Updates in av1_dec_fuzzer from upstream

This commit includes the following updates from upstream project 139efd2c8 av1_dec_fuzzer: get thread count from 1st byte of frame header adfc4b7f8 av1_dec_fuzzer: Remove fmemopen dependency 338f1e68 av1_dec_fuzzer: Remove dependency on ivfdec.o and tools_common.o 690a08a3 av1_dec_fuzzer: Updated fsanitize flags in build script c2632bb3 av1_dec_fuzzer: Fix missing field initializer for 'cfg' Bug: 135058814 Test: Builds Change-Id: I67fa8edd33dd35656b43b8854755d6496a6f9a2f

Updates in av1_dec_fuzzer from upstream
This commit includes the following updates from upstream project 139efd2c8 av1_dec_fuzzer: get thread count from 1st byte of frame header adfc4b7f8 av1_dec_fuzzer: Remove fmemopen dependency 338f1e68 av1_dec_fuzzer: Remove dependency on ivfdec.o and tools_common.o 690a08a3 av1_dec_fuzzer: Updated fsanitize flags in build script c2632bb3 av1_dec_fuzzer: Fix missing field initializer for 'cfg' Bug: 135058814 Test: Builds Change-Id: I67fa8edd33dd35656b43b8854755d6496a6f9a2f
d571611a · Harish Mahendrakar · 3ead39e1 · d571611a · d571611a · d571611a
Commit d571611a authored 5 years ago by Harish Mahendrakar
--- a/README.version
+++ b/README.version
@@ -4,3 +4,9 @@ Local Modifications:
  Rename files to avoid object collisions:
    aom_dsp/x86/highbd_intrapred_sse2.asm
    aom_dsp/x86/intrapred_sse2.asm
+Updates to libaom/examples/av1_dec_fuzzer.cc to include the following commits from upstream
+139efd2c8 av1_dec_fuzzer: get thread count from 1st byte of frame header
+adfc4b7f8 av1_dec_fuzzer: Remove fmemopen dependency
+338f1e688 av1_dec_fuzzer: Remove dependency on ivfdec.o and tools_common.o
+690a08a34 av1_dec_fuzzer: Updated fsanitize flags in build script
+c2632bb3f av1_dec_fuzzer: Fix missing field initializer for 'cfg'
--- a/libaom/examples/av1_dec_fuzzer.cc
+++ b/libaom/examples/av1_dec_fuzzer.cc
@@ -17,56 +17,51 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <algorithm>
 #include <memory>
-
 #include "config/aom_config.h"
 #include "aom/aom_decoder.h"
 #include "aom/aomdx.h"
 #include "aom_ports/mem_ops.h"
-#include "common/ivfdec.h"

-static void close_file(FILE *file) { fclose(file); }
+#define IVF_FRAME_HDR_SZ (4 + 8) /* 4 byte size + 8 byte timestamp */
+#define IVF_FILE_HDR_SZ 32

 extern "C" void usage_exit(void) { exit(EXIT_FAILURE); }

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  std::unique_ptr<FILE, decltype(&close_file)> file(
-      fmemopen((void *)data, size, "rb"), &close_file);
-  if (file == nullptr) {
-    return 0;
-  }
-
-  char header[32];
-  if (fread(header, 1, 32, file.get()) != 32) {
-    return 0;
-  }
-  const AvxInterface *decoder = get_aom_decoder_by_name("av1");
-  if (decoder == nullptr) {
+  if (size <= IVF_FILE_HDR_SZ) {
    return 0;
  }

+  const aom_codec_iface_t *codec_interface = aom_codec_av1_dx();
  aom_codec_ctx_t codec;
  // Set thread count in the range [1, 64].
-  const unsigned int threads = (header[0] & 0x3f) + 1;
-  aom_codec_dec_cfg_t cfg = { threads, 0, 0, CONFIG_LOWBITDEPTH };
-  if (aom_codec_dec_init(&codec, decoder->codec_interface(), &cfg, 0)) {
+  const unsigned int threads = (data[IVF_FILE_HDR_SZ] & 0x3f) + 1;
+  aom_codec_dec_cfg_t cfg = { threads, 0, 0, CONFIG_LOWBITDEPTH, { 1 } };
+  if (aom_codec_dec_init(&codec, codec_interface, &cfg, 0)) {
    return 0;
  }

