From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id C181A496C8 for ; Sun, 18 Feb 2024 01:03:32 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C6FCE68D2F8; Sun, 18 Feb 2024 03:03:29 +0200 (EET) Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1F65468D247 for ; Sun, 18 Feb 2024 03:03:23 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 78C1660003 for ; Sun, 18 Feb 2024 01:03:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1708218202; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=nfYdrv3dmVkLHb3QkcGfuD3Vvzb4w3DNdwhxrc3FOO4=; b=nmGh6Ru9nDgnxyKUWV+Go+ZzddxXYqUrOUo8VaGBM/CAepAkEbGiDGGmdwbWB/wsnNeTJJ AHHDOc4ps6+3NCppC+pINbvXjXwBjnq9/dy4pB/M9GjWYvkhoefZ3MkEghsl6a4rAxT/IO XVQ8naJdd3Oxj/4sLxX/dR1pCmumW7xYNX2OcTMu3s3VJjEF4lchKOiSqyHtej5vTVdgot Y8CHOOZx2gXwOfI0nhLBNw61cSYElGczmtcjLyUz+oskP6jC0g7G0i12e5g8PpBABloxp4 CgZkBv0oY+fyMQBQaplGyW8EEG/FWv9cq/UlNjUBW8T/BUechg8wp6+c+yf9SA== Date: Sun, 18 Feb 2024 02:03:21 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240218010321.GN6420@pb2> References: <20240217234851.23208-1-michael@niedermayer.cc> <314d0e5c-4e94-4ecd-870d-d767f9cb617b@gmail.com> MIME-Version: 1.0 In-Reply-To: <314d0e5c-4e94-4ecd-870d-d767f9cb617b@gmail.com> X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH] tools: Add target_sws_fuzzer.c X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============2063484813798407613==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============2063484813798407613== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="+xpyAJMPEG2r+hCF" Content-Disposition: inline --+xpyAJMPEG2r+hCF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 17, 2024 at 09:13:21PM -0300, James Almer wrote: >=20 >=20 > On 2/17/2024 8:48 PM, Michael Niedermayer wrote: > > Signed-off-by: Michael Niedermayer > > --- > > Makefile | 3 + > > tools/Makefile | 3 + > > tools/target_sws_fuzzer.c | 168 ++++++++++++++++++++++++++++++++++++++ > > 3 files changed, 174 insertions(+) > > create mode 100644 tools/target_sws_fuzzer.c > >=20 > > diff --git a/Makefile b/Makefile > > index dbc930270b3..b309dbc4db9 100644 > > --- a/Makefile > > +++ b/Makefile > > @@ -64,6 +64,9 @@ tools/target_dem_fuzzer$(EXESUF): tools/target_dem_fu= zzer.o $(FF_DEP_LIBS) > > tools/target_io_dem_fuzzer$(EXESUF): tools/target_io_dem_fuzzer.o $(F= F_DEP_LIBS) > > $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $= (LIBFUZZER_PATH) > > +tools/target_sws_fuzzer$(EXESUF): tools/target_sws_fuzzer.o $(FF_DEP_L= IBS) > > + $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(= LIBFUZZER_PATH) > > + > > tools/enum_options$(EXESUF): ELIBS =3D $(FF_EXTRALIBS) > > tools/enum_options$(EXESUF): $(FF_DEP_LIBS) > > diff --git a/tools/Makefile b/tools/Makefile > > index dee6a416688..72e8e709a8d 100644 > > --- a/tools/Makefile > > +++ b/tools/Makefile > > @@ -17,6 +17,9 @@ tools/target_dem_fuzzer.o: tools/target_dem_fuzzer.c > > tools/target_io_dem_fuzzer.o: tools/target_dem_fuzzer.c > > $(COMPILE_C) -DIO_FLAT=3D0 > > +tools/target_sws_fuzzer.o: tools/target_sws_fuzzer.c > > + $(COMPILE_C) > > + > > tools/enc_recon_frame_test$(EXESUF): tools/decode_simple.o > > tools/venc_data_dump$(EXESUF): tools/decode_simple.o > > tools/scale_slice_test$(EXESUF): tools/decode_simple.o > > diff --git a/tools/target_sws_fuzzer.c b/tools/target_sws_fuzzer.c > > new file mode 100644 > > index 00000000000..babb6e81629 > > --- /dev/null > > +++ b/tools/target_sws_fuzzer.c > > @@ -0,0 +1,168 @@ > > +/* > > + * Copyright (c) 2024 Michael Niedermayer > > + * > > + * This file is part of FFmpeg. > > + * > > + * FFmpeg is free software; you can redistribute it and/or > > + * modify it under the terms of the GNU Lesser General Public > > + * License as published by the Free Software Foundation; either > > + * version 2.1 of the License, or (at your option) any later version. > > + * > > + * FFmpeg is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > + * Lesser General Public License for more details. > > + * > > + * You should have received a copy of the GNU Lesser General Public > > + * License along with FFmpeg; if not, write to the Free Software > > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110= -1301 USA > > + */ > > + > > +#include "config.h" > > +#include "libavutil/avassert.h" > > +#include "libavutil/avstring.h" > > +#include "libavutil/cpu.h" > > +#include "libavutil/imgutils.h" > > +#include "libavutil/intreadwrite.h" > > +#include "libavutil/opt.h" > > + > > +#include "libavcodec/bytestream.h" > > + > > +#include "libswscale/swscale.h" > > + > > + > > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); > > + > > +static void error(const char *err) > > +{ > > + fprintf(stderr, "%s", err); > > + exit(1); > > +} > > + > > +static