2 * This file is part of FFmpeg.
4 * FFmpeg is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * FFmpeg is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with FFmpeg; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 /* Targeted fuzzer that targets specific codecs depending on two
23 * Get the very fresh clang, e.g. see http://libfuzzer.info#versions
24 * Get and build libFuzzer:
25 svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
27 * build ffmpeg for fuzzing:
28 FLAGS="-fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp -g" CC="clang $FLAGS" CXX="clang++ $FLAGS" ./configure --disable-x86asm
30 * build the fuzz target.
31 Choose the value of FFMPEG_CODEC (e.g. AV_CODEC_ID_DVD_SUBTITLE) and
32 choose one of FUZZ_FFMPEG_VIDEO, FUZZ_FFMPEG_AUDIO, FUZZ_FFMPEG_SUBTITLE.
33 clang -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp tools/target_dec_fuzzer.c -o target_dec_fuzzer -I. -DFFMPEG_CODEC=AV_CODEC_ID_MPEG1VIDEO -DFUZZ_FFMPEG_VIDEO ../../libfuzzer/libFuzzer.a -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavutil -Llibpostproc -Llibswscale -Llibswresample -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common -Wl,-rpath-link=:libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb -lX11 -lasound -lm -lbz2 -lz -pthread
34 * create a corpus directory and put some samples there (empty dir is ok too):
35 mkdir CORPUS && cp some-files CORPUS
38 ./target_dec_fuzzer -max_len=100000 CORPUS
42 http://tutorial.libfuzzer.info
43 https://github.com/google/oss-fuzz
44 http://lcamtuf.coredump.cx/afl/
45 https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html
49 #include "libavutil/avassert.h"
50 #include "libavutil/avstring.h"
51 #include "libavutil/cpu.h"
52 #include "libavutil/imgutils.h"
53 #include "libavutil/intreadwrite.h"
54 #include "libavutil/mem.h"
56 #include "libavcodec/avcodec.h"
57 #include "libavcodec/bytestream.h"
58 #include "libavcodec/codec_internal.h"
59 #include "libavformat/avformat.h"
61 //For FF_SANE_NB_CHANNELS, so we dont waste energy testing things that will get instantly rejected
62 #include "libavcodec/internal.h"
64 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
);
66 extern const FFCodec
* codec_list
[];
68 static void error(const char *err
)
70 fprintf(stderr
, "%s", err
);
74 static const FFCodec
*c
= NULL
;
75 static const FFCodec
*AVCodecInitialize(enum AVCodecID codec_id
)
79 res
= avcodec_find_decoder(codec_id
);
81 error("Failed to find decoder");
85 static int subtitle_handler(AVCodecContext
*avctx
, AVFrame
*unused
,
86 int *got_sub_ptr
, const AVPacket
*avpkt
)
89 int ret
= avcodec_decode_subtitle2(avctx
, &sub
, got_sub_ptr
, avpkt
);
90 if (ret
>= 0 && *got_sub_ptr
)
91 avsubtitle_free(&sub
);
95 static int audio_video_handler(AVCodecContext
*avctx
, AVFrame
*frame
,
