/src/libavc/fuzzer/avc_dec_fuzzer.cpp

Source (jump to first uncovered line)
/******************************************************************************
 *
 * Copyright (C) 2019 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 *****************************************************************************
 * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
 */

#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <algorithm>
#include <memory>

#include "ih264_typedefs.h"
#include "ih264d.h"
#include "iv.h"
#include "ivd.h"

#define NELEMENTS(x) (sizeof(x) / sizeof(x[0]))
#define ivd_api_function ih264d_api_function
const IV_COLOR_FORMAT_T supportedColorFormats[] = {
    IV_YUV_420P,   IV_YUV_420SP_UV, IV_YUV_420SP_VU,
    IV_YUV_422ILE, IV_RGB_565,      IV_RGBA_8888};

/* Decoder ignores invalid arch, i.e. for arm build, if SSSE3 is requested,
 * decoder defaults to a supported configuration. So same set of supported
 * architectures can be used in arm/arm64/x86 builds */
const IVD_ARCH_T supportedArchitectures[] = {
    ARCH_ARM_NONEON,  ARCH_ARM_A9Q,   ARCH_ARM_NEONINTR, ARCH_ARMV8_GENERIC,
    ARCH_X86_GENERIC, ARCH_X86_SSSE3, ARCH_X86_SSE42};

enum {
  OFFSET_COLOR_FORMAT = 6,
  OFFSET_NUM_CORES,
  OFFSET_ARCH,
  /* Should be the last entry */
  OFFSET_MAX,
};

const static int kMaxNumDecodeCalls = 100;
const static int kSupportedColorFormats = NELEMENTS(supportedColorFormats);
const static int kSupportedArchitectures = NELEMENTS(supportedArchitectures);
const static int kMaxCores = 4;
void *iv_aligned_malloc(void *ctxt, WORD32 alignment, WORD32 size) {
  void *buf = NULL;
  (void)ctxt;
  if (0 != posix_memalign(&buf, alignment, size)) {
      return NULL;
  }
  return buf;
}

void iv_aligned_free(void *ctxt, void *buf) {
  (void)ctxt;
  free(buf);
}

class Codec {
 public:
  Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores);
  ~Codec();

  void createCodec();
  void deleteCodec();
  void resetCodec();
  void setCores();
  void allocFrame();
  void freeFrame();
  void decodeHeader(const uint8_t *data, size_t size);
  IV_API_CALL_STATUS_T decodeFrame(const uint8_t *data, size_t size,
                                   size_t *bytesConsumed);
  void setParams(IVD_VIDEO_DECODE_MODE_T mode);
  void setArchitecture(IVD_ARCH_T arch);

 private:
  IV_COLOR_FORMAT_T mColorFormat;
  size_t mNumCores;
  iv_obj_t *mCodec;
  ivd_out_bufdesc_t mOutBufHandle;
  uint32_t mWidth;
  uint32_t mHeight;
};

Codec::Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores) {
  mColorFormat = colorFormat;
  mNumCores = numCores;
  mCodec = nullptr;
  mWidth = 0;
  mHeight = 0;

  memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));
}
Codec::~Codec() {}
void Codec::createCodec() {
  IV_API_CALL_STATUS_T ret;
  ih264d_create_ip_t create_ip{};
  ih264d_create_op_t create_op{};
  void *fxns = (void *)&ivd_api_function;

  create_ip.s_ivd_create_ip_t.e_cmd = IVD_CMD_CREATE;
  create_ip.s_ivd_create_ip_t.u4_share_disp_buf = 0;
  create_ip.s_ivd_create_ip_t.e_output_format = mColorFormat;
  create_ip.s_ivd_create_ip_t.pf_aligned_alloc = iv_aligned_malloc;
  create_ip.s_ivd_create_ip_t.pf_aligned_free = iv_aligned_free;
  create_ip.u4_keep_threads_active = 1;
  create_ip.s_ivd_create_ip_t.pv_mem_ctxt = NULL;
  create_ip.s_ivd_create_ip_t.u4_size = sizeof(ih264d_create_ip_t);
  create_op.s_ivd_create_op_t.u4_size = sizeof(ih264d_create_op_t);

  ret = ivd_api_function(NULL, (void *)&create_ip, (void *)&create_op);
  if (ret != IV_SUCCESS) {
    return;
  }
  mCodec = (iv_obj_t *)create_op.s_ivd_create_op_t.pv_handle;
  mCodec->pv_fxns = fxns;
  mCodec->u4_size = sizeof(iv_obj_t);
}

