/src/libhevc/fuzzer/hevc_dec_fuzzer.cpp

Source
/******************************************************************************
 *
 * Copyright (C) 2019 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 *****************************************************************************
 * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
 */

#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <algorithm>
#include <memory>

#include "ihevc_typedefs.h"
#include "ihevcd_cxa.h"
#include "iv.h"
#include "ivd.h"

#define NELEMENTS(x) (sizeof(x) / sizeof(x[0]))
#define ivd_api_function ihevcd_cxa_api_function
const IV_COLOR_FORMAT_T supportedColorFormats[] = {
    IV_YUV_420P,   IV_YUV_420SP_UV, IV_YUV_420SP_VU,
    IV_YUV_422ILE, IV_GRAY, IV_RGB_565,      IV_RGBA_8888};

/* Decoder ignores invalid arch, i.e. for arm build, if SSSE3 is requested,
 * decoder defaults to a supported configuration. So same set of supported
 * architectures can be used in arm/arm64/x86 builds */
const IVD_ARCH_T supportedArchitectures[] = {
    ARCH_ARM_NONEON,  ARCH_ARM_A9Q,   ARCH_ARM_NEONINTR, ARCH_ARMV8_GENERIC,
    ARCH_X86_GENERIC, ARCH_X86_SSSE3, ARCH_X86_SSE42};

enum {
  OFFSET_COLOR_FORMAT = 6,
  OFFSET_NUM_CORES,
  OFFSET_ARCH,
  /* Should be the last entry */
  OFFSET_MAX,
};

const static int kMaxNumDecodeCalls = 100;
const static int kSupportedColorFormats = NELEMENTS(supportedColorFormats);
const static int kSupportedArchitectures = NELEMENTS(supportedArchitectures);
const static int kMaxCores = 4;
void *iv_aligned_malloc(void *ctxt, WORD32 alignment, WORD32 size) {
  void *buf = NULL;
  (void)ctxt;
  if (0 != posix_memalign(&buf, alignment, size)) {
      return NULL;
  }
  return buf;
}

void iv_aligned_free(void *ctxt, void *buf) {
  (void)ctxt;
  free(buf);
}

class Codec {
 public:
  Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores);
  ~Codec();

  void createCodec();
  void deleteCodec();
  void resetCodec();
  void setCores();
  void allocFrame();
  void freeFrame();
  void decodeHeader(const uint8_t *data, size_t size);
  IV_API_CALL_STATUS_T decodeFrame(const uint8_t *data, size_t size,
                                   size_t *bytesConsumed);
  void setParams(IVD_VIDEO_DECODE_MODE_T mode);
  void setArchitecture(IVD_ARCH_T arch);

 private:
  IV_COLOR_FORMAT_T mColorFormat;
  size_t mNumCores;
  iv_obj_t *mCodec;
  ivd_out_bufdesc_t mOutBufHandle;
  uint32_t mWidth;
  uint32_t mHeight;
};

Codec::Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores) {
  mColorFormat = colorFormat;
  mNumCores = numCores;
  mCodec = nullptr;
  mWidth = 0;
  mHeight = 0;

  memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));
}

Codec::~Codec() {}

void Codec::createCodec() {
  IV_API_CALL_STATUS_T ret;
  ihevcd_cxa_create_ip_t create_ip{};
  ihevcd_cxa_create_op_t create_op{};
  void *fxns = (void *)&ivd_api_function;

  create_ip.s_ivd_create_ip_t.e_cmd = IVD_CMD_CREATE;
  create_ip.s_ivd_create_ip_t.u4_share_disp_buf = 0;
  create_ip.s_ivd_create_ip_t.e_output_format = mColorFormat;
  create_ip.u4_keep_threads_active = 1;
  create_ip.s_ivd_create_ip_t.pf_aligned_alloc = iv_aligned_malloc;
  create_ip.s_ivd_create_ip_t.pf_aligned_free = iv_aligned_free;
  create_ip.s_ivd_create_ip_t.pv_mem_ctxt = NULL;
  create_ip.s_ivd_create_ip_t.u4_size = sizeof(ihevcd_cxa_create_ip_t);
  create_op.s_ivd_create_op_t.u4_size = sizeof(ihevcd_cxa_create_op_t);

