Try to replicate the ffmpeg fuzzer's behaviour with parsers and extradata

This commit is contained in:
Martin Storsjo 2019-05-17 15:00:21 +03:00
parent 4f0535ca0c
commit 85f4fb88fb
4 changed files with 89 additions and 13 deletions

1
.gitignore vendored
View File

@ -28,3 +28,4 @@ stamp-h1
aac-enc aac-enc
compile compile
fuzz-dec fuzz-dec
fuzz-dec-lavc

View File

@ -47,6 +47,14 @@ aac_enc_SOURCES = aac-enc.c wavreader.c
fuzz_dec_LDADD = libfdk-aac.la fuzz_dec_LDADD = libfdk-aac.la
fuzz_dec_SOURCES = fuzz-dec.c fuzz_dec_SOURCES = fuzz-dec.c
if HAVE_LIBAVCODEC
bin_PROGRAMS += fuzz-dec-lavc$(EXEEXT)
fuzz_dec_lavc_LDADD = $(libavcodec_LIBS) $(libavutil_LIBS) libfdk-aac.la
fuzz_dec_lavc_CFLAGS = $(libavcodec_CFLAGS) $(libavutil_CFLAGS) -DHAVE_LIBAVCODEC
fuzz_dec_lavc_SOURCES = fuzz-dec.c
endif
noinst_HEADERS = wavreader.h noinst_HEADERS = wavreader.h
endif endif

View File

@ -13,8 +13,14 @@ AC_ARG_ENABLE([example],
[enable example encoding program (default is no)])], [enable example encoding program (default is no)])],
[example=$enableval], [example=no]) [example=$enableval], [example=no])
if test x$example = xyes; then
PKG_CHECK_MODULES([libavcodec], [libavcodec], [libavcodec=yes], [libavcodec=no])
PKG_CHECK_MODULES([libavutil], [libavutil], [libavutil=yes], [libavutil=no])
fi
dnl Automake conditionals to set dnl Automake conditionals to set
AM_CONDITIONAL(EXAMPLE, test x$example = xyes) AM_CONDITIONAL(EXAMPLE, test x$example = xyes)
AM_CONDITIONAL(HAVE_LIBAVCODEC, test x$libavcodec = xyes)
dnl Checks for programs. dnl Checks for programs.
AC_PROG_CC AC_PROG_CC
@ -36,3 +42,6 @@ AC_SUBST(LIBS_PRIVATE)
AC_CONFIG_FILES([Makefile AC_CONFIG_FILES([Makefile
fdk-aac.pc]) fdk-aac.pc])
AC_OUTPUT AC_OUTPUT
if test x$example = xyes; then
AC_MSG_NOTICE([Found libavcodec: ${libavcodec}])
fi

