From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH v2] add tools/target_swr_fuzzer
Date: Wed, 7 Aug 2024 22:34:35 +0200
Message-ID: <20240807203435.GV4991@pb2> (raw)
In-Reply-To: <ff3bfd1f-af6c-4814-8a2b-405780aa1b53@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 8387 bytes --]
On Wed, Aug 07, 2024 at 04:02:23PM -0300, James Almer wrote:
> On 8/7/2024 2:13 PM, Michael Niedermayer wrote:
> > On Wed, Aug 07, 2024 at 01:05:40PM -0300, James Almer wrote:
> > >
> > >
> > > On 8/7/2024 12:51 PM, Michael Niedermayer wrote:
> > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > > ---
> > > > Makefile | 2 +
> > > > tools/Makefile | 3 +
> > > > tools/target_swr_fuzzer.c | 150 ++++++++++++++++++++++++++++++++++++++
> > > > 3 files changed, 155 insertions(+)
> > > > create mode 100644 tools/target_swr_fuzzer.c
> > > >
> > > > diff --git a/Makefile b/Makefile
> > > > index 4c3af09fec4..b350d7748f5 100644
> > > > --- a/Makefile
> > > > +++ b/Makefile
> > > > @@ -70,6 +70,8 @@ tools/target_io_dem_fuzzer$(EXESUF): tools/target_io_dem_fuzzer.o $(FF_DEP_LIBS)
> > > > tools/target_sws_fuzzer$(EXESUF): tools/target_sws_fuzzer.o $(FF_DEP_LIBS)
> > > > $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH)
> > > > +tools/target_swr_fuzzer$(EXESUF): tools/target_swr_fuzzer.o $(FF_DEP_LIBS)
> > > > + $(LD) $(LDFLAGS) $(LDEXEFLAGS) $(LD_O) $^ $(ELIBS) $(FF_EXTRALIBS) $(LIBFUZZER_PATH)
> > > > tools/enum_options$(EXESUF): ELIBS = $(FF_EXTRALIBS)
> > > > tools/enum_options$(EXESUF): $(FF_DEP_LIBS)
> > > > diff --git a/tools/Makefile b/tools/Makefile
> > > > index 2a11fa0ae62..7ae6e3cb75d 100644
> > > > --- a/tools/Makefile
> > > > +++ b/tools/Makefile
> > > > @@ -23,6 +23,9 @@ tools/target_io_dem_fuzzer.o: tools/target_dem_fuzzer.c
> > > > tools/target_sws_fuzzer.o: tools/target_sws_fuzzer.c
> > > > $(COMPILE_C)
> > > > +tools/target_swr_fuzzer.o: tools/target_swr_fuzzer.c
> > > > + $(COMPILE_C)
> > > > +
> > > > tools/enc_recon_frame_test$(EXESUF): tools/decode_simple.o
> > > > tools/venc_data_dump$(EXESUF): tools/decode_simple.o
> > > > tools/scale_slice_test$(EXESUF): tools/decode_simple.o
> > > > diff --git a/tools/target_swr_fuzzer.c b/tools/target_swr_fuzzer.c
> > > > new file mode 100644
> > > > index 00000000000..b8af0bad78c
> > > > --- /dev/null
> > > > +++ b/tools/target_swr_fuzzer.c
> > > > @@ -0,0 +1,150 @@
> > > > +/*
> > > > + * Copyright (c) 2024 Michael Niedermayer <michael-ffmpeg@niedermayer.cc>
> > > > + *
> > > > + * This file is part of FFmpeg.
> > > > + *
> > > > + * FFmpeg is free software; you can redistribute it and/or
> > > > + * modify it under the terms of the GNU Lesser General Public
> > > > + * License as published by the Free Software Foundation; either
> > > > + * version 2.1 of the License, or (at your option) any later version.
> > > > + *
> > > > + * FFmpeg is distributed in the hope that it will be useful,
> > > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > > + * Lesser General Public License for more details.