96 int *got_frame
, const AVPacket
*dummy
)
98 int ret
= avcodec_receive_frame(avctx
, frame
);
99 *got_frame
= ret
>= 0;
103 // Ensure we don't loop forever
104 const uint32_t maxiteration
= 8096;
106 static const uint64_t FUZZ_TAG
= 0x4741542D5A5A5546ULL
;
108 static int fuzz_video_get_buffer(AVCodecContext
*ctx
, AVFrame
*frame
)
110 ptrdiff_t linesize1
[4];
112 int linesize_align
[AV_NUM_DATA_POINTERS
];
113 int i
, ret
, w
= frame
->width
, h
= frame
->height
;
115 avcodec_align_dimensions2(ctx
, &w
, &h
, linesize_align
);
116 ret
= av_image_fill_linesizes(frame
->linesize
, ctx
->pix_fmt
, w
);
120 for (i
= 0; i
< 4 && frame
->linesize
[i
]; i
++)
121 linesize1
[i
] = frame
->linesize
[i
] =
122 FFALIGN(frame
->linesize
[i
], linesize_align
[i
]);
126 ret
= av_image_fill_plane_sizes(size
, ctx
->pix_fmt
, h
, linesize1
);
130 frame
->extended_data
= frame
->data
;
131 for (i
= 0; i
< 4 && size
[i
]; i
++) {
132 switch(ctx
->codec_id
) {
133 case AV_CODEC_ID_FFV1
:
134 frame
->buf
[i
] = av_buffer_alloc(size
[i
]);
137 frame
->buf
[i
] = av_buffer_allocz(size
[i
]);
142 frame
->data
[i
] = frame
->buf
[i
]->data
;
144 for (; i
< AV_NUM_DATA_POINTERS
; i
++) {
145 frame
->data
[i
] = NULL
;
146 frame
->linesize
[i
] = 0;
151 av_frame_unref(frame
);
152 return AVERROR(ENOMEM
);
155 static int fuzz_get_buffer2(AVCodecContext
*ctx
, AVFrame
*frame
, int flags
)
157 switch (ctx
->codec_type
) {
158 case AVMEDIA_TYPE_VIDEO
:
159 return (ctx
->codec
->capabilities
& AV_CODEC_CAP_DR1
)
160 ? fuzz_video_get_buffer(ctx
, frame
)
161 : avcodec_default_get_buffer2(ctx
, frame
, flags
);
162 case AVMEDIA_TYPE_AUDIO
:
163 return avcodec_default_get_buffer2(ctx
, frame
, flags
);
165 return AVERROR(EINVAL
);
169 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
) {
170 uint64_t maxpixels_per_frame
= 4096 * 4096;
173 uint64_t maxsamples_per_frame
= 256*1024*32;
175 const uint64_t fuzz_tag
= FUZZ_TAG
;
176 const uint8_t *last
= data
;
177 const uint8_t *end
= data
+ size
;
179 uint64_t ec_pixels
= 0;
180 uint64_t nb_samples
= 0;
181 int (*decode_handler
)(AVCodecContext
*avctx
, AVFrame
*picture
,
182 int *got_picture_ptr
,
183 const AVPacket
*avpkt
) = NULL
;
184 AVCodecParserContext
*parser
= NULL
;
185 uint64_t keyframes
= 0;
186 uint64_t flushpattern
= -1;
187 AVDictionary
*opts
= NULL
;
190 #ifdef FFMPEG_DECODER
191 #define DECODER_SYMBOL0(CODEC) ff_##CODEC##_decoder
192 #define DECODER_SYMBOL(CODEC) DECODER_SYMBOL0(CODEC)
193 extern FFCodec
DECODER_SYMBOL(FFMPEG_DECODER
);
194 codec_list
[0] = &DECODER_SYMBOL(FFMPEG_DECODER
);
196 #if FFMPEG_DECODER == tiff || FFMPEG_DECODER == tdsc
197 extern FFCodec
DECODER_SYMBOL(mjpeg
);
198 codec_list
[1] = &DECODER_SYMBOL(mjpeg
);
201 c
= &DECODER_SYMBOL(FFMPEG_DECODER
);
203 c
= AVCodecInitialize(FFMPEG_CODEC
); // Done once.