  ret = ivd_api_function(NULL, (void *)&create_ip, (void *)&create_op);
  if (ret != IV_SUCCESS) {
    return;
  }
  mCodec = (iv_obj_t *)create_op.s_ivd_create_op_t.pv_handle;
  mCodec->pv_fxns = fxns;
  mCodec->u4_size = sizeof(iv_obj_t);
}

void Codec::deleteCodec() {
  ivd_delete_ip_t delete_ip{};
  ivd_delete_op_t delete_op{};

  delete_ip.e_cmd = IVD_CMD_DELETE;
  delete_ip.u4_size = sizeof(ivd_delete_ip_t);
  delete_op.u4_size = sizeof(ivd_delete_op_t);

  ivd_api_function(mCodec, (void *)&delete_ip, (void *)&delete_op);
}

void Codec::resetCodec() {
  ivd_ctl_reset_ip_t s_ctl_ip{};
  ivd_ctl_reset_op_t s_ctl_op{};

  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_RESET;
  s_ctl_ip.u4_size = sizeof(ivd_ctl_reset_ip_t);
  s_ctl_op.u4_size = sizeof(ivd_ctl_reset_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}

void Codec::setCores() {
  ihevcd_cxa_ctl_set_num_cores_ip_t s_ctl_ip{};
  ihevcd_cxa_ctl_set_num_cores_op_t s_ctl_op{};

  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd =
      (IVD_CONTROL_API_COMMAND_TYPE_T)IHEVCD_CXA_CMD_CTL_SET_NUM_CORES;
  s_ctl_ip.u4_num_cores = mNumCores;
  s_ctl_ip.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_ip_t);
  s_ctl_op.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}

void Codec::setParams(IVD_VIDEO_DECODE_MODE_T mode) {
  ivd_ctl_set_config_ip_t s_ctl_ip{};
  ivd_ctl_set_config_op_t s_ctl_op{};

  s_ctl_ip.u4_disp_wd = 0;
  s_ctl_ip.e_frm_skip_mode = IVD_SKIP_NONE;
  s_ctl_ip.e_frm_out_mode = IVD_DISPLAY_FRAME_OUT;
  s_ctl_ip.e_vid_dec_mode = mode;
  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_SETPARAMS;
  s_ctl_ip.u4_size = sizeof(ivd_ctl_set_config_ip_t);
  s_ctl_op.u4_size = sizeof(ivd_ctl_set_config_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}

void Codec::setArchitecture(IVD_ARCH_T arch) {
  ihevcd_cxa_ctl_set_processor_ip_t s_ctl_ip{};
  ihevcd_cxa_ctl_set_processor_op_t s_ctl_op{};

  s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
  s_ctl_ip.e_sub_cmd =
      (IVD_CONTROL_API_COMMAND_TYPE_T)IHEVCD_CXA_CMD_CTL_SET_PROCESSOR;
  s_ctl_ip.u4_arch = arch;
  s_ctl_ip.u4_soc = SOC_GENERIC;
  s_ctl_ip.u4_size = sizeof(ihevcd_cxa_ctl_set_processor_ip_t);
  s_ctl_op.u4_size = sizeof(ihevcd_cxa_ctl_set_processor_op_t);

  ivd_api_function(mCodec, (void *)&s_ctl_ip, (void *)&s_ctl_op);
}
void Codec::freeFrame() {
  for (int i = 0; i < mOutBufHandle.u4_num_bufs; i++) {
    if (mOutBufHandle.pu1_bufs[i]) {
      free(mOutBufHandle.pu1_bufs[i]);
      mOutBufHandle.pu1_bufs[i] = nullptr;
    }
  }
}

void Codec::allocFrame() {
  size_t sizes[4] = {0};
  size_t num_bufs = 0;

  freeFrame();

  memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));

