From ec9d48da195950bafce32ff8f5f8e10c4440daca Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 12 Oct 2019 22:34:03 +0200 Subject: [PATCH] tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags This should improve coverage Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 0047c9eed6..38e085bc57 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -109,6 +109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int *got_picture_ptr, const AVPacket *avpkt) = NULL; AVCodecParserContext *parser = NULL; + uint64_t keyframes = 0; if (!c) { @@ -191,6 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ctx->channels = (unsigned)bytestream2_get_le32(&gbc) % FF_SANE_NB_CHANNELS; ctx->block_align = bytestream2_get_le32(&gbc); ctx->codec_tag = bytestream2_get_le32(&gbc); + keyframes = bytestream2_get_le64(&gbc); if (extradata_size < size) { ctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); @@ -236,6 +238,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (res < 0) error("Failed memory allocation"); memcpy(parsepkt.data, last, data - last); + parsepkt.flags = (keyframes & 1) * AV_PKT_FLAG_DISCARD + (!!(keyframes & 2)) * AV_PKT_FLAG_KEY; + keyframes = (keyframes >> 2) + (keyframes<<62); data += sizeof(fuzz_tag); last = data;