1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <cstddef>
16 #include <cstdint>
17 #include "native_avcodec_videodecoder.h"
18 #include "native_averrors.h"
19 #include "native_avcodec_base.h"
20 #include "videodec_api11_sample.h"
21 using namespace std;
22 using namespace OHOS;
23 using namespace OHOS::Media;
24 #define FUZZ_PROJECT_NAME "hwdecoderapi11_fuzzer"
25
26 static VDecApi11FuzzSample *g_vDecSample = nullptr;
27 constexpr uint32_t DEFAULT_WIDTH = 1920;
28 constexpr uint32_t DEFAULT_HEIGHT = 1080;
29 constexpr double DEFAULT_FRAME_RATE = 30.0;
30 constexpr uint32_t SPS_SIZE = 0x19;
31 constexpr uint32_t PPS_SIZE = 0x05;
32 constexpr uint32_t START_CODE_SIZE = 4;
33 constexpr uint8_t SPS[SPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x67, 0x64, 0x00, 0x28, 0xAC,
34 0xB4, 0x03, 0xC0, 0x11, 0x3F, 0x2E, 0x02, 0x20, 0x00,
35 0x00, 0x03, 0x00, 0x20, 0x00, 0x00, 0x07, 0x81, 0xE3,
36 0x06, 0x54};
37 constexpr uint8_t PPS[PPS_SIZE + START_CODE_SIZE] = {0x00, 0x00, 0x00, 0x01, 0x68, 0xEF, 0x0F, 0x2C, 0x8B};
38 bool g_isSurfMode = true;
39
40 namespace OHOS {
41
RunNormalDecoder()42 void RunNormalDecoder()
43 {
44 VDecApi11FuzzSample *vDecSample = new VDecApi11FuzzSample();
45 vDecSample->defaultWidth = DEFAULT_WIDTH;
46 vDecSample->defaultHeight = DEFAULT_HEIGHT;
47 vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
48 vDecSample->CreateVideoDecoder();
49 vDecSample->ConfigureVideoDecoder();
50 vDecSample->SetVideoDecoderCallback();
51 vDecSample->StartVideoDecoder();
52 vDecSample->WaitForEOS();
53 delete vDecSample;
54
55 vDecSample = new VDecApi11FuzzSample();
56 vDecSample->isSurfMode = true;
57 vDecSample->defaultWidth = DEFAULT_WIDTH;
58 vDecSample->defaultHeight = DEFAULT_HEIGHT;
59 vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
60 vDecSample->CreateVideoDecoder();
61 vDecSample->ConfigureVideoDecoder();
62 vDecSample->SetVideoDecoderCallback();
63 vDecSample->StartVideoDecoder();
64 vDecSample->WaitForEOS();
65 delete vDecSample;
66 }
67
68 bool g_needRunNormalDecoder = true;
HwdecoderApi11FuzzTest(const uint8_t * data,size_t size)69 bool HwdecoderApi11FuzzTest(const uint8_t *data, size_t size)
70 {
71 if (size < sizeof(int32_t)) {
72 return false;
73 }
74
75 if (g_needRunNormalDecoder) {
76 g_needRunNormalDecoder = false;
77 RunNormalDecoder();
78 }
79 int32_t data_ = *reinterpret_cast<const int32_t *>(data);
80 if (!g_vDecSample) {
81 g_vDecSample = new VDecApi11FuzzSample();
82 g_vDecSample->defaultWidth = DEFAULT_WIDTH;
83 g_vDecSample->defaultHeight = DEFAULT_HEIGHT;
84 g_vDecSample->defaultFrameRate = DEFAULT_FRAME_RATE;
85 g_vDecSample->CreateVideoDecoder();
86 g_vDecSample->ConfigureVideoDecoder();
87 g_vDecSample->SetVideoDecoderCallback();
88 g_vDecSample->Start();
89 g_vDecSample->InputFuncFUZZ(SPS, SPS_SIZE + START_CODE_SIZE);
90 g_vDecSample->InputFuncFUZZ(PPS, PPS_SIZE + START_CODE_SIZE);
91 }
92 OH_AVErrCode ret = g_vDecSample->InputFuncFUZZ(data, size);
93 g_vDecSample->SetParameter(data_);
94 if (ret == AV_ERR_NO_MEMORY) {
95 g_vDecSample->Flush();
96 g_vDecSample->Stop();
97 g_vDecSample->Reset();
98 delete g_vDecSample;
99 g_vDecSample = nullptr;
100 return false;
101 }
102 return true;
103 }
104 } // namespace OHOS
105
106 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)107 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
108 {
109 /* Run your code on data */
110 OHOS::HwdecoderApi11FuzzTest(data, size);
111 return 0;
112 }
113