On Sat, Feb 17, 2024 at 07:04:08PM -0500, Sean McGovern wrote:
> On Sat, Feb 17, 2024, 18:49 Michael Niedermayer <mich...@niedermayer.cc>
> wrote:
>
> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> > Makefile | 3 +
> > tools/Makefile | 3 +
> > tools/target_sws_fuzzer.c | 168 ++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 174 insertions(+)
> > create mode 100644 tools/target_sws_fuzzer.c
> >
> > diff --git a/Makefile b/Makefile
> > index dbc930270b3..b309dbc4db9 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -64,6 +64,9 @@ tools/target_dem_fuzzer$(EXESUF):
> > tools/target_dem_fuzzer.o $(FF_DEP_LIBS)
> > tools/target_io_dem_fuzzer$(EXESUF): tools/target_io_dem_fuzzer.o
> > $(FF_DEP_LIBS)
> > $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS)
> > $(LIBFUZZER_PATH)
> >
> > +tools/target_sws_fuzzer$(EXESUF): tools/target_sws_fuzzer.o $(FF_DEP_LIBS)
> > + $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS)
> > $(LIBFUZZER_PATH)
> > +
> >
> > tools/enum_options$(EXESUF): ELIBS = $(FF_EXTRALIBS)
> > tools/enum_options$(EXESUF): $(FF_DEP_LIBS)
> > diff --git a/tools/Makefile b/tools/Makefile
> > index dee6a416688..72e8e709a8d 100644
> > --- a/tools/Makefile
> > +++ b/tools/Makefile
> > @@ -17,6 +17,9 @@ tools/target_dem_fuzzer.o: tools/target_dem_fuzzer.c
> > tools/target_io_dem_fuzzer.o: tools/target_dem_fuzzer.c
> > $(COMPILE_C) -DIO_FLAT=0
> >
> > +tools/target_sws_fuzzer.o: tools/target_sws_fuzzer.c
> > + $(COMPILE_C)
> > +
> > tools/enc_recon_frame_test$(EXESUF): tools/decode_simple.o
> > tools/venc_data_dump$(EXESUF): tools/decode_simple.o
> > tools/scale_slice_test$(EXESUF): tools/decode_simple.o
> > diff --git a/tools/target_sws_fuzzer.c b/tools/target_sws_fuzzer.c
> > new file mode 100644
> > index 00000000000..babb6e81629
> > --- /dev/null
> > +++ b/tools/target_sws_fuzzer.c
> > @@ -0,0 +1,168 @@
> > +/*
> > + * Copyright (c) 2024 Michael Niedermayer <michael-ffm...@niedermayer.cc>
> > + *
> > + * This file is part of FFmpeg.
> > + *
> > + * FFmpeg is free software; you can redistribute it and/or
> > + * modify it under the terms of the GNU Lesser General Public
> > + * License as published by the Free Software Foundation; either
> > + * version 2.1 of the License, or (at your option) any later version.
> > + *
> > + * FFmpeg is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > + * Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public
> > + * License along with FFmpeg; if not, write to the Free Software
> > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> > 02110-1301 USA
> > + */
> > +
> > +#include "config.h"
> > +#include "libavutil/avassert.h"
> > +#include "libavutil/avstring.h"
> > +#include "libavutil/cpu.h"
> > +#include "libavutil/imgutils.h"
> > +#include "libavutil/intreadwrite.h"
> > +#include "libavutil/opt.h"
> > +
> > +#include "libavcodec/bytestream.h"
> > +
> > +#include "libswscale/swscale.h"
> > +
> > +
> > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
> > +
> > +static void error(const char *err)
> > +{
> > + fprintf(stderr, "%s", err);
> > + exit(1);
> > +}
> > +
> > +static int alloc_plane(uint8_t *data[AV_VIDEO_MAX_PLANES], int
> > stride[AV_VIDEO_MAX_PLANES], int w, int h, int format, int *hshift, int
> > *vshift)
> > +{
> > + int ret = av_image_fill_linesizes(stride, format, w);
> > + if (ret < 0)
> > + return -1;
> > +
> > + av_pix_fmt_get_chroma_sub_sample(format, hshift, vshift);
> > +
> > + for(int p=0; p<AV_VIDEO_MAX_PLANES; p++) {
> > + if (stride[p]) {
> > + stride[p] = FFALIGN(stride[p], 32);
> > + int ph = AV_CEIL_RSHIFT(h, (p == 1 || p == 2) ? *vshift : 0);
> > + av_log(0,0, "P:%d St %d ph %d\n", p, stride[p], ph);
> > + data[p] = av_mallocz(stride[p] * ph + 32);
> > + if (!data[p])
> > + return -1;
> > + }
> > + }
> > + if (format == AV_PIX_FMT_PAL8) {
> > + data[1] = av_mallocz(256*4);
> > + if (!data[1])
> > + return -1;
> > + }
> > + return 0;
> > +}
> > +
> > +static void free_plane(uint8_t *data[AV_VIDEO_MAX_PLANES])
> > +{
> > + for(int p=0; p<AV_VIDEO_MAX_PLANES; p++)