int alloc_plane(uint8_t *data[AV_VIDEO_MAX_PLANES], int stride[= AV_VIDEO_MAX_PLANES], int w, int h, int format, int *hshift, int *vshift) > > +{ > > + int ret =3D av_image_fill_linesizes(stride, format, w); > > + if (ret < 0) > > + return -1; > > + > > + av_pix_fmt_get_chroma_sub_sample(format, hshift, vshift); > > + > > + for(int p=3D0; p > + if (stride[p]) { > > + stride[p] =3D FFALIGN(stride[p], 32); > > + int ph =3D AV_CEIL_RSHIFT(h, (p =3D=3D 1 || p =3D=3D 2) ? = *vshift : 0); > > + av_log(0,0, "P:%d St %d ph %d\n", p, stride[p], ph); > > + data[p] =3D av_mallocz(stride[p] * ph + 32); > > + if (!data[p]) > > + return -1; > > + } > > + } > > + if (format =3D=3D AV_PIX_FMT_PAL8) { > > + data[1] =3D av_mallocz(256*4); > > + if (!data[1]) > > + return -1; > > + } > > + return 0; >=20 > av_image_alloc()? Would be better to actually test sws with buffers creat= ed > by our own public helpers. av_image_alloc() allocates the planes in one continous piece so teh fuzzer would not be able to detect accesses over the end of the first or accesses prior the 2nd. So this is not possible >=20 > > +} > > + > > +static void free_plane(uint8_t *data[AV_VIDEO_MAX_PLANES]) > > +{ > > + for(int p=3D0; p > + av_freep(&data[p]); > > +} > > + > > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { > > + int srcW=3D 48, srcH =3D 48; > > + int dstW=3D 48, dstH =3D 48; > > + int srcHShift, srcVShift; > > + int dstHShift, dstVShift; > > + unsigned flags =3D 1; > > + int srcStride[AV_VIDEO_MAX_PLANES] =3D {0}; > > + int dstStride[AV_VIDEO_MAX_PLANES] =3D {0}; > > + int ret; > > + const uint8_t *end =3D data + size; > > + enum AVPixelFormat srcFormat =3D AV_PIX_FMT_YUV420P; > > + enum AVPixelFormat dstFormat =3D AV_PIX_FMT_YUV420P; > > + uint8_t *src[4] =3D { 0 }; > > + uint8_t *dst[4] =3D { 0 }; >=20 > AV_VIDEO_MAX_PLANES. will change >=20 > > + struct SwsContext *sws =3D NULL; > > + const AVPixFmtDescriptor *desc_src, *desc_dst; > > + > > + if (size > 128) { > > + GetByteContext gbc; > > + int64_t flags64; > > + > > + size -=3D 128; > > + bytestream2_init(&gbc, data + size, 128); > > + srcW =3D bytestream2_get_le32(&gbc) % 256; > > + srcH =3D bytestream2_get_le32(&gbc) % 256; > > + dstW =3D bytestream2_get_le32(&gbc) % 256; > > + dstH =3D bytestream2_get_le32(&gbc) % 256; > > + flags =3D bytestream2_get_le32(&gbc); > > + > > + srcFormat =3D bytestream2_get_le32(&gbc) % AV_PIX_FMT_NB; > > + dstFormat =3D bytestream2_get_le32(&gbc) % AV_PIX_FMT_NB; >=20 > nit: Maybe sanitize the choices with sws_isSupportedInput() and > sws_isSupportedOutput()? Unless having sws_init_context() fail with inval= id > arguments is also intended. Honestly i do not know which way is best >=20 > > + > > + flags64 =3D bytestream2_get_le64(&gbc); > > + if (flags64 & 0x10) > > + av_force_cpu_flags(0); > > + > > + if (av_image_check_size(srcW, srcH, srcFormat, NULL)) > > + srcW =3D srcH =3D 123; > > + if (av_image_check_size(dstW, dstH, dstFormat, NULL)) > > + dstW =3D dstH =3D 123; >=20 > Is there a format where this could fail, knowing the dimensions are at mo= st > 255x255? The 255 is temporary, a less restrictive size should be choosen as there may be bugs with huge sizes. Its just that these really slow it down >=20 > > + //TODO alphablend > > + } > > + > > + desc_src =3D av_pix_fmt_desc_get(srcFormat); > > + desc_dst =3D av_pix_fmt_desc_get(dstFormat); > > + > > + ret =3D alloc_plane(src, srcStride, srcW, srcH, srcFormat, &srcHSh= ift, &srcVShift); > > + if (ret < 0) > > + goto end; > > + > > + ret =3D alloc_plane(dst, dstStride, dstW, dstH, dstFormat, &dstHSh= ift, &dstVShift); > > + if (ret < 0) > > + goto end; > > + > > + > > + for(int p=3D0; p > + int psize =3D srcStride[p] * AV_CEIL_RSHIFT(srcH, (p =3D=3D 1 = || p =3D=3D 2) ? srcVShift : 0); > > + if (psize > size) > > + psize =3D size; > > + if (psize) { > > + memcpy(src[p], data, psize); > > + data +=3D psize; > > + size -=3D psize; > > + } > > + } >=20 > av_image_copy(). Or av_image_copy_plane() in a loop if you prefer. these dont seem to have a input size so ill leave it for now thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Rewriting code that is poorly written but fully understood is good. Rewriting code that one doesnt understand is a sign that one is less smart than the original author, trying to rewrite it will not make it better. --+xpyAJMPEG2r+hCF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZdFXVgAKCRBhHseHBAsP q8VPAJ4xw+i0jTLdZrsq9Yl7sk/EaOzctQCdFOc/peE1tCoQWsN6Rwd4VTFoTM0= =4XDs -----END PGP SIGNATURE----- --+xpyAJMPEG2r+hCF-- --===============2063484813798407613== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============2063484813798407613==--