void Codec::deleteCodec() {
  ivd_delete_ip_t delete_ip{};
  ivd_delete_op_t delete_op{};

  delete_ip.e_cmd = IVD_CMD_DELETE;
  delete_ip.u4_size = sizeof(ivd_delete_ip_t);
  delete_op.u4_size = sizeof(ivd_delete_op_t);

  ivd_api_function(mCodec, (void *)&delete_ip, (void *)&delete_op);
}
void Codec::resetCodec() {
  ivd_ctl_reset_ip_t s_ctl_ip{};
  ivd_ctl_reset_op_t s_ctl_op{};

  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_RESET;
  s_ctl_ip.u4_size = sizeof(ivd_ctl_reset_ip_t);
  s_ctl_op.u4_size = sizeof(ivd_ctl_reset_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}

void Codec::setCores() {
  ih264d_ctl_set_num_cores_ip_t s_ctl_ip{};
  ih264d_ctl_set_num_cores_op_t s_ctl_op{};

  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd =
      (IVD_CONTROL_API_COMMAND_TYPE_T)IH264D_CMD_CTL_SET_NUM_CORES;
  s_ctl_ip.u4_num_cores = mNumCores;
  s_ctl_ip.u4_size = sizeof(ih264d_ctl_set_num_cores_ip_t);
  s_ctl_op.u4_size = sizeof(ih264d_ctl_set_num_cores_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}

void Codec::setParams(IVD_VIDEO_DECODE_MODE_T mode) {
  ivd_ctl_set_config_ip_t s_ctl_ip{};
  ivd_ctl_set_config_op_t s_ctl_op{};

  s_ctl_ip.u4_disp_wd = 0;
  s_ctl_ip.e_frm_skip_mode = IVD_SKIP_NONE;
  s_ctl_ip.e_frm_out_mode = IVD_DISPLAY_FRAME_OUT;
  s_ctl_ip.e_vid_dec_mode = mode;
  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_SETPARAMS;
  s_ctl_ip.u4_size = sizeof(ivd_ctl_set_config_ip_t);
  s_ctl_op.u4_size = sizeof(ivd_ctl_set_config_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}

void Codec::setArchitecture(IVD_ARCH_T arch) {
  ih264d_ctl_set_processor_ip_t s_ctl_ip{};
  ih264d_ctl_set_processor_op_t s_ctl_op{};

  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd =
      (IVD_CONTROL_API_COMMAND_TYPE_T)IH264D_CMD_CTL_SET_PROCESSOR;
  s_ctl_ip.u4_arch = arch;
  s_ctl_ip.u4_soc = SOC_GENERIC;
  s_ctl_ip.u4_size = sizeof(ih264d_ctl_set_processor_ip_t);
  s_ctl_op.u4_size = sizeof(ih264d_ctl_set_processor_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}
void Codec::freeFrame() {
  for (int i = 0; i < mOutBufHandle.u4_num_bufs; i++) {
    if (mOutBufHandle.pu1_bufs[i]) {
      free(mOutBufHandle.pu1_bufs[i]);
      mOutBufHandle.pu1_bufs[i] = nullptr;
    }
  }
}
void Codec::allocFrame() {
  size_t sizes[4] = {0};
  size_t num_bufs = 0;

  freeFrame();

  memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));

  switch (mColorFormat) {
    case IV_YUV_420SP_UV:
      [[fallthrough]];
    case IV_YUV_420SP_VU:
      sizes[0] = mWidth * mHeight;
      sizes[1] = mWidth * mHeight >> 1;
      num_bufs = 2;
      break;
    case IV_YUV_422ILE:
      sizes[0] = mWidth * mHeight * 2;
      num_bufs = 1;
      break;
    case IV_RGB_565:
      sizes[0] = mWidth * mHeight * 2;
      num_bufs = 1;
      break;
    case IV_RGBA_8888:
      sizes[0] = mWidth * mHeight * 4;
      num_bufs = 1;
      break;
    case IV_YUV_420P:
      [[fallthrough]];
    default:
      sizes[0] = mWidth * mHeight;
      sizes[1] = mWidth * mHeight >> 2;
      sizes[2] = mWidth * mHeight >> 2;
      num_bufs = 3;
      break;
  }
  mOutBufHandle.u4_num_bufs = num_bufs;
  for (int i = 0; i < num_bufs; i++) {
    mOutBufHandle.u4_min_out_buf_size[i] = sizes[i];
    mOutBufHandle.pu1_bufs[i] = (UWORD8 *)iv_aligned_malloc(NULL, 16, sizes[i]);
  }
}
void Codec::decodeHeader(const uint8_t *data, size_t size) {
  setParams(IVD_DECODE_HEADER);

