info); LIB_VERSION_STRING(info);
#ifdef __ANDROID__ #ifdef SUPPRESS_BUILD_DATE_INFO
info->build_date = ""; info->build_date = "";
info->build_time = ""; info->build_time = "";
#else #else