diff options
Diffstat (limited to '')
-rw-r--r-- | oss-fuzz/encoder.cc | 257 |
1 files changed, 257 insertions, 0 deletions
diff --git a/oss-fuzz/encoder.cc b/oss-fuzz/encoder.cc new file mode 100644 index 0000000..23cb397 --- /dev/null +++ b/oss-fuzz/encoder.cc @@ -0,0 +1,257 @@ +/* Copyright 2019 Guido Vranken + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject + * to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include <cstddef> +#include <cstdint> +#include <limits> + +#include <fuzzing/datasource/datasource.hpp> +#include <fuzzing/memory.hpp> + +#include "FLAC++/encoder.h" +#include "common.h" + +namespace FLAC { + namespace Encoder { + class FuzzerStream : public Stream { + private: + // fuzzing::datasource::Datasource& ds; + public: + FuzzerStream(fuzzing::datasource::Datasource&) : + Stream() { } + + ::FLAC__StreamEncoderWriteStatus write_callback(const FLAC__byte buffer[], size_t bytes, uint32_t /* samples */, uint32_t /* current_frame */) override { + fuzzing::memory::memory_test(buffer, bytes); +#if 0 + try { + if ( ds.Get<bool>() == true ) { + return FLAC__STREAM_ENCODER_WRITE_STATUS_FATAL_ERROR; + } + } catch ( ... ) { } +#endif + return FLAC__STREAM_ENCODER_WRITE_STATUS_OK; + } + }; + } +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + fuzzing::datasource::Datasource ds(data, size); + FLAC::Encoder::FuzzerStream encoder(ds); + + try { + const int channels = ds.Get<uint8_t>(); + const int bps = ds.Get<uint8_t>(); + encoder.set_channels(channels); + encoder.set_bits_per_sample(bps); + + { + const bool res = encoder.set_streamable_subset(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_ogg_serial_number(ds.Get<long>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_verify(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_compression_level(ds.Get<uint8_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_do_exhaustive_model_search(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_do_mid_side_stereo(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_loose_mid_side_stereo(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const auto s = ds.Get<std::string>(); + const bool res = encoder.set_apodization(s.data()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_max_lpc_order(ds.Get<uint8_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_qlp_coeff_precision(ds.Get<uint32_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_do_qlp_coeff_prec_search(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_do_escape_coding(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_min_residual_partition_order(ds.Get<uint32_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_max_residual_partition_order(ds.Get<uint32_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_rice_parameter_search_dist(ds.Get<uint32_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_total_samples_estimate(ds.Get<uint64_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_blocksize(ds.Get<uint16_t>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_limit_min_bitrate(ds.Get<bool>()); + fuzzing::memory::memory_test(res); + } + { + const bool res = encoder.set_sample_rate(ds.Get<uint32_t>()); + fuzzing::memory::memory_test(res); + } + + if ( size > 2 * 65535 * 4 ) { + /* With large inputs and expensive options enabled, the fuzzer can get *really* slow. + * Some combinations can make the fuzzer timeout (>60 seconds). However, while combining + * options makes the fuzzer slower, most options do not expose new code when combined. + * Therefore, combining slow options is disabled for large inputs. Any input containing + * more than 65536 * 2 samples of 32 bits each (max blocksize, stereo) is considered large + */ + encoder.set_do_qlp_coeff_prec_search(false); + encoder.set_do_exhaustive_model_search(false); + } + if ( size > 2 * 4096 * 4 + 250 ) { + /* With subdivide_tukey in the mix testing apodizations can get really expensive. Therefore + * this is disabled for inputs of more than one whole stereo block of 32-bit inputs plus a + * bit of overhead */ + encoder.set_apodization(""); + } + + { + ::FLAC__StreamEncoderInitStatus ret; + if ( ds.Get<bool>() ) { + ret = encoder.init(); + } else { + ret = encoder.init_ogg(); + } + + if ( ret != FLAC__STREAM_ENCODER_INIT_STATUS_OK ) { + goto end; + } + } + + /* These sets must fail, because encoder is already initialized */ + { + bool res = false; + res = res || encoder.set_streamable_subset(true); + res = res || encoder.set_ogg_serial_number(0); + res = res || encoder.set_verify(true); + res = res || encoder.set_compression_level(0); + res = res || encoder.set_do_exhaustive_model_search(true); + res = res || encoder.set_do_mid_side_stereo(true); + res = res || encoder.set_loose_mid_side_stereo(true); + res = res || encoder.set_apodization("test"); + res = res || encoder.set_max_lpc_order(0); + res = res || encoder.set_qlp_coeff_precision(0); + res = res || encoder.set_do_qlp_coeff_prec_search(true); + res = res || encoder.set_do_escape_coding(true); + res = res || encoder.set_min_residual_partition_order(0); + res = res || encoder.set_max_residual_partition_order(0); + res = res || encoder.set_rice_parameter_search_dist(0); + res = res || encoder.set_total_samples_estimate(0); + res = res || encoder.set_channels(channels); + res = res || encoder.set_bits_per_sample(16); + res = res || encoder.set_limit_min_bitrate(true); + res = res || encoder.set_blocksize(3021); + res = res || encoder.set_sample_rate(44100); + fuzzing::memory::memory_test(res); + if(res) + abort(); + } + + + { + /* XORing values as otherwise compiler will optimize, apparently */ + bool res = false; + res = res != encoder.get_streamable_subset(); + res = res != encoder.get_verify(); + res = res != encoder.get_do_exhaustive_model_search(); + res = res != encoder.get_do_mid_side_stereo(); + res = res != encoder.get_loose_mid_side_stereo(); + res = res != encoder.get_max_lpc_order(); + res = res != encoder.get_qlp_coeff_precision(); + res = res != encoder.get_do_qlp_coeff_prec_search(); + res = res != encoder.get_do_escape_coding(); + res = res != encoder.get_min_residual_partition_order(); + res = res != encoder.get_max_residual_partition_order(); + res = res != encoder.get_rice_parameter_search_dist(); + res = res != encoder.get_total_samples_estimate(); + res = res != encoder.get_channels(); + res = res != encoder.get_bits_per_sample(); + res = res != encoder.get_limit_min_bitrate(); + res = res != encoder.get_blocksize(); + res = res != encoder.get_sample_rate(); + fuzzing::memory::memory_test(res); + } + + + while ( ds.Get<bool>() ) { + { + auto dat = ds.GetVector<FLAC__int32>(); + + if( ds.Get<bool>() ) + /* Mask */ + for (size_t i = 0; i < dat.size(); i++) + /* If we get here, bps is 4 or larger, or init will have failed */ + dat[i] = (int32_t)(((uint32_t)(dat[i]) << (32-bps)) >> (32-bps)); + + const uint32_t samples = dat.size() / channels; + if ( samples > 0 ) { + const int32_t* ptr = dat.data(); + const bool res = encoder.process_interleaved(ptr, samples); + fuzzing::memory::memory_test(res); + } + } + } + } catch ( ... ) { } + +end: + { + const bool res = encoder.finish(); + fuzzing::memory::memory_test(res); + } + return 0; +} |