  size_t numDecodeCalls = 0;

  while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
    IV_API_CALL_STATUS_T ret;
    ivd_video_decode_ip_t dec_ip{};
    ivd_video_decode_op_t dec_op{};
    size_t bytes_consumed;

    dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
    dec_ip.u4_ts = 0;
    dec_ip.pv_stream_buffer = (void *)data;
    dec_ip.u4_num_Bytes = size;
    dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
    dec_op.u4_size = sizeof(ivd_video_decode_op_t);

    ret = ivd_api_function(mCodec, (void *)&dec_ip, (void *)&dec_op);

    bytes_consumed = dec_op.u4_num_bytes_consumed;
    /* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
     * to feed next data */
    if (!bytes_consumed) bytes_consumed = 4;

    bytes_consumed = std::min(size, bytes_consumed);

    data += bytes_consumed;
    size -= bytes_consumed;
    numDecodeCalls++;

    mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
    mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);

    /* Break after successful header decode */
    if (mWidth && mHeight) {
      break;
    }
  }
  /* if width / height are invalid, set them to defaults */
  if (!mWidth) mWidth = 1920;
  if (!mHeight) mHeight = 1088;
}

IV_API_CALL_STATUS_T Codec::decodeFrame(const uint8_t *data, size_t size,
                                        size_t *bytesConsumed) {
  IV_API_CALL_STATUS_T ret;
  ivd_video_decode_ip_t dec_ip{};
  ivd_video_decode_op_t dec_op{};

  dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
  dec_ip.u4_ts = 0;
  dec_ip.pv_stream_buffer = (void *)data;
  dec_ip.u4_num_Bytes = size;
  dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
  dec_ip.s_out_buffer = mOutBufHandle;

  dec_op.u4_size = sizeof(ivd_video_decode_op_t);

  ret = ivd_api_function(mCodec, (void *)&dec_ip, (void *)&dec_op);

  /* In case of change in resolution, reset codec and feed the same data again
   */
  if (IVD_RES_CHANGED == (dec_op.u4_error_code & 0xFF)) {
    resetCodec();
    ret = ivd_api_function(mCodec, (void *)&dec_ip, (void *)&dec_op);
  }
  *bytesConsumed = dec_op.u4_num_bytes_consumed;

  /* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
   * to feed next data */
  if (!*bytesConsumed) *bytesConsumed = 4;

  if (dec_op.u4_pic_wd && dec_op.u4_pic_ht &&
      (mWidth != dec_op.u4_pic_wd || mHeight != dec_op.u4_pic_ht)) {
    mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
    mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);
    allocFrame();
  }

  return ret;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  if (size < 1) {
    return 0;
  }
  size_t colorFormatOfst = std::min((size_t)OFFSET_COLOR_FORMAT, size - 1);
  size_t numCoresOfst = std::min((size_t)OFFSET_NUM_CORES, size - 1);
  size_t architectureOfst = std::min((size_t)OFFSET_ARCH, size - 1);
  size_t architectureIdx = data[architectureOfst] % kSupportedArchitectures;
  IVD_ARCH_T arch = (IVD_ARCH_T)supportedArchitectures[architectureIdx];
  size_t colorFormatIdx = data[colorFormatOfst] % kSupportedColorFormats;
  IV_COLOR_FORMAT_T colorFormat =
      (IV_COLOR_FORMAT_T)(supportedColorFormats[colorFormatIdx]);
  uint32_t numCores = (data[numCoresOfst] % kMaxCores) + 1;
  size_t numDecodeCalls = 0;
  Codec *codec = new Codec(colorFormat, numCores);
  codec->createCodec();
  codec->setArchitecture(arch);
  codec->setCores();
  codec->decodeHeader(data, size);
  codec->setParams(IVD_DECODE_FRAME);
  codec->allocFrame();

  while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
    IV_API_CALL_STATUS_T ret;
    size_t bytesConsumed;
    ret = codec->decodeFrame(data, size, &bytesConsumed);

