tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

av1_fuzzer.cpp (2568B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=2 et sw=2 tw=80: */
      3 /* Copyright 2018 Google Inc.
      4 *
      5 * Licensed under the Apache License, Version 2.0 (the "License");
      6 * you may not use this file except in compliance with the License.
      7 * You may obtain a copy of the License at
      8 *
      9 *      http://www.apache.org/licenses/LICENSE-2.0
     10 *
     11 * Unless required by applicable law or agreed to in writing, software
     12 * distributed under the License is distributed on an "AS IS" BASIS,
     13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14 * See the License for the specific language governing permissions and
     15 * limitations under the License. */
     16 
     17 /* This file was originally imported from Google's oss-fuzz project at
     18 * https://github.com/google/oss-fuzz/tree/master/projects/libaom */
     19 
     20 #define DECODE_MODE 1
     21 #include "FuzzingInterface.h"
     22 
     23 #include <stdio.h>
     24 #include <stdlib.h>
     25 #include <string.h>
     26 #include <memory>
     27 
     28 #include "aom/aom_decoder.h"
     29 #include "aom/aomdx.h"
     30 #include "aom_ports/mem_ops.h"
     31 #include "common/ivfdec.h"
     32 
     33 static const char *const kIVFSignature = "DKIF";
     34 
     35 static void close_file(FILE *file) { fclose(file); }
     36 
     37 void usage_exit(void) { exit(EXIT_FAILURE); }
     38 
     39 static int
     40 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     41  std::unique_ptr<FILE, decltype(&close_file)> file(
     42    fmemopen((void *)data, size, "rb"), &close_file);
     43 
     44  if (file == nullptr) {
     45    return 0;
     46  }
     47 
     48  char header[32];
     49  if (fread(header, 1, 32, file.get()) != 32) {
     50    return 0;
     51  }
     52 
     53  const AvxInterface *decoder = get_aom_decoder_by_name("av1");
     54  if (decoder == nullptr) {
     55    return 0;
     56  }
     57 
     58  aom_codec_ctx_t codec;
     59 #if defined(DECODE_MODE)
     60  const int threads = 1;
     61 #elif defined(DECODE_MODE_threaded)
     62  const int threads = 16;
     63 #else
     64 #error define one of DECODE_MODE or DECODE_MODE_threaded
     65 #endif
     66  aom_codec_dec_cfg_t cfg = {threads, 0, 0};
     67  if (aom_codec_dec_init(&codec, decoder->codec_interface(), &cfg, 0)) {
     68    return 0;
     69  }
     70 
     71  uint8_t *buffer = nullptr;
     72  size_t buffer_size = 0;
     73  size_t frame_size = 0;
     74  while (!ivf_read_frame(file.get(), &buffer, &frame_size, &buffer_size,
     75                         nullptr)) {
     76    const aom_codec_err_t err =
     77        aom_codec_decode(&codec, buffer, frame_size, nullptr);
     78    aom_codec_iter_t iter = nullptr;
     79    aom_image_t *img = nullptr;
     80    while ((img = aom_codec_get_frame(&codec, &iter)) != nullptr) {
     81    }
     82  }
     83  aom_codec_destroy(&codec);
     84  free(buffer);
     85  return 0;
     86 }
     87 
     88 MOZ_FUZZING_INTERFACE_RAW(nullptr, LLVMFuzzerTestOneInput, AV1Decode);