/src/decode_fuzzer.cc

Source (jump to first uncovered line)
#include <fuzzer/FuzzedDataProvider.h>

#include <cstddef>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <vector>

#include "mpg123.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  static bool initialized = false;
  if (!initialized) {
    mpg123_init();
    initialized = true;
  }
  int ret;
  mpg123_handle* handle = mpg123_new(nullptr, &ret);
  if (handle == nullptr) {
    return 0;
  }

  ret = mpg123_param(handle, MPG123_ADD_FLAGS, MPG123_QUIET, 0.);
  if(ret == MPG123_OK)
    ret = mpg123_open_feed(handle);
  if (ret != MPG123_OK) {
    mpg123_delete(handle);
    return 0;
  }

  std::vector<uint8_t> output_buffer(mpg123_outblock(handle));

  size_t output_written = 0;
  // Initially, start by feeding the decoder more data.
  int decode_ret = MPG123_NEED_MORE;
  FuzzedDataProvider provider(data, size);
  while ((decode_ret != MPG123_ERR)) {
    if (decode_ret == MPG123_NEED_MORE) {
      if (provider.remaining_bytes() == 0
          || mpg123_tellframe(handle) > 10000
          || mpg123_tell_stream(handle) > 1<<20) {
        break;
      }
      const size_t next_size = provider.ConsumeIntegralInRange<size_t>(
          0,
          provider.remaining_bytes());
      auto next_input = provider.ConsumeBytes<unsigned char>(next_size);
      decode_ret = mpg123_decode(handle, next_input.data(), next_input.size(),
                                 output_buffer.data(), output_buffer.size(),
                                 &output_written);
    } else if (decode_ret != MPG123_ERR && decode_ret != MPG123_NEED_MORE) {
      decode_ret = mpg123_decode(handle, nullptr, 0, output_buffer.data(),
                                 output_buffer.size(), &output_written);
    } else {
      // Unhandled mpg123_decode return value.
      abort();
    }
  }

  mpg123_delete(handle);

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <fuzzer/FuzzedDataProvider.h>
2
3		#include <cstddef>
4		#include <cstdint>
5		#include <cstdio>
6		#include <cstdlib>
7		#include <vector>
8
9		#include "mpg123.h"
10
11	3.36k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12	3.36k	static bool initialized = false;
13	3.36k	if (!initialized) {
14	1	mpg123_init();
15	1	initialized = true;
16	1	}
17	3.36k	int ret;
18	3.36k	mpg123_handle* handle = mpg123_new(nullptr, &ret);
19	3.36k	if (handle == nullptr) {
20	0	return 0;
21	0	}
22
23	3.36k	ret = mpg123_param(handle, MPG123_ADD_FLAGS, MPG123_QUIET, 0.);
24	3.36k	if(ret == MPG123_OK)
25	3.36k	ret = mpg123_open_feed(handle);
26	3.36k	if (ret != MPG123_OK) {
27	0	mpg123_delete(handle);
28	0	return 0;
29	0	}
30
31	3.36k	std::vector<uint8_t> output_buffer(mpg123_outblock(handle));
32
33	3.36k	size_t output_written = 0;
34		// Initially, start by feeding the decoder more data.
35	3.36k	int decode_ret = MPG123_NEED_MORE;
36	3.36k	FuzzedDataProvider provider(data, size);
37	607k	while ((decode_ret != MPG123_ERR)) {
38	607k	if (decode_ret == MPG123_NEED_MORE) {
39	295k	if (provider.remaining_bytes() == 0
40	295k	\|\| mpg123_tellframe(handle) > 10000
41	295k	\|\| mpg123_tell_stream(handle) > 1<<20) {
42	3.31k	break;
43	3.31k	}
44	292k	const size_t next_size = provider.ConsumeIntegralInRange<size_t>(
45	292k	0,
46	292k	provider.remaining_bytes());
47	292k	auto next_input = provider.ConsumeBytes<unsigned char>(next_size);
48	292k	decode_ret = mpg123_decode(handle, next_input.data(), next_input.size(),
49	292k	output_buffer.data(), output_buffer.size(),
50	292k	&output_written);
51	312k	} else if (decode_ret != MPG123_ERR && decode_ret != MPG123_NEED_MORE) {
52	312k	decode_ret = mpg123_decode(handle, nullptr, 0, output_buffer.data(),
53	312k	output_buffer.size(), &output_written);
54	312k	} else {
55		// Unhandled mpg123_decode return value.
56	0	abort();
57	0	}
58	607k	}
59
60	3.36k	mpg123_delete(handle);
61
62	3.36k	return 0;
63	3.36k	}

Coverage Report

Created: 2025-08-29 06:59