  switch (mColorFormat) {
    case IV_YUV_420SP_UV:
      [[fallthrough]];
    case IV_YUV_420SP_VU:
      sizes[0] = mWidth * mHeight;
      sizes[1] = mWidth * mHeight >> 1;
      num_bufs = 2;
      break;
    case IV_YUV_422ILE:
      sizes[0] = mWidth * mHeight * 2;
      num_bufs = 1;
      break;
    case IV_GRAY:
      sizes[0] = mWidth * mHeight;
      num_bufs = 1;
      break;
    case IV_RGB_565:
      sizes[0] = mWidth * mHeight * 2;
      num_bufs = 1;
      break;
    case IV_RGBA_8888:
      sizes[0] = mWidth * mHeight * 4;
      num_bufs = 1;
      break;
    case IV_YUV_420P:
      [[fallthrough]];
    default:
      sizes[0] = mWidth * mHeight;
      sizes[1] = mWidth * mHeight >> 2;
      sizes[2] = mWidth * mHeight >> 2;
      num_bufs = 3;
      break;
  }
  mOutBufHandle.u4_num_bufs = num_bufs;
  for (int i = 0; i < num_bufs; i++) {
    mOutBufHandle.u4_min_out_buf_size[i] = sizes[i];
    mOutBufHandle.pu1_bufs[i] = (UWORD8 *)iv_aligned_malloc(NULL, 16, sizes[i]);
  }
}

void Codec::decodeHeader(const uint8_t *data, size_t size) {
  setParams(IVD_DECODE_HEADER);

  size_t numDecodeCalls = 0;

  while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
    IV_API_CALL_STATUS_T ret;
    ivd_video_decode_ip_t dec_ip{};
    ivd_video_decode_op_t dec_op{};
    size_t bytes_consumed;

    memset(&dec_ip, 0, sizeof(dec_ip));
    memset(&dec_op, 0, sizeof(dec_op));

    dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
    dec_ip.u4_ts = 0;
    dec_ip.pv_stream_buffer = (void *)data;
    dec_ip.u4_num_Bytes = size;
    dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
    dec_op.u4_size = sizeof(ivd_video_decode_op_t);

    ret = ivd_api_function(mCodec, (void *)&dec_ip, (void *)&dec_op);

    bytes_consumed = dec_op.u4_num_bytes_consumed;
    /* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
     * to feed next data */
    if (!bytes_consumed) bytes_consumed = 4;

    bytes_consumed = std::min(size, bytes_consumed);

    data += bytes_consumed;
    size -= bytes_consumed;
    numDecodeCalls++;

    mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
    mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);

    /* Break after successful header decode */
    if (mWidth && mHeight) {
      break;
    }
  }
  /* if width / height are invalid, set them to defaults */
  if (!mWidth) mWidth = 1920;
  if (!mHeight) mHeight = 1088;
}

IV_API_CALL_STATUS_T Codec::decodeFrame(const uint8_t *data, size_t size,
                                        size_t *bytesConsumed) {
  IV_API_CALL_STATUS_T ret;
  ivd_video_decode_ip_t dec_ip{};
  ivd_video_decode_op_t dec_op{};

  memset(&dec_ip, 0, sizeof(dec_ip));
  memset(&dec_op, 0, sizeof(dec_op));

  dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
  dec_ip.u4_ts = 0;
  dec_ip.pv_stream_buffer = (void *)data;
  dec_ip.u4_num_Bytes = size;
  dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
  dec_ip.s_out_buffer = mOutBufHandle;

  dec_op.u4_size = sizeof(ivd_video_decode_op_t);

  ret = ivd_api_function(mCodec, (void *)&dec_ip, (void *)&dec_op);

  /* In case of change in resolution, reset codec and feed the same data again
   */
  if (IVD_RES_CHANGED == (dec_op.u4_error_code & 0xFF)) {
    resetCodec();
    ret = ivd_api_function(mCodec, (void *)&dec_ip, (void *)&dec_op);
  }
  *bytesConsumed = dec_op.u4_num_bytes_consumed;

