shithub: dav1d

Download patch

ref: 6ef9a030145eef79fdeab6d4d38e00423ae7a83d
parent: ee31bb858f7a19880260797c0ef7f4dfcc102dc2
author: James Almer <[email protected]>
date: Sun Jul 7 18:10:30 EDT 2019

dav1d_fuzzer: use Dav1dSettings.frame_size_limit instead of a custom picture allocator

Limit frame size in pixels to about 16MP, while allowing the fuzzer to test
frame widths and heights above 4096.

--- a/tests/libfuzzer/dav1d_fuzzer.c
+++ b/tests/libfuzzer/dav1d_fuzzer.c
@@ -54,19 +54,8 @@
     return ((uint32_t)p[3] << 24U) | (p[2] << 16U) | (p[1] << 8U) | p[0];
 }
 
-#define DAV1D_FUZZ_MAX_SIZE 4096
+#define DAV1D_FUZZ_MAX_SIZE 4096 * 4096
 
-#if defined(DAV1D_FUZZ_MAX_SIZE)
-static int (*default_picture_allocator)(Dav1dPicture *, void *);
-
-static int fuzz_picture_allocator(Dav1dPicture *pic, void *cookie) {
-    if (pic->p.w > DAV1D_FUZZ_MAX_SIZE || pic->p.h > DAV1D_FUZZ_MAX_SIZE)
-        return DAV1D_ERR(EINVAL);
-
-    return default_picture_allocator(pic, cookie);
-}
-#endif
-
 // expects ivf input
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
@@ -111,8 +100,7 @@
     settings.n_frame_threads = settings.n_tile_threads = 1;
 #endif
 #if defined(DAV1D_FUZZ_MAX_SIZE)
-    default_picture_allocator = settings.allocator.alloc_picture_callback;
-    settings.allocator.alloc_picture_callback = fuzz_picture_allocator;
+    settings.frame_size_limit = DAV1D_FUZZ_MAX_SIZE;
 #endif
 
     err = dav1d_open(&ctx, &settings);