205 av_log_set_level(AV_LOG_PANIC
);
209 case AVMEDIA_TYPE_AUDIO
:
210 case AVMEDIA_TYPE_VIDEO
: decode_handler
= audio_video_handler
; break;
211 case AVMEDIA_TYPE_SUBTITLE
: decode_handler
= subtitle_handler
; break;
214 case AV_CODEC_ID_APE
: maxsamples_per_frame
/= 256; break;
216 maxpixels
= maxpixels_per_frame
* maxiteration
;
217 maxsamples
= maxsamples_per_frame
* maxiteration
;
219 case AV_CODEC_ID_AASC
: maxpixels
/= 1024; break;
220 case AV_CODEC_ID_AGM
: maxpixels
/= 1024; break;
221 case AV_CODEC_ID_ANM
: maxpixels
/= 1024; break;
222 case AV_CODEC_ID_APE
: maxsamples
/= 16384; break;
223 case AV_CODEC_ID_ARBC
: maxpixels
/= 1024; break;
224 case AV_CODEC_ID_ARGO
: maxpixels
/= 1024; break;
225 case AV_CODEC_ID_BETHSOFTVID
: maxpixels
/= 8192; break;
226 case AV_CODEC_ID_BINKVIDEO
: maxpixels
/= 32; break;
227 case AV_CODEC_ID_BONK
: maxsamples
/= 1<<20; break;
228 case AV_CODEC_ID_CDTOONS
: maxpixels
/= 1024; break;
229 case AV_CODEC_ID_CFHD
: maxpixels
/= 16384; break;
230 case AV_CODEC_ID_CINEPAK
: maxpixels
/= 128; break;
231 case AV_CODEC_ID_COOK
: maxsamples
/= 1<<20; break;
232 case AV_CODEC_ID_CSCD
: maxpixels
/= 1024; break;
233 case AV_CODEC_ID_DFA
: maxpixels
/= 1024; break;
234 case AV_CODEC_ID_DIRAC
: maxpixels
/= 8192; break;
235 case AV_CODEC_ID_DSICINVIDEO
: maxpixels
/= 1024; break;
236 case AV_CODEC_ID_DST
: maxsamples
/= 1<<20; break;
237 case AV_CODEC_ID_DVB_SUBTITLE
: av_dict_set_int(&opts
, "compute_clut", -2, 0); break;
238 case AV_CODEC_ID_DXA
: maxpixels
/= 32; break;
239 case AV_CODEC_ID_DXV
: maxpixels
/= 32; break;
240 case AV_CODEC_ID_EXR
: maxpixels
/= 1024; break;
241 case AV_CODEC_ID_FFV1
: maxpixels
/= 32; break;
242 case AV_CODEC_ID_FFWAVESYNTH
: maxsamples
/= 16384; break;
243 case AV_CODEC_ID_FLAC
: maxsamples
/= 1024; break;
244 case AV_CODEC_ID_FLIC
: maxpixels
/= 1024; break;
245 case AV_CODEC_ID_FLV1
: maxpixels
/= 1024; break;
246 case AV_CODEC_ID_FMVC
: maxpixels
/= 1024; break;
247 case AV_CODEC_ID_G2M
: maxpixels
/= 1024; break;
248 case AV_CODEC_ID_GEM
: maxpixels
/= 512; break;
249 case AV_CODEC_ID_GDV
: maxpixels
/= 512; break;
250 case AV_CODEC_ID_GIF
: maxpixels
/= 16; break;
251 case AV_CODEC_ID_H264
: maxpixels
/= 256; break;
252 case AV_CODEC_ID_HAP
: maxpixels
/= 128; break;
253 case AV_CODEC_ID_HEVC
: maxpixels
/= 16384; break;
254 case AV_CODEC_ID_HNM4_VIDEO