  /* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
   * to feed next data */
  if (!*bytesConsumed) *bytesConsumed = 4;

  if (dec_op.u4_pic_wd && dec_op.u4_pic_ht &&
      (mWidth != dec_op.u4_pic_wd || mHeight != dec_op.u4_pic_ht)) {
    mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
    mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);
    allocFrame();
  }

  return ret;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  if (size < 1) {
    return 0;
  }
  size_t colorFormatOfst = std::min((size_t)OFFSET_COLOR_FORMAT, size - 1);
  size_t numCoresOfst = std::min((size_t)OFFSET_NUM_CORES, size - 1);
  size_t architectureOfst = std::min((size_t)OFFSET_ARCH, size - 1);
  size_t architectureIdx = data[architectureOfst] % kSupportedArchitectures;
  IVD_ARCH_T arch = (IVD_ARCH_T)supportedArchitectures[architectureIdx];
  size_t colorFormatIdx = data[colorFormatOfst] % kSupportedColorFormats;
  IV_COLOR_FORMAT_T colorFormat =
      (IV_COLOR_FORMAT_T)(supportedColorFormats[colorFormatIdx]);
  uint32_t numCores = (data[numCoresOfst] % kMaxCores) + 1;
  size_t numDecodeCalls = 0;
  Codec *codec = new Codec(colorFormat, numCores);
  codec->createCodec();
  codec->setArchitecture(arch);
  codec->setCores();
  codec->decodeHeader(data, size);
  codec->setParams(IVD_DECODE_FRAME);
  codec->allocFrame();

  while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
    IV_API_CALL_STATUS_T ret;
    size_t bytesConsumed;
    ret = codec->decodeFrame(data, size, &bytesConsumed);

    bytesConsumed = std::min(size, bytesConsumed);
    data += bytesConsumed;
    size -= bytesConsumed;
    numDecodeCalls++;
  }