> > + av_freep(&data[p]);
> > +}
> > +
> > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> > + int srcW= 48, srcH = 48;
> > + int dstW= 48, dstH = 48;
> > + int srcHShift, srcVShift;
> > + int dstHShift, dstVShift;
> > + unsigned flags = 1;
> > + int srcStride[AV_VIDEO_MAX_PLANES] = {0};
> > + int dstStride[AV_VIDEO_MAX_PLANES] = {0};
> > + int ret;
> > + const uint8_t *end = data + size;
> > + enum AVPixelFormat srcFormat = AV_PIX_FMT_YUV420P;
> > + enum AVPixelFormat dstFormat = AV_PIX_FMT_YUV420P;
> > + uint8_t *src[4] = { 0 };
> > + uint8_t *dst[4] = { 0 };
> > + struct SwsContext *sws = NULL;
> > + const AVPixFmtDescriptor *desc_src, *desc_dst;
> > +
> > + if (size > 128) {
> > + GetByteContext gbc;
> > + int64_t flags64;
> > +
> > + size -= 128;
> > + bytestream2_init(&gbc, data + size, 128);
> > + srcW = bytestream2_get_le32(&gbc) % 256;
> > + srcH = bytestream2_get_le32(&gbc) % 256;
> > + dstW = bytestream2_get_le32(&gbc) % 256;
> > + dstH = bytestream2_get_le32(&gbc) % 256;
> > + flags = bytestream2_get_le32(&gbc);
> > +
> > + srcFormat = bytestream2_get_le32(&gbc) % AV_PIX_FMT_NB;
> > + dstFormat = bytestream2_get_le32(&gbc) % AV_PIX_FMT_NB;
> > +
> > + flags64 = bytestream2_get_le64(&gbc);
> > + if (flags64 & 0x10)
> > + av_force_cpu_flags(0);
> > +
> > + if (av_image_check_size(srcW, srcH, srcFormat, NULL))
> > + srcW = srcH = 123;
> > + if (av_image_check_size(dstW, dstH, dstFormat, NULL))
> > + dstW = dstH = 123;
> > + //TODO alphablend
> > + }
> > +
> > + desc_src = av_pix_fmt_desc_get(srcFormat);
> > + desc_dst = av_pix_fmt_desc_get(dstFormat);
> > +
> > + ret = alloc_plane(src, srcStride, srcW, srcH, srcFormat, &srcHShift,
> > &srcVShift);
> > + if (ret < 0)
> > + goto end;
> > +
> > + ret = alloc_plane(dst, dstStride, dstW, dstH, dstFormat, &dstHShift,
> > &dstVShift);
> > + if (ret < 0)
> > + goto end;
> > +
> > +
> > + for(int p=0; p<AV_VIDEO_MAX_PLANES; p++) {
> > + int psize = srcStride[p] * AV_CEIL_RSHIFT(srcH, (p == 1 || p ==
> > 2) ? srcVShift : 0);
> > + if (psize > size)
> > + psize = size;
> > + if (psize) {
> > + memcpy(src[p], data, psize);
> > + data += psize;
> > + size -= psize;
> > + }
> > + }
> > +
> > + sws = sws_alloc_context();
> > + if (!sws)
> > + error("Failed sws allocation");
> > +
> > + av_opt_set_int(sws, "sws_flags", flags, 0);
> > + av_opt_set_int(sws, "srcw", srcW, 0);
> > + av_opt_set_int(sws, "srch", srcH, 0);
> > + av_opt_set_int(sws, "dstw", dstW, 0);
> > + av_opt_set_int(sws, "dsth", dstH, 0);
> > + av_opt_set_int(sws, "src_format", srcFormat, 0);
> > + av_opt_set_int(sws, "dst_format", dstFormat, 0);
> > + av_opt_set(sws, "alphablend", "none", 0);
> > +
> > + ret = sws_init_context(sws, NULL, NULL);
> > + if (ret < 0)
> > + goto end;
> > +
> > + fprintf(stderr, "%d x %d %s -> %d x %d %s\n", srcW, srcH,
> > desc_src->name, dstW, dstH, desc_dst->name);
> > + //TODO Slices
> > + sws_scale(sws, (const uint8_t * const*)src, srcStride, 0, srcH, dst,
> > dstStride);
> > +
> > +end:
> > + sws_freeContext(sws);
> > +
> > + free_plane(src);
> > + free_plane(dst);
> > +
> > + return 0;
> > +}
> > --
> > 2.17.1
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
> >
>
> I don't see anything intrinsically wrong with this other than:
>
> - is this compiler-backend specific? Does it work without LLVM?It uses the same entry points as the existing decode/demxuer fuzzer I have no oppinon on using "something else" but "something else" maybe will not work with "ossfuzz" > - would it ever be useful to redirect the output of error() to another fd? > In which case maybe a convenience method that defaults to stderr would be > appropriate? I dont know. Noone seems to have asked this question before in relation to the existing decoder fuzzer code thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB In fact, the RIAA has been known to suggest that students drop out of college or go to community college in order to be able to afford settlements. -- The RIAA
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
