From 3f176ef2e65e63a46e29c4d1fc3306b8d8550c8b Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Mon, 21 Apr 2025 20:01:50 +0200
Subject: [PATCH 5/5] tools/target_dec_fuzzer: Assert on AVERROR_BUG
This will bring these bugs to our attention.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
tools/target_dec_fuzzer.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 2a8f39cb34..d99bfb91d6 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -87,6 +87,7 @@ static int subtitle_handler(AVCodecContext *avctx, AVFrame *unused,
{
AVSubtitle sub;
int ret = avcodec_decode_subtitle2(avctx, &sub, got_sub_ptr, avpkt);
+ av_assert0(ret != AVERROR_BUG);
if (ret >= 0 && *got_sub_ptr)
avsubtitle_free(&sub);
return ret;
@@ -96,6 +97,7 @@ static int audio_video_handler(AVCodecContext *avctx, AVFrame *frame,
int *got_frame, const AVPacket *dummy)
{
int ret = avcodec_receive_frame(avctx, frame);
+ av_assert0(ret != AVERROR_BUG);
*got_frame = ret >= 0;
return ret;
}
@@ -469,6 +471,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
int res = avcodec_open2(ctx, &c->p, &opts);
if (res < 0) {
+ av_assert0(res != AVERROR_BUG);
avcodec_free_context(&ctx);
av_free(parser_avctx);
av_parser_close(parser);
@@ -542,6 +545,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) {
int ret = avcodec_send_packet(ctx, avpkt);
+ av_assert0(ret != AVERROR_BUG);
decode_more = ret >= 0;
if(!decode_more) {
ec_pixels += (ctx->width + 32LL) * (ctx->height + 32LL);
@@ -595,8 +599,10 @@ maximums_reached:
av_packet_unref(avpkt);
- if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE)
- avcodec_send_packet(ctx, NULL);
+ if (ctx->codec_type != AVMEDIA_TYPE_SUBTITLE) {
+ int ret = avcodec_send_packet(ctx, NULL);
+ av_assert0(ret != AVERROR_BUG);
+ }
do {
got_frame = 0;
--
2.45.2