  codec->freeFrame();
  codec->deleteCodec();
  delete codec;
  return 0;
}

Coverage Report

Created: 2025-12-29 07:02

Line	Count	Source
1		/******************************************************************************
2		*
3		* Copyright (C) 2019 The Android Open Source Project
4		*
5		* Licensed under the Apache License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at:
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*
17		*****************************************************************************
18		* Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
19		*/
20
21		#include <stddef.h>
22		#include <stdint.h>
23		#include <stdio.h>
24		#include <stdlib.h>
25		#include <string.h>
26
27		#include <algorithm>
28		#include <memory>
29
30		#include "ihevc_typedefs.h"
31		#include "ihevcd_cxa.h"
32		#include "iv.h"
33		#include "ivd.h"
34
35		#define NELEMENTS(x) (sizeof(x) / sizeof(x[0]))
36	100k	#define ivd_api_function ihevcd_cxa_api_function
37		const IV_COLOR_FORMAT_T supportedColorFormats[] = {
38		IV_YUV_420P, IV_YUV_420SP_UV, IV_YUV_420SP_VU,
39		IV_YUV_422ILE, IV_GRAY, IV_RGB_565, IV_RGBA_8888};
40
41		/* Decoder ignores invalid arch, i.e. for arm build, if SSSE3 is requested,
42		* decoder defaults to a supported configuration. So same set of supported
43		* architectures can be used in arm/arm64/x86 builds */
44		const IVD_ARCH_T supportedArchitectures[] = {
45		ARCH_ARM_NONEON, ARCH_ARM_A9Q, ARCH_ARM_NEONINTR, ARCH_ARMV8_GENERIC,
46		ARCH_X86_GENERIC, ARCH_X86_SSSE3, ARCH_X86_SSE42};
47
48		enum {
49		OFFSET_COLOR_FORMAT = 6,
50		OFFSET_NUM_CORES,
51		OFFSET_ARCH,
52		/* Should be the last entry */
53		OFFSET_MAX,
54		};
55
56		const static int kMaxNumDecodeCalls = 100;
57		const static int kSupportedColorFormats = NELEMENTS(supportedColorFormats);
58		const static int kSupportedArchitectures = NELEMENTS(supportedArchitectures);
59		const static int kMaxCores = 4;
60	69.8k	void iv_aligned_malloc(void ctxt, WORD32 alignment, WORD32 size) {
61	69.8k	void *buf = NULL;
62	69.8k	(void)ctxt;
63	69.8k	if (0 != posix_memalign(&buf, alignment, size)) {
64	0	return NULL;
65	0	}
66	69.8k	return buf;
67	69.8k	}
68
69	65.8k	void iv_aligned_free(void ctxt, void buf) {
70	65.8k	(void)ctxt;
71	65.8k	free(buf);
72	65.8k	}
73
74		class Codec {
75		public:
76		Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores);
77		~Codec();
78
79		void createCodec();
80		void deleteCodec();
81		void resetCodec();
82		void setCores();
83		void allocFrame();
84		void freeFrame();
85		void decodeHeader(const uint8_t *data, size_t size);
86		IV_API_CALL_STATUS_T decodeFrame(const uint8_t *data, size_t size,
87		size_t *bytesConsumed);
88		void setParams(IVD_VIDEO_DECODE_MODE_T mode);
89		void setArchitecture(IVD_ARCH_T arch);
90
91		private:
92		IV_COLOR_FORMAT_T mColorFormat;
93		size_t mNumCores;
94		iv_obj_t *mCodec;
95		ivd_out_bufdesc_t mOutBufHandle;
96		uint32_t mWidth;
97		uint32_t mHeight;
98		};
99
100	979	Codec::Codec(IV_COLOR_FORMAT_T colorFormat, size_t numCores) {
101	979	mColorFormat = colorFormat;
102	979	mNumCores = numCores;
103	979	mCodec = nullptr;
104	979	mWidth = 0;
105	979	mHeight = 0;
106
107	979	memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));
108	979	}
109
110	1.24k	Codec::~Codec() {}
111
112	979	void Codec::createCodec() {
113	979	IV_API_CALL_STATUS_T ret;