: maxpixels
/= 128; break;
255 case AV_CODEC_ID_HQ_HQA
: maxpixels
/= 128; break;
256 case AV_CODEC_ID_IFF_ILBM
: maxpixels
/= 4096; break;
257 case AV_CODEC_ID_INDEO4
: maxpixels
/= 128; break;
258 case AV_CODEC_ID_INTERPLAY_ACM
: maxsamples
/= 16384; break;
259 case AV_CODEC_ID_JPEG2000
: maxpixels
/= 16384; break;
260 case AV_CODEC_ID_LAGARITH
: maxpixels
/= 1024; break;
261 case AV_CODEC_ID_LOCO
: maxpixels
/= 1024; break;
262 case AV_CODEC_ID_VORBIS
: maxsamples
/= 1024; break;
263 case AV_CODEC_ID_LSCR
: maxpixels
/= 16; break;
264 case AV_CODEC_ID_MMVIDEO
: maxpixels
/= 256; break;
265 case AV_CODEC_ID_MOTIONPIXELS
:maxpixels
/= 256; break;
266 case AV_CODEC_ID_MP4ALS
: maxsamples
/= 65536; break;
267 case AV_CODEC_ID_MSA1
: maxpixels
/= 16384; break;
268 case AV_CODEC_ID_MSRLE
: maxpixels
/= 16; break;
269 case AV_CODEC_ID_MSS2
: maxpixels
/= 16384; break;
270 case AV_CODEC_ID_MSZH
: maxpixels
/= 128; break;
271 case AV_CODEC_ID_MTS2
: maxpixels
/= 4096; break;
272 case AV_CODEC_ID_MV30
: maxpixels
/= 128; break;
273 case AV_CODEC_ID_MVC2
: maxpixels
/= 128; break;
274 case AV_CODEC_ID_MVHA
: maxpixels
/= 16384; break;
275 case AV_CODEC_ID_MVDV
: maxpixels
/= 1024; break;
276 case AV_CODEC_ID_MWSC
: maxpixels
/= 256; break;
277 case AV_CODEC_ID_MXPEG
: maxpixels
/= 128; break;
278 case AV_CODEC_ID_NUV
: maxpixels
/= 128; break;
279 case AV_CODEC_ID_OPUS
: maxsamples
/= 16384; break;
280 case AV_CODEC_ID_PNG
: maxpixels
/= 128; break;
281 case AV_CODEC_ID_APNG
: maxpixels
/= 128; break;
282 case AV_CODEC_ID_QTRLE
: maxpixels
/= 16; break;
283 case AV_CODEC_ID_PAF_VIDEO
: maxpixels
/= 16; break;
284 case AV_CODEC_ID_PRORES
: maxpixels
/= 256; break;
285 case AV_CODEC_ID_QPEG
: maxpixels
/= 256; break;
286 case AV_CODEC_ID_RKA
: maxsamples
/= 1<<20; break;
287 case AV_CODEC_ID_RSCC
: maxpixels
/= 256; break;
288 case AV_CODEC_ID_RASC
: maxpixels
/= 256; break;
289 case AV_CODEC_ID_RTV1
: maxpixels
/= 16; break;
290 case AV_CODEC_ID_RV30
: maxpixels
/= 256; break;
291 case AV_CODEC_ID_SANM
: maxpixels
/= 16; break;
292 case AV_CODEC_ID_SCPR
: maxpixels
/= 32; break;
293 case AV_CODEC_ID_SCREENPRESSO
:maxpixels
/= 64; break;
294 case AV_CODEC_ID_SIMBIOSIS_IMX
:maxpixels
/= 16384; break;
295 case AV_CODEC_ID_SPEEX
: maxsamples
/= 128; break;
296 case AV_CODEC_ID_SMACKAUDIO
: maxsamples
/= 4096; break;
297 case AV_CODEC_ID_SMACKVIDEO