-  uint8_t *buffer = nullptr;
-  size_t buffer_size = 0;
-  size_t frame_size = 0;
-  while (!ivf_read_frame(file.get(), &buffer, &frame_size, &buffer_size,
-                         nullptr)) {
+  data += IVF_FILE_HDR_SZ;
+  size -= IVF_FILE_HDR_SZ;
+
+  while (size > IVF_FRAME_HDR_SZ) {
+    size_t frame_size = mem_get_le32(data);
+    size -= IVF_FRAME_HDR_SZ;
+    data += IVF_FRAME_HDR_SZ;
+    frame_size = std::min(size, frame_size);
+
    const aom_codec_err_t err =
-        aom_codec_decode(&codec, buffer, frame_size, nullptr);
+        aom_codec_decode(&codec, data, frame_size, nullptr);
    static_cast<void>(err);
    aom_codec_iter_t iter = nullptr;
    aom_image_t *img = nullptr;
    while ((img = aom_codec_get_frame(&codec, &iter)) != nullptr) {
    }
+    data += frame_size;
+    size -= frame_size;
  }
  aom_codec_destroy(&codec);
-  free(buffer);
  return 0;
 }
--- a/libaom/examples/build_av1_dec_fuzzer.sh
+++ b/libaom/examples/build_av1_dec_fuzzer.sh
@@ -14,7 +14,7 @@
 # ==========================
 # Requirements
 # ---------------------
-# Clang6.0 or above (must support -fsanitize=fuzzer)
+# Clang6.0 or above (must support -fsanitize=fuzzer -fsanitize=fuzzer-no-link)
 #
 # References:
 # ---------------------
@@ -54,24 +54,16 @@ cmake "${AOM_DIR}" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCONFIG_PIC=1 \
  -DENABLE_EXAMPLES=0 -DENABLE_DOCS=0 -DENABLE_TESTS=0 -DCONFIG_SIZE_LIMIT=1 \
  -DDECODE_HEIGHT_LIMIT=12288 -DDECODE_WIDTH_LIMIT=12288 \
  -DAOM_EXTRA_C_FLAGS="${EXTRA_C_FLAGS}" \
-  -DAOM_EXTRA_CXX_FLAGS="${EXTRA_C_FLAGS}" -DSANITIZE=address
+  -DAOM_EXTRA_CXX_FLAGS="${EXTRA_C_FLAGS}" -DSANITIZE=fuzzer-no-link,address

 # Build the codec.
 make -j$(nproc)

-# Build some libaom utils that are not part of the core lib.
-$CC -std=c99 -c -I${AOM_DIR} -I${BUILD_DIR} \
-  ${AOM_DIR}/common/ivfdec.c -o ${BUILD_DIR}/ivfdec.o
-
-$CC -std=c99 -c -I${AOM_DIR} -I${BUILD_DIR} \
-  ${AOM_DIR}/common/tools_common.c -o ${BUILD_DIR}/tools_common.o
-
 # Build the av1 fuzzer
 $CXX -std=c++11 -DDECODER=av1 -I${AOM_DIR} -I${BUILD_DIR} \
-    -fsanitize=fuzzer -Wl,--start-group \
+    -fsanitize=fuzzer,address -Wl,--start-group \
    ${AOM_DIR}/examples/av1_dec_fuzzer.cc -o ${BUILD_DIR}/av1_dec_fuzzer \
-    ${BUILD_DIR}/libaom.a ${BUILD_DIR}/ivfdec.o ${BUILD_DIR}/tools_common.o \
-    -Wl,--end-group
+    ${BUILD_DIR}/libaom.a -Wl,--end-group

 echo "Fuzzer built at ${BUILD_DIR}/av1_dec_fuzzer."
 echo "Create a corpus directory, copy IVF files in there, and run:"