    bytesConsumed = std::min(size, bytesConsumed);
    data += bytesConsumed;
    size -= bytesConsumed;
    numDecodeCalls++;
  }

  codec->freeFrame();
  codec->deleteCodec();
  delete codec;
  return 0;
}

Coverage Report

Created: 2025-06-20 06:50

Line	Count	Source (jump to first uncovered line)
1		/******************************************************************************
2		*
3		* Copyright (C) 2019 The Android Open Source Project
4		*
5		* Licensed under the Apache License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at:
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*
17		*****************************************************************************
18		* Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
19		*/
20
21		#include <stddef.h>
22		#include <stdint.h>
23		#include <stdio.h>
24		#include <stdlib.h>
25		#include <string.h>
26
27		#include <algorithm>
28		#include <memory>
29
30		#include "ih264_typedefs.h"
31		#include "ih264d.h"
32		#include "iv.h"
33		#include "ivd.h"
34
35		#define NELEMENTS(x) (sizeof(x) / sizeof(x[0]))
36	994k	#define ivd_api_function ih264d_api_function
37		const IV_COLOR_FORMAT_T supportedColorFormats[] = {
38		IV_YUV_420P, IV_YUV_420SP_UV, IV_YUV_420SP_VU,
39		IV_YUV_422ILE, IV_RGB_565, IV_RGBA_8888};
40
41		/* Decoder ignores invalid arch, i.e. for arm build, if SSSE3 is requested,
42		* decoder defaults to a supported configuration. So same set of supported
43		* architectures can be used in arm/arm64/x86 builds */
44		const IVD_ARCH_T supportedArchitectures[] = {
45		ARCH_ARM_NONEON, ARCH_ARM_A9Q, ARCH_ARM_NEONINTR, ARCH_ARMV8_GENERIC,
46		ARCH_X86_GENERIC, ARCH_X86_SSSE3, ARCH_X86_SSE42};
47
48		enum {
49		OFFSET_COLOR_FORMAT = 6,
50		OFFSET_NUM_CORES,
51		OFFSET_ARCH,
52		/* Should be the last entry */
53		OFFSET_MAX,
54		};
55
56		const static int kMaxNumDecodeCalls = 100;
57		const static int kSupportedColorFormats = NELEMENTS(supportedColorFormats);
58		const static int kSupportedArchitectures = NELEMENTS(supportedArchitectures);
59		const static int kMaxCores = 4;
60	4.60M	void iv_aligned_malloc(void ctxt, WORD32 alignment, WORD32 size) {
61	4.60M	void *buf = NULL;
62	4.60M	(void)ctxt;
63	4.60M	if (0 != posix_memalign(&buf, alignment, size)) {
64	0	return NULL;
65	0	}
66	4.60M	return buf;
67	4.60M	}
68
69	4.60M	void iv_aligned_free(void ctxt, void buf) {
70	4.60M	(void)ctxt;
71	4.60M	free(buf);
72	4.60M	}
73
74		class Codec {
75		public:
76		Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores);
77		~Codec();
78
79		void createCodec();
80		void deleteCodec();
81		void resetCodec();
82		void setCores();
83		void allocFrame();
84		void freeFrame();
85		void decodeHeader(const uint8_t *data, size_t size);
86		IV_API_CALL_STATUS_T decodeFrame(const uint8_t *data, size_t size,
87		size_t *bytesConsumed);
88		void setParams(IVD_VIDEO_DECODE_MODE_T mode);
89		void setArchitecture(IVD_ARCH_T arch);
90
91		private:
92		IV_COLOR_FORMAT_T mColorFormat;
93		size_t mNumCores;
94		iv_obj_t *mCodec;
95		ivd_out_bufdesc_t mOutBufHandle;
96		uint32_t mWidth;
97		uint32_t mHeight;
98		};
99
100	45.8k	Codec::Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores) {
101	45.8k	mColorFormat = colorFormat;
102	45.8k	mNumCores = numCores;
103	45.8k	mCodec = nullptr;
104	45.8k	mWidth = 0;
105	45.8k	mHeight = 0;
106