114	979	ihevcd_cxa_create_ip_t create_ip{};
115	979	ihevcd_cxa_create_op_t create_op{};
116	979	void fxns = (void )&ivd_api_function;
117
118	979	create_ip.s_ivd_create_ip_t.e_cmd = IVD_CMD_CREATE;
119	979	create_ip.s_ivd_create_ip_t.u4_share_disp_buf = 0;
120	979	create_ip.s_ivd_create_ip_t.e_output_format = mColorFormat;
121	979	create_ip.u4_keep_threads_active = 1;
122	979	create_ip.s_ivd_create_ip_t.pf_aligned_alloc = iv_aligned_malloc;
123	979	create_ip.s_ivd_create_ip_t.pf_aligned_free = iv_aligned_free;
124	979	create_ip.s_ivd_create_ip_t.pv_mem_ctxt = NULL;
125	979	create_ip.s_ivd_create_ip_t.u4_size = sizeof(ihevcd_cxa_create_ip_t);
126	979	create_op.s_ivd_create_op_t.u4_size = sizeof(ihevcd_cxa_create_op_t);
127
128	979	ret = ivd_api_function(NULL, (void )&create_ip, (void )&create_op);
129	979	if (ret != IV_SUCCESS) {
130	4	return;
131	4	}
132	975	mCodec = (iv_obj_t *)create_op.s_ivd_create_op_t.pv_handle;
133	975	mCodec->pv_fxns = fxns;
134	975	mCodec->u4_size = sizeof(iv_obj_t);
135	975	}
136
137	979	void Codec::deleteCodec() {
138	979	ivd_delete_ip_t delete_ip{};
139	979	ivd_delete_op_t delete_op{};
140
141	979	delete_ip.e_cmd = IVD_CMD_DELETE;
142	979	delete_ip.u4_size = sizeof(ivd_delete_ip_t);
143	979	delete_op.u4_size = sizeof(ivd_delete_op_t);
144
145	979	ivd_api_function(mCodec, (void )&delete_ip, (void )&delete_op);
146	979	}
147
148	1.77k	void Codec::resetCodec() {
149	1.77k	ivd_ctl_reset_ip_t s_ctl_ip{};
150	1.77k	ivd_ctl_reset_op_t s_ctl_op{};
151
152	1.77k	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
153	1.77k	s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_RESET;
154	1.77k	s_ctl_ip.u4_size = sizeof(ivd_ctl_reset_ip_t);
155	1.77k	s_ctl_op.u4_size = sizeof(ivd_ctl_reset_op_t);
156
157	1.77k	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
158	1.77k	}
159
160	979	void Codec::setCores() {
161	979	ihevcd_cxa_ctl_set_num_cores_ip_t s_ctl_ip{};
162	979	ihevcd_cxa_ctl_set_num_cores_op_t s_ctl_op{};
163
164	979	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
165	979	s_ctl_ip.e_sub_cmd =
166	979	(IVD_CONTROL_API_COMMAND_TYPE_T)IHEVCD_CXA_CMD_CTL_SET_NUM_CORES;
167	979	s_ctl_ip.u4_num_cores = mNumCores;
168	979	s_ctl_ip.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_ip_t);
169	979	s_ctl_op.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_op_t);
170
171	979	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
172	979	}
173
174	1.95k	void Codec::setParams(IVD_VIDEO_DECODE_MODE_T mode) {
175	1.95k	ivd_ctl_set_config_ip_t s_ctl_ip{};
176	1.95k	ivd_ctl_set_config_op_t s_ctl_op{};
177
178	1.95k	s_ctl_ip.u4_disp_wd = 0;
179	1.95k	s_ctl_ip.e_frm_skip_mode = IVD_SKIP_NONE;
180	1.95k	s_ctl_ip.e_frm_out_mode = IVD_DISPLAY_FRAME_OUT;
181	1.95k	s_ctl_ip.e_vid_dec_mode = mode;
182	1.95k	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
183	1.95k	s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_SETPARAMS;
184	1.95k	s_ctl_ip.u4_size = sizeof(ivd_ctl_set_config_ip_t);
185	1.95k	s_ctl_op.u4_size = sizeof(ivd_ctl_set_config_op_t);
186
187	1.95k	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
188	1.95k	}
189
190	979	void Codec::setArchitecture(IVD_ARCH_T arch) {
191	979	ihevcd_cxa_ctl_set_processor_ip_t s_ctl_ip{};
192	979	ihevcd_cxa_ctl_set_processor_op_t s_ctl_op{};
193
194	979	s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
195	979	s_ctl_ip.e_sub_cmd =