: maxpixels
/= 64; break;
298 case AV_CODEC_ID_SNOW
: maxpixels
/= 128; break;
299 case AV_CODEC_ID_SRGC
: maxpixels
/= 128; break;
300 case AV_CODEC_ID_TARGA
: maxpixels
/= 128; break;
301 case AV_CODEC_ID_TAK
: maxsamples
/= 1024; break;
302 case AV_CODEC_ID_TGV
: maxpixels
/= 32; break;
303 case AV_CODEC_ID_THEORA
: maxpixels
/= 16384; break;
304 case AV_CODEC_ID_TQI
: maxpixels
/= 1024; break;
305 case AV_CODEC_ID_TRUEMOTION2
: maxpixels
/= 1024; break;
306 case AV_CODEC_ID_TSCC
: maxpixels
/= 1024; break;
307 case AV_CODEC_ID_UTVIDEO
: maxpixels
/= 1024; break;
308 case AV_CODEC_ID_VB
: maxpixels
/= 1024; break;
309 case AV_CODEC_ID_VC1
: maxpixels
/= 8192; break;
310 case AV_CODEC_ID_VC1IMAGE
: maxpixels
/= 8192; break;
311 case AV_CODEC_ID_VMNC
: maxpixels
/= 8192; break;
312 case AV_CODEC_ID_VMDVIDEO
: maxpixels
/= 1024; break;
313 case AV_CODEC_ID_VMIX
: maxpixels
/= 8192; break;
314 case AV_CODEC_ID_VP3
: maxpixels
/= 4096; break;
315 case AV_CODEC_ID_VP4
: maxpixels
/= 4096; break;
316 case AV_CODEC_ID_VP5
: maxpixels
/= 256; break;
317 case AV_CODEC_ID_VP6F
: maxpixels
/= 4096; break;
318 case AV_CODEC_ID_VP6A
: maxpixels
/= 4096; break;
319 case AV_CODEC_ID_VP7
: maxpixels
/= 256; break;
320 case AV_CODEC_ID_VP9
: maxpixels
/= 4096; break;
321 case AV_CODEC_ID_WAVPACK
: maxsamples
/= 1024; break;
322 case AV_CODEC_ID_WCMV
: maxpixels
/= 1024; break;
323 case AV_CODEC_ID_WMV3IMAGE
: maxpixels
/= 8192; break;
324 case AV_CODEC_ID_WMV2
: maxpixels
/= 1024; break;
325 case AV_CODEC_ID_WMV3
: maxpixels
/= 1024; break;
326 case AV_CODEC_ID_WS_VQA
: maxpixels
/= 16384; break;
327 case AV_CODEC_ID_WMALOSSLESS
: maxsamples
/= 1024; break;
328 case AV_CODEC_ID_WMAPRO
: maxsamples
/= 16384; break;
329 case AV_CODEC_ID_YLC
: maxpixels
/= 1024; break;
330 case AV_CODEC_ID_ZEROCODEC
: maxpixels
/= 128; break;
331 case AV_CODEC_ID_ZLIB
: maxpixels
/= 4096; break;
334 maxsamples_per_frame
= FFMIN(maxsamples_per_frame
, maxsamples
);
335 maxpixels_per_frame
= FFMIN(maxpixels_per_frame
, maxpixels
);
337 AVCodecContext
* ctx
= avcodec_alloc_context3(&c
->p
);
338 AVCodecContext
* parser_avctx
= avcodec_alloc_context3(NULL
);
339 if (!ctx
|| !parser_avctx
)
340 error("Failed memory allocation");
342 if (ctx
->max_pixels
== 0 || ctx
->max_pixels
> maxpixels_per_frame
)
343 ctx
->max_pixels
= maxpixels_per_frame
; //To reduce false positive OOM and hangs