107	45.8k	memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));
108	45.8k	}
109	55.1k	Codec::~Codec() {}
110	27.8k	void Codec::createCodec() {
111	27.8k	IV_API_CALL_STATUS_T ret;
112	27.8k	ih264d_create_ip_t create_ip{};
113	27.8k	ih264d_create_op_t create_op{};
114	27.8k	void fxns = (void )&ivd_api_function;
115
116	27.8k	create_ip.s_ivd_create_ip_t.e_cmd = IVD_CMD_CREATE;
117	27.8k	create_ip.s_ivd_create_ip_t.u4_share_disp_buf = 0;
118	27.8k	create_ip.s_ivd_create_ip_t.e_output_format = mColorFormat;
119	27.8k	create_ip.s_ivd_create_ip_t.pf_aligned_alloc = iv_aligned_malloc;
120	27.8k	create_ip.s_ivd_create_ip_t.pf_aligned_free = iv_aligned_free;
121	27.8k	create_ip.u4_keep_threads_active = 1;
122	27.8k	create_ip.s_ivd_create_ip_t.pv_mem_ctxt = NULL;
123	27.8k	create_ip.s_ivd_create_ip_t.u4_size = sizeof(ih264d_create_ip_t);
124	27.8k	create_op.s_ivd_create_op_t.u4_size = sizeof(ih264d_create_op_t);
125
126	27.8k	ret = ivd_api_function(NULL, (void )&create_ip, (void )&create_op);
127	27.8k	if (ret != IV_SUCCESS) {
128	15	return;
129	15	}
130	27.7k	mCodec = (iv_obj_t *)create_op.s_ivd_create_op_t.pv_handle;
131	27.7k	mCodec->pv_fxns = fxns;
132	27.7k	mCodec->u4_size = sizeof(iv_obj_t);
133	27.7k	}
134
135	27.8k	void Codec::deleteCodec() {
136	27.8k	ivd_delete_ip_t delete_ip{};
137	27.8k	ivd_delete_op_t delete_op{};
138
139	27.8k	delete_ip.e_cmd = IVD_CMD_DELETE;
140	27.8k	delete_ip.u4_size = sizeof(ivd_delete_ip_t);
141	27.8k	delete_op.u4_size = sizeof(ivd_delete_op_t);
142
143	27.8k	ivd_api_function(mCodec, (void )&delete_ip, (void )&delete_op);
144	27.8k	}
145	5.67k	void Codec::resetCodec() {
146	5.67k	ivd_ctl_reset_ip_t s_ctl_ip{};
147	5.67k	ivd_ctl_reset_op_t s_ctl_op{};
148
149	5.67k	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
150	5.67k	s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_RESET;
151	5.67k	s_ctl_ip.u4_size = sizeof(ivd_ctl_reset_ip_t);
152	5.67k	s_ctl_op.u4_size = sizeof(ivd_ctl_reset_op_t);
153
154	5.67k	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
155	5.67k	}
156
157	45.8k	void Codec::setCores() {
158	45.8k	ih264d_ctl_set_num_cores_ip_t s_ctl_ip{};
159	45.8k	ih264d_ctl_set_num_cores_op_t s_ctl_op{};
160
161	45.8k	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
162	45.8k	s_ctl_ip.e_sub_cmd =
163	45.8k	(IVD_CONTROL_API_COMMAND_TYPE_T)IH264D_CMD_CTL_SET_NUM_CORES;
164	45.8k	s_ctl_ip.u4_num_cores = mNumCores;
165	45.8k	s_ctl_ip.u4_size = sizeof(ih264d_ctl_set_num_cores_ip_t);
166	45.8k	s_ctl_op.u4_size = sizeof(ih264d_ctl_set_num_cores_op_t);
167
168	45.8k	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
169	45.8k	}
170
171	55.6k	void Codec::setParams(IVD_VIDEO_DECODE_MODE_T mode) {
172	55.6k	ivd_ctl_set_config_ip_t s_ctl_ip{};
173	55.6k	ivd_ctl_set_config_op_t s_ctl_op{};
174
175	55.6k	s_ctl_ip.u4_disp_wd = 0;
176	55.6k	s_ctl_ip.e_frm_skip_mode = IVD_SKIP_NONE;
177	55.6k	s_ctl_ip.e_frm_out_mode = IVD_DISPLAY_FRAME_OUT;
178	55.6k	s_ctl_ip.e_vid_dec_mode = mode;
179	55.6k	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
180	55.6k	s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_SETPARAMS;
181	55.6k	s_ctl_ip.u4_size = sizeof(ivd_ctl_set_config_ip_t);
182	55.6k	s_ctl_op.u4_size = sizeof(ivd_ctl_set_config_op_t);
183
184	55.6k	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
185	55.6k	}
186
187	45.8k	void Codec::setArchitecture(IVD_ARCH_T arch) {