> > > > + *
> > > > + * You should have received a copy of the GNU Lesser General Public
> > > > + * License along with FFmpeg; if not, write to the Free Software
> > > > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> > > > + */
> > > > +
> > > > +#include "config.h"
> > > > +#include "libavutil/avassert.h"
> > > > +#include "libavutil/avstring.h"
> > > > +#include "libavutil/cpu.h"
> > > > +#include "libavutil/imgutils.h"
> > > > +#include "libavutil/intreadwrite.h"
> > > > +#include "libavutil/mem.h"
> > > > +#include "libavutil/opt.h"
> > > > +
> > > > +#include "libavcodec/bytestream.h"
> > > > +
> > > > +#include "libswresample/swresample.h"
> > > > +
> > > > +#define SWR_CH_MAX 32
> > > > +
> > > > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
> > > > +
> > > > +static const enum AVSampleFormat formats[] = {
> > > > + AV_SAMPLE_FMT_U8,
> > > > + AV_SAMPLE_FMT_U8P,
> > > > + AV_SAMPLE_FMT_S16,
> > > > + AV_SAMPLE_FMT_S16P,
> > > > + AV_SAMPLE_FMT_S32,
> > > > + AV_SAMPLE_FMT_S32P,
> > > > + AV_SAMPLE_FMT_FLT,
> > > > + AV_SAMPLE_FMT_FLTP,
> > > > + AV_SAMPLE_FMT_DBL,
> > > > + AV_SAMPLE_FMT_DBLP,
> > > > +};
> > > > +
> > > > +static const AVChannelLayout layouts[]={
> > > > + AV_CHANNEL_LAYOUT_MONO ,
> > > > + AV_CHANNEL_LAYOUT_STEREO ,
> > > > + AV_CHANNEL_LAYOUT_2_1 ,
> > > > + AV_CHANNEL_LAYOUT_SURROUND ,
> > > > + AV_CHANNEL_LAYOUT_4POINT0 ,
> > > > + AV_CHANNEL_LAYOUT_2_2 ,
> > > > + AV_CHANNEL_LAYOUT_QUAD ,
> > > > + AV_CHANNEL_LAYOUT_5POINT0 ,
> > > > + AV_CHANNEL_LAYOUT_5POINT1 ,
> > > > + AV_CHANNEL_LAYOUT_5POINT0_BACK ,
> > > > + AV_CHANNEL_LAYOUT_5POINT1_BACK ,
> > > > + AV_CHANNEL_LAYOUT_7POINT0 ,
> > > > + AV_CHANNEL_LAYOUT_7POINT1 ,
> > > > + AV_CHANNEL_LAYOUT_7POINT1_WIDE ,
> > > > + AV_CHANNEL_LAYOUT_22POINT2 ,
> > > > + AV_CHANNEL_LAYOUT_5POINT1POINT2_BACK ,
> > >
> > > Maybe also AV_CHANNEL_LAYOUT_22POINT2 to ensure the fallback to 7.1(wide)+BC
> > > in rematrix.c works as intended.
> >
> > added with my time-machiene, can you confirm its in the mail i sent before
> > your reply ?
>
> I'm blind, disregard this.
>
> >
> >
> > >
> > > > +};
> > > > +
> > > > +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
> > > > + const uint8_t *end = data + size;
> > > > + struct SwrContext * swr= NULL;
> > > > + AVChannelLayout in_ch_layout = { 0 }, out_ch_layout = { 0 };
> > > > + enum AVSampleFormat in_sample_fmt = AV_SAMPLE_FMT_S16P;
> > > > + enum AVSampleFormat out_sample_fmt = AV_SAMPLE_FMT_S16P;
> > > > + int in_sample_rate = 44100;
> > > > + int out_sample_rate = 44100;
> > > > + int in_ch_count, out_ch_count;
> > > > + char in_layout_string[256];
> > > > + char out_layout_string[256];
> > > > + uint8_t * ain[SWR_CH_MAX];
> > > > + uint8_t *aout[SWR_CH_MAX];
> > > > + uint8_t *out_data;
> > > > + int in_sample_nb;
> > > > + int out_sample_nb = size;
> > > > + int count;
> > > > +
> > > > + if (size > 128) {
> > > > + GetByteContext gbc;
> > > > + int64_t flags64;
> > > > +
> > > > + size -= 128;
> > > > + bytestream2_init(&gbc, data + size, 128);
> > > > + in_sample_rate = bytestream2_get_le16(&gbc) + 1;
> > > > + out_sample_rate = bytestream2_get_le16(&gbc) + 1;
> > > > + in_sample_fmt = formats[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(formats)];
> > > > + out_sample_fmt = formats[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(formats)];
> > > > + av_channel_layout_copy(& in_ch_layout, &layouts[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(layouts)]);
> > > > + av_channel_layout_copy(&out_ch_layout, &layouts[bytestream2_get_byte(&gbc) % FF_ARRAY_ELEMS(layouts)]);
> > >
> > > Since you're only using native layouts, you could make the layouts array be
> > > of uint64_t masks (AV_CH_LAYOUT_*) and use av_channel_layout_from_mask()
> > > here.
> >
> > I still refuse to do this because the fuzzer should have maximal coverage
> > and limiting things to subsets goes against that idea even if the current
> > code is limited to a subset
> >
> > Maybe iam missing something of course, but it simply doesnt seem the right
> > direction
>
> You're not really testing any fuzzed input whatsoever here because you're
> passing strictly supported values to av_channel_layout_copy().
The thing is, we could pass layouts that are not represented by a 64bit mask
> The difference in using av_channel_layout_from_mask() is that it should be
> slightly faster (No uninit() call and no copy of the entire struct, setting
> only the three fields that matter).
>
> But it's mostly a nit too, so it's fine as is if you prefer it.
yes i prefer this unless theres a reason why we could never ever extend
this beyond layouts represented by 64bit masks
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Those who are too smart to engage in politics are punished by being
governed by those who are dumber. -- Plato
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
prev parent reply other threads:[~2024-08-07 20:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-07 15:51 Michael Niedermayer
2024-08-07 16:05 ` James Almer
2024-08-07 17:13 ` Michael Niedermayer
2024-08-07 19:02 ` James Almer
2024-08-07 20:34 ` Michael Niedermayer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240807203435.GV4991@pb2 \
--to=michael@niedermayer.cc \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git