shithub: dav1d

Download patch

ref: ac1cb28d1e66ff03eedb495cded1f6ac3dcce07f
parent: 2c09aaa4d7e0f96ca5a4cdefb6a04d0cf7e0bf4b
author: Janne Grunau <[email protected]>
date: Thu Sep 17 17:01:50 EDT 2020

fuzzer: parse '--cpumask X' command line argument

--- a/tests/libfuzzer/dav1d_fuzzer.c
+++ b/tests/libfuzzer/dav1d_fuzzer.c
@@ -31,6 +31,7 @@
 #include <stddef.h>
 #include <stdint.h>
 #include <string.h>
+#include <stdlib.h>
 
 #include <dav1d/dav1d.h>
 #include "src/cpu.h"
@@ -38,8 +39,6 @@
 
 #ifdef DAV1D_ALLOC_FAIL
 
-#include <stdlib.h>
-
 #include "alloc_fail.h"
 
 static unsigned djb_xor(const uint8_t * c, size_t len) {
@@ -55,6 +54,39 @@
 }
 
 #define DAV1D_FUZZ_MAX_SIZE 4096 * 4096
+
+// search for "--cpumask xxx" in argv and remove both parameters
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+    int i = 1;
+    for (; i < *argc; i++) {
+        if (!strcmp((*argv)[i], "--cpumask")) {
+            const char * cpumask = (*argv)[i+1];
+            if (cpumask) {
+                char *end;
+                unsigned res;
+                if (!strncmp(cpumask, "0x", 2)) {
+                    cpumask += 2;
+                    res = (unsigned) strtoul(cpumask, &end, 16);
+                } else {
+                    res = (unsigned) strtoul(cpumask, &end, 0);
+                }
+                if (end != cpumask && !end[0]) {
+                    dav1d_set_cpu_flags_mask(res);
+                }
+            }
+            break;
+        }
+    }
+
+    for (; i < *argc - 2; i++) {
+        (*argv)[i] = (*argv)[i + 2];
+    }
+
+    *argc = i;
+
+    return 0;
+}
+
 
 // expects ivf input
 
--- a/tests/libfuzzer/dav1d_fuzzer.h
+++ b/tests/libfuzzer/dav1d_fuzzer.h
@@ -31,6 +31,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
+int LLVMFuzzerInitialize(int *argc, char ***argv);
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
 #endif /* DAV1D_TESTS_LIBFUZZER_DAV1D_FUZZER_H */
--- a/tests/libfuzzer/main.c
+++ b/tests/libfuzzer/main.c
@@ -40,7 +40,7 @@
 
 // expects ivf input
 
-int main(const int argc, char *const *const argv) {
+int main(int argc, char *argv[]) {
     int ret = -1;
     FILE *f = NULL;
     int64_t fsize;
@@ -47,6 +47,10 @@
     const char *filename = NULL;
     uint8_t *data = NULL;
     size_t size = 0;
+
+    if (LLVMFuzzerInitialize(&argc, &argv)) {
+        return 1;
+    }
 
     if (argc != 2) {
         fprintf(stdout, "Usage:\n%s fuzzing_testcase.ivf\n", argv[0]);