/src/decode_fuzzer.cc

Source (jump to first uncovered line)
#include <fuzzer/FuzzedDataProvider.h>

#include <cstddef>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <vector>

#include "mpg123.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  static bool initialized = false;
  if (!initialized) {
    mpg123_init();
    initialized = true;
  }
  int ret;
  mpg123_handle* handle = mpg123_new(nullptr, &ret);
  if (handle == nullptr) {
    return 0;
  }

  ret = mpg123_param(handle, MPG123_ADD_FLAGS, MPG123_QUIET, 0.);
  if(ret == MPG123_OK)
    ret = mpg123_open_feed(handle);
  if (ret != MPG123_OK) {
    mpg123_delete(handle);
    return 0;
  }

  std::vector<uint8_t> output_buffer(mpg123_outblock(handle));

  size_t output_written = 0;
  // Initially, start by feeding the decoder more data.
  int decode_ret = MPG123_NEED_MORE;
  FuzzedDataProvider provider(data, size);
  while ((decode_ret != MPG123_ERR)) {
    if (decode_ret == MPG123_NEED_MORE) {
      if (provider.remaining_bytes() == 0
          || mpg123_tellframe(handle) > 10000
          || mpg123_tell_stream(handle) > 1<<20) {
        break;
      }
      const size_t next_size = provider.ConsumeIntegralInRange<size_t>(
          0,
          provider.remaining_bytes());
      auto next_input = provider.ConsumeBytes<unsigned char>(next_size);
      decode_ret = mpg123_decode(handle, next_input.data(), next_input.size(),
                                 output_buffer.data(), output_buffer.size(),
                                 &output_written);
    } else if (decode_ret != MPG123_ERR && decode_ret != MPG123_NEED_MORE) {
      decode_ret = mpg123_decode(handle, nullptr, 0, output_buffer.data(),
                                 output_buffer.size(), &output_written);
    } else {
      // Unhandled mpg123_decode return value.
      abort();
    }
  }

  mpg123_delete(handle);

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <fuzzer/FuzzedDataProvider.h>
2
3		#include <cstddef>
4		#include <cstdint>
5		#include <cstdio>
6		#include <cstdlib>
7		#include <vector>
8
9		#include "mpg123.h"
10
11	6.19k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12	6.19k	static bool initialized = false;
13	6.19k	if (!initialized) {
14	1	mpg123_init();
15	1	initialized = true;
16	1	}
17	6.19k	int ret;
18	6.19k	mpg123_handle* handle = mpg123_new(nullptr, &ret);
19	6.19k	if (handle == nullptr) {
20	0	return 0;
21	0	}
22
23	6.19k	ret = mpg123_param(handle, MPG123_ADD_FLAGS, MPG123_QUIET, 0.);
24	6.19k	if(ret == MPG123_OK)
25	6.19k	ret = mpg123_open_feed(handle);
26	6.19k	if (ret != MPG123_OK) {
27	0	mpg123_delete(handle);
28	0	return 0;
29	0	}
30
31	6.19k	std::vector<uint8_t> output_buffer(mpg123_outblock(handle));
32
33	6.19k	size_t output_written = 0;
34		// Initially, start by feeding the decoder more data.
35	6.19k	int decode_ret = MPG123_NEED_MORE;
36	6.19k	FuzzedDataProvider provider(data, size);
37	1.78M	while ((decode_ret != MPG123_ERR)) {
38	1.78M	if (decode_ret == MPG123_NEED_MORE) {
39	1.05M	if (provider.remaining_bytes() == 0
40	1.05M	\|\| mpg123_tellframe(handle) > 10000
41	1.05M	\|\| mpg123_tell_stream(handle) > 1<<20) {
42	6.13k	break;
43	6.13k	}
44	1.04M	const size_t next_size = provider.ConsumeIntegralInRange<size_t>(
45	1.04M	0,
46	1.04M	provider.remaining_bytes());
47	1.04M	auto next_input = provider.ConsumeBytes<unsigned char>(next_size);
48	1.04M	decode_ret = mpg123_decode(handle, next_input.data(), next_input.size(),
49	1.04M	output_buffer.data(), output_buffer.size(),
50	1.04M	&output_written);
51	1.04M	} else if (decode_ret != MPG123_ERR && decode_ret != MPG123_NEED_MORE) {
52	733k	decode_ret = mpg123_decode(handle, nullptr, 0, output_buffer.data(),
53	733k	output_buffer.size(), &output_written);
54	733k	} else {
55		// Unhandled mpg123_decode return value.
56	0	abort();
57	0	}
58	1.78M	}
59
60	6.19k	mpg123_delete(handle);
61
62	6.19k	return 0;
63	6.19k	}

Coverage Report

Created: 2023-06-07 06:25