345 ctx
->max_samples
= maxsamples_per_frame
;
346 ctx
->get_buffer2
= fuzz_get_buffer2
;
347 if (c
->p
.capabilities
& AV_CODEC_CAP_EXPERIMENTAL
)
348 ctx
->strict_std_compliance
= FF_COMPLIANCE_EXPERIMENTAL
;
354 uint64_t request_channel_layout
;
358 bytestream2_init(&gbc
, data
+ size
, 1024);
359 ctx
->width
= bytestream2_get_le32(&gbc
);
360 ctx
->height
= bytestream2_get_le32(&gbc
);
361 ctx
->bit_rate
= bytestream2_get_le64(&gbc
);
362 ctx
->bits_per_coded_sample
= bytestream2_get_le32(&gbc
);
363 // Try to initialize a parser for this codec, note, this may fail which just means we test without one
364 flags
= bytestream2_get_byte(&gbc
);
366 parser
= av_parser_init(c
->p
.id
);
368 ctx
->strict_std_compliance
= FF_COMPLIANCE_EXPERIMENTAL
;
370 ctx
->err_recognition
= AV_EF_AGGRESSIVE
| AV_EF_COMPLIANT
| AV_EF_CAREFUL
;
372 ctx
->err_recognition
|= AV_EF_EXPLODE
;
374 if ((flags
& 0x10) && c
->p
.id
!= AV_CODEC_ID_H264
)
375 ctx
->flags2
|= AV_CODEC_FLAG2_FAST
;
377 ctx
->export_side_data
|= AV_CODEC_EXPORT_DATA_MVS
;
380 av_force_cpu_flags(0);
382 extradata_size
= bytestream2_get_le32(&gbc
);
384 ctx
->sample_rate
= bytestream2_get_le32(&gbc
) & 0x7FFFFFFF;
385 ctx
->ch_layout
.nb_channels
= (unsigned)bytestream2_get_le32(&gbc
) % FF_SANE_NB_CHANNELS
;
386 ctx
->block_align
= bytestream2_get_le32(&gbc
) & 0x7FFFFFFF;
387 ctx
->codec_tag
= bytestream2_get_le32(&gbc
);
390 for (n
= 0; c
->codec_tags
[n
] != FF_CODEC_TAGS_END
; n
++);
391 ctx
->codec_tag
= c
->codec_tags
[ctx
->codec_tag
% n
];
393 keyframes
= bytestream2_get_le64(&gbc
);
394 request_channel_layout
= bytestream2_get_le64(&gbc
);
396 ctx
->idct_algo
= bytestream2_get_byte(&gbc
) % 25;
397 flushpattern
= bytestream2_get_le64(&gbc
);
398 ctx
->skip_frame
= bytestream2_get_byte(&gbc
) - 254 + AVDISCARD_ALL
;
402 switch (ctx
->codec_id
) {
403 case AV_CODEC_ID_AC3
:
404 case AV_CODEC_ID_EAC3
:
405 av_dict_set_int(&opts
, "cons_noisegen", bytestream2_get_byte(&gbc
) & 1, 0);
406 av_dict_set_int(&opts
, "heavy_compr", bytestream2_get_byte(&gbc
) & 1, 0);
407 av_dict_set_int(&opts
, "target_level", (int)(bytestream2_get_byte(&gbc
) % 32) - 31, 0);
408 av_dict_set_int(&opts
, "dmix_mode", (int)(bytestream2_get_byte(&gbc
) % 4) - 1, 0);
413 // Keep the deprecated request_channel_layout behavior to ensure old fuzzing failures
414 // remain reproducible.
