On 06.01.2016 23:17, Andreas Cadhalpun wrote: > On 06.01.2016 18:32, foo86 wrote: >> Otherwise testing coverage will be decreased somewhat. The easiest way to do >> this is to modify ff_dca2_check_crc() to always return 0. > > I tried this (comment out everything in ff_dca2_check_crc except 'return 0') > and there doesn't seem to be much difference.
The reason why this didn't make any difference is that this function wasn't executed at all for my fuzzed samples. :-/ I fixed that and coverage is now much better. Hence I also have a few more (minor) comments: On 03.01.2016 18:49, foo86 wrote: > + for (i = 0; i < spkr_remap_nsets; i++) { > + // Number of channels to be decoded for speaker remapping > + int nch_for_remaps = get_bits(&s->gb, 5) + 1; > + > + for (j = 0; j < nspeakers[i]; j++) { > + // Decoded channels to output speaker mapping mask > + int remap_ch_mask = get_bits(&s->gb, nch_for_remaps); Here nch_for_remaps can be up to 32, so this has to use get_bits_long, as get_bits only supports reading 1-25 bits. > + for (i = 0; i < s->nmixoutconfigs; i++) { > + for (j = 0; j < nchannels_dmix; j++) { > + // Mix output mask > + int mix_map_mask = get_bits(&s->gb, s->nmixoutchs[i]); Here s->nmixoutchs[i] can be zero. If that should not happen, there needs to be an error check and otherwise it should use get_bitsz, because get_bits doesn't support reading 0 bits. Anyway, I still think the code is pretty robust. :-) I'd be glad to increase fuzz-testing coverage further, but I'm lacking input examples. It would be great if you could share some (tiny) samples triggering the HEADER_XCH/HEADER_XXCH cases and/or *_down_mix functions. Best regards, Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel