Coverage Report

Created: 2025-08-28 06:10

/src/gstreamer/ci/fuzzing/gst-discoverer.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2016 Google Inc.
3
 * author: Edward Hervey <bilboed@bilboed.com>
4
 * 
5
 * Licensed under the Apache License, Version 2.0 (the "License");
6
 * you may not use this file except in compliance with the License.
7
 * You may obtain a copy of the License at
8
 *
9
 *      http://www.apache.org/licenses/LICENSE-2.0
10
 *
11
 * Unless required by applicable law or agreed to in writing, software
12
 * distributed under the License is distributed on an "AS IS" BASIS,
13
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
 * See the License for the specific language governing permissions and
15
 * limitations under the License.
16
 *
17
 */
18
19
#ifdef HAVE_CONFIG_H
20
#include "config.h"
21
#endif
22
23
#include <locale.h>
24
25
#include <stdlib.h>
26
#include <glib.h>
27
#include <gst/gst.h>
28
#include <gst/pbutils/pbutils.h>
29
30
/* push-based discoverer fuzzing target
31
 *
32
 * This application can be compiled with libFuzzer to simulate
33
 * a push-based discoverer execution.
34
 *
35
 * To reproduce the failing behaviour, use:
36
 * $ gst-discoverer-1.0 pushfile:///...
37
 *
38
 * The goal is to cover basic usage of demuxers, parsers and
39
 * base decoder elements.
40
 *
41
 * When compiling, only link the required demuxer/parser/decoder
42
 * plugins and keep it to a limited range (ex: ogg/theora/vorbis)
43
 *
44
 **/
45
46
const guint8 *fuzztesting_data;
47
size_t fuzztesting_size;
48
49
static void
50
appsrc_configuration (GstDiscoverer * dc, GstElement * source, gpointer data)
51
4.45k
{
52
4.45k
  GstBuffer *buf;
53
4.45k
  GstFlowReturn ret;
54
55
  /* Create buffer from fuzztesting_data which shouldn't be freed */
56
4.45k
  buf =
57
4.45k
      gst_buffer_new_wrapped_full (0, (gpointer) fuzztesting_data,
58
4.45k
      fuzztesting_size, 0, fuzztesting_size, NULL, NULL);
59
4.45k
  g_object_set (G_OBJECT (source), "size", fuzztesting_size, NULL);
60
4.45k
  g_signal_emit_by_name (G_OBJECT (source), "push-buffer", buf, &ret);
61
4.45k
  gst_buffer_unref (buf);
62
4.45k
}
63
64
static void
65
custom_logger (const gchar * log_domain,
66
    GLogLevelFlags log_level, const gchar * message, gpointer unused_data)
67
2
{
68
2
  if (log_level & G_LOG_LEVEL_CRITICAL) {
69
0
    g_printerr ("CRITICAL ERROR : %s\n", message);
70
0
    abort ();
71
2
  } else if (log_level & G_LOG_LEVEL_WARNING) {
72
1
    g_printerr ("WARNING : %s\n", message);
73
1
  }
74
2
}
75
76
int
77
LLVMFuzzerTestOneInput (const guint8 * data, size_t size)
78
4.45k
{
79
4.45k
  GError *err = NULL;
80
4.45k
  GstDiscoverer *dc;
81
4.45k
  gint timeout = 10;
82
4.45k
  GstDiscovererInfo *info;
83
4.45k
  static gboolean initialized = FALSE;
84
85
4.45k
  if (!initialized) {
86
    /* We want critical warnings to assert so we can fix them */
87
1
    g_log_set_always_fatal (G_LOG_LEVEL_CRITICAL);
88
1
    g_log_set_default_handler (custom_logger, NULL);
89
90
    /* Only initialize and register plugins once */
91
1
    gst_init (NULL, NULL);
92
1
    initialized = TRUE;
93
1
  }
94
95
4.45k
  dc = gst_discoverer_new (timeout * GST_SECOND, &err);
96
4.45k
  if (G_UNLIKELY (dc == NULL)) {
97
0
    g_print ("Error initializing: %s\n", err->message);
98
0
    g_clear_error (&err);
99
0
    exit (1);
100
0
  }
101
102
4.45k
  fuzztesting_data = data;
103
4.45k
  fuzztesting_size = size;
104
105
  /* Connect to source-setup signal to give the data */
106
4.45k
  g_signal_connect (dc, "source-setup", (GCallback) appsrc_configuration, NULL);
107
108
4.45k
  info = gst_discoverer_discover_uri (dc, "appsrc://", &err);
109
4.45k
  g_clear_error (&err);
110
4.45k
  if (info)
111
4.45k
    gst_discoverer_info_unref (info);
112
113
4.45k
  g_object_unref (dc);
114
115
4.45k
  return 0;
116
4.45k
}