View File

@ -3,6 +3,10 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "aacdecoder_lib.h" #include "aacdecoder_lib.h"
#ifdef HAVE_LIBAVCODEC
#include <libavcodec/avcodec.h>
#include <libavutil/intreadwrite.h>
#endif
static const uint8_t tag[] = "FUZZ-TAG"; static const uint8_t tag[] = "FUZZ-TAG";
@ -14,10 +18,38 @@ static void test(const uint8_t *ptr, int size) {
int decoder_buffer_size = 2048 * 2 * 8; int decoder_buffer_size = 2048 * 2 * 8;
uint8_t *decoder_buffer = malloc(decoder_buffer_size); uint8_t *decoder_buffer = malloc(decoder_buffer_size);
HANDLE_AACDECODER decoder = aacDecoder_Open(TT_MP4_ADTS, 1); int extradata_size = 0;
uint8_t *extradata = NULL;
#ifdef HAVE_LIBAVCODEC
AVCodecParserContext *parser = NULL;
AVCodecContext *avctx = NULL;
if (size > 1024) {
const uint8_t* params = ptr + size - 1024;
size -= 1024;
params += 20; // width, height, bit_rate, bits_per_coded_sample
uint8_t flags = *params++;
if (flags & 1) {
parser = av_parser_init(AV_CODEC_ID_AAC);
avctx = avcodec_alloc_context3(NULL);
}
extradata_size = AV_RL32(params);
params += 4;
if (extradata_size < size) {
extradata = malloc(extradata_size);
size -= extradata_size;
memcpy(extradata, ptr + size, extradata_size);
}
}
#endif
HANDLE_AACDECODER decoder = aacDecoder_Open(extradata_size ? TT_MP4_RAW : TT_MP4_ADTS, 1);
aacDecoder_SetParam(decoder, AAC_CONCEAL_METHOD, 1); aacDecoder_SetParam(decoder, AAC_CONCEAL_METHOD, 1);
aacDecoder_SetParam(decoder, AAC_PCM_LIMITER_ENABLE, 0); aacDecoder_SetParam(decoder, AAC_PCM_LIMITER_ENABLE, 0);
if (extradata_size) {
aacDecoder_ConfigRaw(decoder, &extradata, &extradata_size);
}
while (1) { while (1) {
const uint8_t* start = ptr; const uint8_t* start = ptr;
UINT valid, buffer_size; UINT valid, buffer_size;
@ -31,19 +63,34 @@ static void test(const uint8_t *ptr, int size) {
if (ptr + tagsize > end) if (ptr + tagsize > end)
ptr = end; ptr = end;
do {
valid = buffer_size = ptr - start;
err = aacDecoder_Fill(decoder, (UCHAR**) &start, &buffer_size, &valid);
start += buffer_size - valid;
if (err == AAC_DEC_NOT_ENOUGH_BITS)
continue;
if (err == AAC_DEC_OK)
err = aacDecoder_DecodeFrame(decoder, (INT_PCM *) decoder_buffer, decoder_buffer_size / sizeof(INT_PCM), 0);
if (err != AAC_DEC_NOT_ENOUGH_BITS && err != AAC_DEC_OK)
break;
} while (start < ptr);
aacDecoder_GetStreamInfo(decoder); while (start < ptr) {
const uint8_t *input = start;
const uint8_t *inputend = ptr;
#ifdef HAVE_LIBAVCODEC
if (parser) {
int parse_size;
int ret = av_parser_parse2(parser, avctx, (uint8_t**) &input, &parse_size, start, ptr - start, 0, 0, 0);
start += ret;
inputend = input + parse_size;
} else
#endif
start = ptr;
while (input && input < inputend) {
valid = buffer_size = inputend - input;
err = aacDecoder_Fill(decoder, (UCHAR**) &input, &buffer_size, &valid);
input += buffer_size - valid;
if (err == AAC_DEC_NOT_ENOUGH_BITS)
continue;
if (err == AAC_DEC_OK)
err = aacDecoder_DecodeFrame(decoder, (INT_PCM *) decoder_buffer, decoder_buffer_size / sizeof(INT_PCM), 0);
if (err != AAC_DEC_NOT_ENOUGH_BITS && err != AAC_DEC_OK)
break;
}
aacDecoder_GetStreamInfo(decoder);
}
if (ptr + tagsize <= end) { if (ptr + tagsize <= end) {
ptr += tagsize; ptr += tagsize;
@ -63,6 +110,13 @@ static void test(const uint8_t *ptr, int size) {
} }
free(decoder_buffer); free(decoder_buffer);
aacDecoder_Close(decoder); aacDecoder_Close(decoder);
free(extradata);
#ifdef HAVE_LIBAVCODEC
if (parser) {
av_parser_close(parser);
avcodec_free_context(&avctx);
}
#endif
} }
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
@ -70,6 +124,10 @@ int main(int argc, char *argv[]) {
int size; int size;
uint8_t *buf; uint8_t *buf;
#ifdef HAVE_LIBAVCODEC
avcodec_register_all();
#endif
if (argc < 2) { if (argc < 2) {
printf("%s file\n", argv[0]); printf("%s file\n", argv[0]);
return 0; return 0;