188	45.8k	ih264d_ctl_set_processor_ip_t s_ctl_ip{};
189	45.8k	ih264d_ctl_set_processor_op_t s_ctl_op{};
190
191	45.8k	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
192	45.8k	s_ctl_ip.e_sub_cmd =
193	45.8k	(IVD_CONTROL_API_COMMAND_TYPE_T)IH264D_CMD_CTL_SET_PROCESSOR;
194	45.8k	s_ctl_ip.u4_arch = arch;
195	45.8k	s_ctl_ip.u4_soc = SOC_GENERIC;
196	45.8k	s_ctl_ip.u4_size = sizeof(ih264d_ctl_set_processor_ip_t);
197	45.8k	s_ctl_op.u4_size = sizeof(ih264d_ctl_set_processor_op_t);
198
199	45.8k	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
200	45.8k	}
201	93.6k	void Codec::freeFrame() {
202	262k	for (int i = 0; i < mOutBufHandle.u4_num_bufs; i++) {
203	168k	if (mOutBufHandle.pu1_bufs[i]) {
204	168k	free(mOutBufHandle.pu1_bufs[i]);
205	168k	mOutBufHandle.pu1_bufs[i] = nullptr;
206	168k	}
207	168k	}
208	93.6k	}
209	50.3k	void Codec::allocFrame() {
210	50.3k	size_t sizes[4] = {0};
211	50.3k	size_t num_bufs = 0;
212
213	50.3k	freeFrame();
214
215	50.3k	memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));
216
217	50.3k	switch (mColorFormat) {
218	15.5k	case IV_YUV_420SP_UV:
219	15.5k	[[fallthrough]];
220	29.2k	case IV_YUV_420SP_VU:
221	29.2k	sizes[0] = mWidth * mHeight;
222	29.2k	sizes[1] = mWidth * mHeight >> 1;
223	29.2k	num_bufs = 2;
224	29.2k	break;
225	73	case IV_YUV_422ILE:
226	73	sizes[0] = mWidth * mHeight * 2;
227	73	num_bufs = 1;
228	73	break;
229	54	case IV_RGB_565:
230	54	sizes[0] = mWidth * mHeight * 2;
231	54	num_bufs = 1;
232	54	break;
233	6	case IV_RGBA_8888:
234	6	sizes[0] = mWidth * mHeight * 4;
235	6	num_bufs = 1;
236	6	break;
237	20.9k	case IV_YUV_420P:
238	20.9k	[[fallthrough]];
239	20.9k	default:
240	20.9k	sizes[0] = mWidth * mHeight;
241	20.9k	sizes[1] = mWidth * mHeight >> 2;
242	20.9k	sizes[2] = mWidth * mHeight >> 2;
243	20.9k	num_bufs = 3;
244	20.9k	break;
245	50.3k	}
246	50.3k	mOutBufHandle.u4_num_bufs = num_bufs;
247	171k	for (int i = 0; i < num_bufs; i++) {
248	121k	mOutBufHandle.u4_min_out_buf_size[i] = sizes[i];
249	121k	mOutBufHandle.pu1_bufs[i] = (UWORD8 *)iv_aligned_malloc(NULL, 16, sizes[i]);
250	121k	}
251	50.3k	}
252	27.8k	void Codec::decodeHeader(const uint8_t *data, size_t size) {
253	27.8k	setParams(IVD_DECODE_HEADER);
254
255	27.8k	size_t numDecodeCalls = 0;
256
257	546k	while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
258	519k	IV_API_CALL_STATUS_T ret;
259	519k	ivd_video_decode_ip_t dec_ip{};
260	519k	ivd_video_decode_op_t dec_op{};
261	519k	size_t bytes_consumed;
262
263	519k	dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
264	519k	dec_ip.u4_ts = 0;
265	519k	dec_ip.pv_stream_buffer = (void *)data;
266	519k	dec_ip.u4_num_Bytes = size;
267	519k	dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
268	519k	dec_op.u4_size = sizeof(ivd_video_decode_op_t);
269
270	519k	ret = ivd_api_function(mCodec, (void )&dec_ip, (void )&dec_op);
271
272	519k	bytes_consumed = dec_op.u4_num_bytes_consumed;
273		/* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
274		* to feed next data */
275	519k	if (!bytes_consumed) bytes_consumed = 4;
276
277	519k	bytes_consumed = std::min(size, bytes_consumed);
278
279	519k	data += bytes_consumed;
280	519k	size -= bytes_consumed;
281	519k	numDecodeCalls++;
282
283	519k	mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
284	519k	mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);
