ref: 124653109dd96708b33fb23995f4b703c07d3adf
parent: 6e796314f38bedd1c203912e1406b0056a886a68
author: Janne Grunau <[email protected]>
date: Tue Oct 30 16:42:50 EDT 2018
fuzzing: limit maximum frame size to 4kx4k Avoid out of memory (2Gb) or time out (25s) issues in oss-fuzz.
--- a/tests/libfuzzer/dav1d_fuzzer.c
+++ b/tests/libfuzzer/dav1d_fuzzer.c
@@ -37,6 +37,19 @@
return ((uint32_t)p[3] << 24U) | (p[2] << 16U) | (p[1] << 8U) | p[0];
}
+#define DAV1D_FUZZ_MAX_SIZE 4096
+
+#if defined(DAV1D_FUZZ_MAX_SIZE)
+static int (*default_picture_allocator)(Dav1dPicture *, void *);
+
+static int fuzz_picture_allocator(Dav1dPicture *pic, void *cookie) {
+ if (pic->p.w > DAV1D_FUZZ_MAX_SIZE || pic->p.h > DAV1D_FUZZ_MAX_SIZE)
+ return -EINVAL;
+
+ return default_picture_allocator(pic, cookie);
+}
+#endif
+
// expects ivf input
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
@@ -58,6 +71,10 @@
settings.n_frame_threads = settings.n_tile_threads = 2;
#else
settings.n_frame_threads = settings.n_tile_threads = 1;
+#endif
+#if defined(DAV1D_FUZZ_MAX_SIZE)
+ default_picture_allocator = settings.allocator.alloc_picture_callback;
+ settings.allocator.alloc_picture_callback = fuzz_picture_allocator;
#endif
err = dav1d_open(&ctx, &settings);