196	979	(IVD_CONTROL_API_COMMAND_TYPE_T)IHEVCD_CXA_CMD_CTL_SET_PROCESSOR;
197	979	s_ctl_ip.u4_arch = arch;
198	979	s_ctl_ip.u4_soc = SOC_GENERIC;
199	979	s_ctl_ip.u4_size = sizeof(ihevcd_cxa_ctl_set_processor_ip_t);
200	979	s_ctl_op.u4_size = sizeof(ihevcd_cxa_ctl_set_processor_op_t);
201
202	979	ivd_api_function(mCodec, (void )&s_ctl_ip, (void )&s_ctl_op);
203	979	}
204	2.93k	void Codec::freeFrame() {
205	6.97k	for (int i = 0; i < mOutBufHandle.u4_num_bufs; i++) {
206	4.04k	if (mOutBufHandle.pu1_bufs[i]) {
207	4.04k	free(mOutBufHandle.pu1_bufs[i]);
208	4.04k	mOutBufHandle.pu1_bufs[i] = nullptr;
209	4.04k	}
210	4.04k	}
211	2.93k	}
212
213	1.95k	void Codec::allocFrame() {
214	1.95k	size_t sizes[4] = {0};
215	1.95k	size_t num_bufs = 0;
216
217	1.95k	freeFrame();
218
219	1.95k	memset(&mOutBufHandle, 0, sizeof(mOutBufHandle));
220
221	1.95k	switch (mColorFormat) {
222	330	case IV_YUV_420SP_UV:
223	330	[[fallthrough]];
224	399	case IV_YUV_420SP_VU:
225	399	sizes[0] = mWidth * mHeight;
226	399	sizes[1] = mWidth * mHeight >> 1;
227	399	num_bufs = 2;
228	399	break;
229	87	case IV_YUV_422ILE:
230	87	sizes[0] = mWidth * mHeight * 2;
231	87	num_bufs = 1;
232	87	break;
233	184	case IV_GRAY:
234	184	sizes[0] = mWidth * mHeight;
235	184	num_bufs = 1;
236	184	break;
237	437	case IV_RGB_565:
238	437	sizes[0] = mWidth * mHeight * 2;
239	437	num_bufs = 1;
240	437	break;
241	4	case IV_RGBA_8888:
242	4	sizes[0] = mWidth * mHeight * 4;
243	4	num_bufs = 1;
244	4	break;
245	844	case IV_YUV_420P:
246	844	[[fallthrough]];
247	844	default:
248	844	sizes[0] = mWidth * mHeight;
249	844	sizes[1] = mWidth * mHeight >> 2;
250	844	sizes[2] = mWidth * mHeight >> 2;
251	844	num_bufs = 3;
252	844	break;
253	1.95k	}
254	1.95k	mOutBufHandle.u4_num_bufs = num_bufs;
255	5.99k	for (int i = 0; i < num_bufs; i++) {
256	4.04k	mOutBufHandle.u4_min_out_buf_size[i] = sizes[i];
257	4.04k	mOutBufHandle.pu1_bufs[i] = (UWORD8 *)iv_aligned_malloc(NULL, 16, sizes[i]);
258	4.04k	}
259	1.95k	}
260
261	979	void Codec::decodeHeader(const uint8_t *data, size_t size) {
262	979	setParams(IVD_DECODE_HEADER);
263
264	979	size_t numDecodeCalls = 0;
265
266	37.6k	while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
267	37.5k	IV_API_CALL_STATUS_T ret;
268	37.5k	ivd_video_decode_ip_t dec_ip{};
269	37.5k	ivd_video_decode_op_t dec_op{};
270	37.5k	size_t bytes_consumed;
271
272	37.5k	memset(&dec_ip, 0, sizeof(dec_ip));
273	37.5k	memset(&dec_op, 0, sizeof(dec_op));
274
275	37.5k	dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
276	37.5k	dec_ip.u4_ts = 0;
277	37.5k	dec_ip.pv_stream_buffer = (void *)data;
278	37.5k	dec_ip.u4_num_Bytes = size;
279	37.5k	dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
280	37.5k	dec_op.u4_size = sizeof(ivd_video_decode_op_t);
281
282	37.5k	ret = ivd_api_function(mCodec, (void )&dec_ip, (void )&dec_op);
283
284	37.5k	bytes_consumed = dec_op.u4_num_bytes_consumed;
285		/* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
286		* to feed next data */
287	37.5k	if (!bytes_consumed) bytes_consumed = 4;
288
289	37.5k	bytes_consumed = std::min(size, bytes_consumed);
290
291	37.5k	data += bytes_consumed;
292	37.5k	size -= bytes_consumed;
293	37.5k	numDecodeCalls++;
294
295	37.5k	mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
296	37.5k	mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);
297
298		/* Break after successful header decode */