285
286		/* Break after successful header decode */
287	519k	if (mWidth && mHeight) {
288	234	break;
289	234	}
290	519k	}
291		/* if width / height are invalid, set them to defaults */
292	27.8k	if (!mWidth) mWidth = 1920;
293	27.8k	if (!mHeight) mHeight = 1088;
294	27.8k	}
295
296		IV_API_CALL_STATUS_T Codec::decodeFrame(const uint8_t *data, size_t size,
297	233k	size_t *bytesConsumed) {
298	233k	IV_API_CALL_STATUS_T ret;
299	233k	ivd_video_decode_ip_t dec_ip{};
300	233k	ivd_video_decode_op_t dec_op{};
301
302	233k	dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
303	233k	dec_ip.u4_ts = 0;
304	233k	dec_ip.pv_stream_buffer = (void *)data;
305	233k	dec_ip.u4_num_Bytes = size;
306	233k	dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
307	233k	dec_ip.s_out_buffer = mOutBufHandle;
308
309	233k	dec_op.u4_size = sizeof(ivd_video_decode_op_t);
310
311	233k	ret = ivd_api_function(mCodec, (void )&dec_ip, (void )&dec_op);
312
313		/* In case of change in resolution, reset codec and feed the same data again
314		*/
315	233k	if (IVD_RES_CHANGED == (dec_op.u4_error_code & 0xFF)) {
316	5.67k	resetCodec();
317	5.67k	ret = ivd_api_function(mCodec, (void )&dec_ip, (void )&dec_op);
318	5.67k	}
319	233k	*bytesConsumed = dec_op.u4_num_bytes_consumed;
320
321		/* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
322		* to feed next data */
323	233k	if (!bytesConsumed) bytesConsumed = 4;
324
325	233k	if (dec_op.u4_pic_wd && dec_op.u4_pic_ht &&
326	233k	(mWidth != dec_op.u4_pic_wd \|\| mHeight != dec_op.u4_pic_ht)) {
327	22.5k	mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
328	22.5k	mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);
329	22.5k	allocFrame();
330	22.5k	}
331
332	233k	return ret;
333	233k	}
334
335	27.8k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
336	27.8k	if (size < 1) {
337	0	return 0;
338	0	}
339	27.8k	size_t colorFormatOfst = std::min((size_t)OFFSET_COLOR_FORMAT, size - 1);
340	27.8k	size_t numCoresOfst = std::min((size_t)OFFSET_NUM_CORES, size - 1);
341	27.8k	size_t architectureOfst = std::min((size_t)OFFSET_ARCH, size - 1);
342	27.8k	size_t architectureIdx = data[architectureOfst] % kSupportedArchitectures;
343	27.8k	IVD_ARCH_T arch = (IVD_ARCH_T)supportedArchitectures[architectureIdx];
344	27.8k	size_t colorFormatIdx = data[colorFormatOfst] % kSupportedColorFormats;
345	27.8k	IV_COLOR_FORMAT_T colorFormat =
346	27.8k	(IV_COLOR_FORMAT_T)(supportedColorFormats[colorFormatIdx]);
347	27.8k	uint32_t numCores = (data[numCoresOfst] % kMaxCores) + 1;
348	27.8k	size_t numDecodeCalls = 0;
349	27.8k	Codec *codec = new Codec(colorFormat, numCores);
350	27.8k	codec->createCodec();
351	27.8k	codec->setArchitecture(arch);
352	27.8k	codec->setCores();
353	27.8k	codec->decodeHeader(data, size);
354	27.8k	codec->setParams(IVD_DECODE_FRAME);
355	27.8k	codec->allocFrame();
356
357	260k	while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
358	233k	IV_API_CALL_STATUS_T ret;
359	233k	size_t bytesConsumed;
360	233k	ret = codec->decodeFrame(data, size, &bytesConsumed);
361
362	233k	bytesConsumed = std::min(size, bytesConsumed);
363	233k	data += bytesConsumed;
364	233k	size -= bytesConsumed;
365	233k	numDecodeCalls++;
366	233k	}
367
368	27.8k	codec->freeFrame();
369	27.8k	codec->deleteCodec();
370	27.8k	delete codec;
371	27.8k	return 0;
372	27.8k	}