415 if (request_channel_layout
) {
416 switch (ctx
->codec_id
) {
417 case AV_CODEC_ID_AC3
:
418 case AV_CODEC_ID_EAC3
:
419 case AV_CODEC_ID_MLP
:
420 case AV_CODEC_ID_TRUEHD
:
421 case AV_CODEC_ID_DTS
:
422 if (request_channel_layout
& ~INT64_MIN
) {
423 char *downmix_layout
= av_mallocz(19);
425 error("Failed memory allocation");
426 av_strlcatf(downmix_layout
, 19, "0x%"PRIx64
, request_channel_layout
& ~INT64_MIN
);
427 av_dict_set(&opts
, "downmix", downmix_layout
, AV_DICT_DONT_STRDUP_VAL
);
429 if (ctx
->codec_id
!= AV_CODEC_ID_DTS
)
432 case AV_CODEC_ID_DOLBY_E
:
433 av_dict_set_int(&opts
, "channel_order", !!(request_channel_layout
& INT64_MIN
), 0);
438 flags64
= bytestream2_get_le64(&gbc
);
440 ctx
->debug
|= FF_DEBUG_SKIP
;
442 ctx
->debug
|= FF_DEBUG_QP
;
444 ctx
->debug
|= FF_DEBUG_MB_TYPE
;
446 ctx
->export_side_data
|= AV_CODEC_EXPORT_DATA_VIDEO_ENC_PARAMS
;
448 ctx
->err_recognition
|= AV_EF_CRCCHECK
;
450 ctx
->workaround_bugs
= bytestream2_get_le32(&gbc
);
452 if (c
->p
.max_lowres
) {
453 ctx
->lowres
= bytestream2_get_byte(&gbc
) % (c
->p
.max_lowres
+1);
456 if (extradata_size
< size
) {
457 ctx
->extradata
= av_mallocz(extradata_size
+ AV_INPUT_BUFFER_PADDING_SIZE
);
458 if (ctx
->extradata
) {
459 ctx
->extradata_size
= extradata_size
;
460 size
-= ctx
->extradata_size
;
461 memcpy(ctx
->extradata
, data
+ size
, ctx
->extradata_size
);
464 if (av_image_check_size(ctx
->width
, ctx
->height
, 0, ctx
))
465 ctx
->width
= ctx
->height
= 0;
468 int res
= avcodec_open2(ctx
, &c
->p
, &opts
);
470 avcodec_free_context(&ctx
);
471 av_free(parser_avctx
);
472 av_parser_close(parser
);
474 return 0; // Failure of avcodec_open2() does not imply that a issue was found
476 parser_avctx
->codec_id
= ctx
->codec_id
;
477 parser_avctx
->extradata_size
= ctx
->extradata_size
;
478 parser_avctx
->extradata
= ctx
->extradata
? av_memdup(ctx
->extradata
, ctx
->extradata_size
+ AV_INPUT_BUFFER_PADDING_SIZE
) : NULL
;
482 AVFrame
*frame
= av_frame_alloc();
483 AVPacket
*avpkt
= av_packet_alloc();
484 AVPacket
*parsepkt
= av_packet_alloc();
485 if (!frame
|| !avpkt
|| !parsepkt
)
486 error("Failed memory allocation");
488 // Read very simple container
489 while (data
< end
&& it
< maxiteration
) {
490 // Search for the TAG
491 while (data
+ sizeof(fuzz_tag
) < end
) {
492 if (data
[0] == (fuzz_tag
& 0xFF) && AV_RN64(data
) == fuzz_tag
)
496 if (data
+ sizeof(fuzz_tag
) > end
)
499 res
= av_new_packet(parsepkt
, data
- last
);
501 error("Failed memory allocation");
502 memcpy(parsepkt
->data
, last
, data
- last
);
503 parsepkt
->flags
= (keyframes
& 1) * AV_PKT_FLAG_DISCARD
+ (!!(keyframes
& 2)) * AV_PKT_FLAG_KEY
;
504 keyframes
= (keyframes
>> 2) + (keyframes
<<62);
505 data
+= sizeof(fuzz_tag
);
508 while (parsepkt
->size
> 0) {
512 int ret
= av_parser_parse2(parser
, parser_avctx
, &avpkt
->data
, &avpkt
->size
,
513 parsepkt