299	37.5k	if (mWidth && mHeight) {
300	903	break;
301	903	}
302	37.5k	}
303		/* if width / height are invalid, set them to defaults */
304	979	if (!mWidth) mWidth = 1920;
305	979	if (!mHeight) mHeight = 1088;
306	979	}
307
308		IV_API_CALL_STATUS_T Codec::decodeFrame(const uint8_t *data, size_t size,
309	52.1k	size_t *bytesConsumed) {
310	52.1k	IV_API_CALL_STATUS_T ret;
311	52.1k	ivd_video_decode_ip_t dec_ip{};
312	52.1k	ivd_video_decode_op_t dec_op{};
313
314	52.1k	memset(&dec_ip, 0, sizeof(dec_ip));
315	52.1k	memset(&dec_op, 0, sizeof(dec_op));
316
317	52.1k	dec_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
318	52.1k	dec_ip.u4_ts = 0;
319	52.1k	dec_ip.pv_stream_buffer = (void *)data;
320	52.1k	dec_ip.u4_num_Bytes = size;
321	52.1k	dec_ip.u4_size = sizeof(ivd_video_decode_ip_t);
322	52.1k	dec_ip.s_out_buffer = mOutBufHandle;
323
324	52.1k	dec_op.u4_size = sizeof(ivd_video_decode_op_t);
325
326	52.1k	ret = ivd_api_function(mCodec, (void )&dec_ip, (void )&dec_op);
327
328		/* In case of change in resolution, reset codec and feed the same data again
329		*/
330	52.1k	if (IVD_RES_CHANGED == (dec_op.u4_error_code & 0xFF)) {
331	1.77k	resetCodec();
332	1.77k	ret = ivd_api_function(mCodec, (void )&dec_ip, (void )&dec_op);
333	1.77k	}
334	52.1k	*bytesConsumed = dec_op.u4_num_bytes_consumed;
335
336		/* If no bytes are consumed, then consume 4 bytes to ensure fuzzer proceeds
337		* to feed next data */
338	52.1k	if (!bytesConsumed) bytesConsumed = 4;
339
340	52.1k	if (dec_op.u4_pic_wd && dec_op.u4_pic_ht &&
341	49.4k	(mWidth != dec_op.u4_pic_wd \|\| mHeight != dec_op.u4_pic_ht)) {
342	976	mWidth = std::min(dec_op.u4_pic_wd, (UWORD32)10240);
343	976	mHeight = std::min(dec_op.u4_pic_ht, (UWORD32)10240);
344	976	allocFrame();
345	976	}
346
347	52.1k	return ret;
348	52.1k	}
349
350	979	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
351	979	if (size < 1) {
352	0	return 0;
353	0	}
354	979	size_t colorFormatOfst = std::min((size_t)OFFSET_COLOR_FORMAT, size - 1);
355	979	size_t numCoresOfst = std::min((size_t)OFFSET_NUM_CORES, size - 1);
356	979	size_t architectureOfst = std::min((size_t)OFFSET_ARCH, size - 1);
357	979	size_t architectureIdx = data[architectureOfst] % kSupportedArchitectures;
358	979	IVD_ARCH_T arch = (IVD_ARCH_T)supportedArchitectures[architectureIdx];
359	979	size_t colorFormatIdx = data[colorFormatOfst] % kSupportedColorFormats;
360	979	IV_COLOR_FORMAT_T colorFormat =
361	979	(IV_COLOR_FORMAT_T)(supportedColorFormats[colorFormatIdx]);
362	979	uint32_t numCores = (data[numCoresOfst] % kMaxCores) + 1;
363	979	size_t numDecodeCalls = 0;
364	979	Codec *codec = new Codec(colorFormat, numCores);
365	979	codec->createCodec();
366	979	codec->setArchitecture(arch);
367	979	codec->setCores();
368	979	codec->decodeHeader(data, size);
369	979	codec->setParams(IVD_DECODE_FRAME);
370	979	codec->allocFrame();
371
372	53.1k	while (size > 0 && numDecodeCalls < kMaxNumDecodeCalls) {
373	52.1k	IV_API_CALL_STATUS_T ret;
374	52.1k	size_t bytesConsumed;
375	52.1k	ret = codec->decodeFrame(data, size, &bytesConsumed);
376
377	52.1k	bytesConsumed = std::min(size, bytesConsumed);
378	52.1k	data += bytesConsumed;
379	52.1k	size -= bytesConsumed;
380	52.1k	numDecodeCalls++;
381	52.1k	}
382
383	979	codec->freeFrame();
384	979	codec->deleteCodec();
385	979	delete codec;
386	979	return 0;
387	979	}