->data
, parsepkt
->size
,
514 parsepkt
->pts
, parsepkt
->dts
, parsepkt
->pos
);
515 if (avpkt
->data
== parsepkt
->data
) {
516 avpkt
->buf
= av_buffer_ref(parsepkt
->buf
);
518 error("Failed memory allocation");
520 if (av_packet_make_refcounted(avpkt
) < 0)
521 error("Failed memory allocation");
523 parsepkt
->data
+= ret
;
524 parsepkt
->size
-= ret
;
525 parsepkt
->pos
+= ret
;
526 avpkt
->pts
= parser
->pts
;
527 avpkt
->dts
= parser
->dts
;
528 avpkt
->pos
= parser
->pos
;
529 if ( parser
->key_frame
== 1 ||
530 (parser
->key_frame
== -1 && parser
->pict_type
== AV_PICTURE_TYPE_I
))
531 avpkt
->flags
|= AV_PKT_FLAG_KEY
;
532 avpkt
->flags
|= parsepkt
->flags
& AV_PKT_FLAG_DISCARD
;
534 av_packet_move_ref(avpkt
, parsepkt
);
537 if (!(flushpattern
& 7))
538 avcodec_flush_buffers(ctx
);
539 flushpattern
= (flushpattern
>> 3) + (flushpattern
<< 61);
541 if (ctx
->codec_type
!= AVMEDIA_TYPE_SUBTITLE
) {
542 int ret
= avcodec_send_packet(ctx
, avpkt
);
543 decode_more
= ret
>= 0;
545 ec_pixels
+= (ctx
->width
+ 32LL) * (ctx
->height
+ 32LL);
546 if (it
> 20 || ec_pixels
> 4 * ctx
->max_pixels
) {
547 ctx
->error_concealment
= 0;
548 ctx
->debug
&= ~(FF_DEBUG_SKIP
| FF_DEBUG_QP
| FF_DEBUG_MB_TYPE
);
550 if (ec_pixels
> maxpixels
)
551 goto maximums_reached
;
556 // Iterate through all data
557 while (decode_more
&& it
++ < maxiteration
) {
558 av_frame_unref(frame
);
559 int ret
= decode_handler(ctx
, frame
, &got_frame
, avpkt
);
561 ec_pixels
+= (ctx
->width
+ 32LL) * (ctx
->height
+ 32LL);
562 if (it
> 20 || ec_pixels
> 4 * ctx
->max_pixels
) {
563 ctx
->error_concealment
= 0;
564 ctx
->debug
&= ~(FF_DEBUG_SKIP
| FF_DEBUG_QP
| FF_DEBUG_MB_TYPE
);
566 if (ec_pixels
> maxpixels
)
567 goto maximums_reached
;
569 if (ctx
->codec_type
== AVMEDIA_TYPE_AUDIO
&&
570 frame
->nb_samples
== 0 && !got_frame
&&
571 (avpkt
->flags
& AV_PKT_FLAG_DISCARD
))
572 nb_samples
+= ctx
->max_samples
;
574 nb_samples
+= frame
->nb_samples
;
575 if (nb_samples
> maxsamples
)
576 goto maximums_reached
;
578 if (ret
<= 0 || ret
> avpkt
->size
)
581 if (ctx
->codec_type
== AVMEDIA_TYPE_SUBTITLE
) {
584 decode_more
= avpkt
->size
> 0;
586 decode_more
= ret
>= 0;
588 av_packet_unref(avpkt
);
590 av_packet_unref(parsepkt
);
594 av_packet_unref(avpkt
);
596 if (ctx
->codec_type
!= AVMEDIA_TYPE_SUBTITLE
)
597 avcodec_send_packet(ctx
, NULL
);
601 av_frame_unref(frame
);
602 decode_handler(ctx
, frame
, &got_frame
, avpkt
);
604 nb_samples
+= frame
->nb_samples
;
605 if (nb_samples
> maxsamples
)
607 } while (got_frame
== 1 && it
++ < maxiteration
);
609 fprintf(stderr
, "pixels decoded: %"PRId64
", samples decoded: %"PRId64
", iterations: %d\n", ec_pixels
, nb_samples
, it
);
611 av_frame_free(&frame
);
612 avcodec_free_context(&ctx
);
613 avcodec_free_context(&parser_avctx
);
614 av_parser_close(parser
);
615 av_packet_free(&avpkt
);
616 av_packet_free(&parsepkt
);
