/src/nestegg/test/fuzz.cc

Source (jump to first uncovered line)
/*
 * Copyright © 2018 Mozilla Foundation
 *
 * This program is made available under an ISC-style license.  See the
 * accompanying file LICENSE for details.
 */
#include <assert.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "nestegg/nestegg.h"

/* fuzz.cc is meant to be used with LibFuzzer
 * (https://llvm.org/docs/LibFuzzer.html)
 *
 * To build:
 * clang -g -O1 -fsanitize=fuzzer -I./include src/nestegg.c test/fuzz.cc -o fuzz
 *
 * NOTE: At the moment there are large chunks of code that have been copied
 *       from regress.c
 */

/* Three functions that implement the nestegg_io interface, operating on a
   io_buffer. */
struct io_buffer {
  unsigned char const * buffer;
  size_t length;
  int64_t offset;
};

static int
ne_buffer_read(void * buffer, size_t length, void * userdata)
{
  struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
  size_t available = iob->length - iob->offset;

  if (available == 0)
    return 0;

  if (available < length)
    return -1;

  memcpy(buffer, iob->buffer + iob->offset, length);
  iob->offset += length;

  return 1;
}

static int
ne_buffer_seek(int64_t offset, int whence, void * userdata)
{
  struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
  int64_t o = iob->offset;

  switch(whence) {
  case NESTEGG_SEEK_SET:
    o = offset;
    break;
  case NESTEGG_SEEK_CUR:
    o += offset;
    break;
  case NESTEGG_SEEK_END:
    o = iob->length + offset;
    break;
  }

  if (o < 0 || o > (int64_t) iob->length)
    return -1;

  iob->offset = o;
  return 0;
}

static int64_t
ne_buffer_tell(void * userdata)
{
  struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
  return iob->offset;
}


extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
  int r, type, id, track_encoding, pkt_keyframe, pkt_encryption, cues;
  int64_t read_limit = -1;
  nestegg * ctx;
  nestegg_audio_params aparams;
  nestegg_packet * pkt;
  nestegg_video_params vparams;
  size_t length;
  uint64_t duration = ~0, pkt_tstamp, pkt_duration, tstamp_scale, default_duration;
  int64_t pkt_discard_padding, pkt_reference_block;
  unsigned char * codec_data, * ptr, * pkt_additional;
  unsigned char const * track_content_enc_key_id, * pkt_encryption_iv;
  unsigned int i, j, tracks = 0, pkt_cnt, pkt_track;
  unsigned int data_items = 0;
  uint8_t pkt_num_offsets;
  uint32_t const * pkt_partition_offsets;

  nestegg_io io;
  struct io_buffer userdata;
  userdata.buffer = data;
  userdata.length = size;
  userdata.offset = 0;

  io.read = ne_buffer_read;
  io.seek = ne_buffer_seek;
  io.tell = ne_buffer_tell;
  io.userdata = &userdata;

  ctx = NULL;
  r = nestegg_init(&ctx, io, NULL, read_limit);
  if (r != 0)
    return 0;

  nestegg_track_count(ctx, &tracks);
  nestegg_duration(ctx, &duration);
  nestegg_tstamp_scale(ctx, &tstamp_scale);
  cues = nestegg_has_cues(ctx);

  for (i = 0; i < tracks; ++i) {
    type = nestegg_track_type(ctx, i);
    id = nestegg_track_codec_id(ctx, i);
    nestegg_track_codec_data_count(ctx, i, &data_items);
    track_encoding = nestegg_track_encoding(ctx, i);
    r = nestegg_track_default_duration(ctx, i, &default_duration);
    if (track_encoding == NESTEGG_ENCODING_ENCRYPTION) {
      nestegg_track_content_enc_key_id(ctx, i, &track_content_enc_key_id, &length);
    }
    for (j = 0; j < data_items; ++j) {
      nestegg_track_codec_data(ctx, i, j, &codec_data, &length);
    }
    switch (type) {
    case NESTEGG_TRACK_VIDEO:
      nestegg_track_video_params(ctx, i, &vparams);
      break;
    case NESTEGG_TRACK_AUDIO:
      nestegg_track_audio_params(ctx, i, &aparams);
      break;
    //case NESTEGG_TRACK_UNKNOWN:
    //  break;
    default:
      break;
    }
  }

  for (;;) {
    pkt = NULL;
    r = nestegg_read_packet(ctx, &pkt);
    if (r <= 0) {
      assert(pkt == NULL);
      break;
    }
    nestegg_packet_track(pkt, &pkt_track);
    pkt_keyframe = nestegg_packet_has_keyframe(pkt);
    nestegg_packet_count(pkt, &pkt_cnt);
    nestegg_packet_tstamp(pkt, &pkt_tstamp);
    pkt_duration = 0;
    nestegg_packet_duration(pkt, &pkt_duration);
    pkt_discard_padding = 0;
    nestegg_packet_discard_padding(pkt, &pkt_discard_padding);
    pkt_reference_block = 0;
    nestegg_packet_reference_block(pkt, &pkt_reference_block);
    pkt_additional = NULL;
    nestegg_packet_additional_data(pkt, 1, &pkt_additional, &length);
    pkt_encryption = nestegg_packet_encryption(pkt);
    if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_ENCRYPTED ||
        pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
      nestegg_packet_iv(pkt, &pkt_encryption_iv, &length);
    }
    if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
      nestegg_packet_offsets(pkt, &pkt_partition_offsets, &pkt_num_offsets);
    }
    for (i = 0; i < pkt_cnt; ++i) {
      nestegg_packet_data(pkt, i, &ptr, &length);
    }
    nestegg_free_packet(pkt);
  }

  nestegg_destroy(ctx);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright © 2018 Mozilla Foundation
3		*
4		* This program is made available under an ISC-style license. See the
5		* accompanying file LICENSE for details.
6		*/
7		#include <assert.h>
8		#include <stdarg.h>
9		#include <stdio.h>
10		#include <stdlib.h>
11		#include <stdint.h>
12		#include <string.h>
13		#include "nestegg/nestegg.h"
14
15		/* fuzz.cc is meant to be used with LibFuzzer
16		* (https://llvm.org/docs/LibFuzzer.html)
17		*
18		* To build:
19		* clang -g -O1 -fsanitize=fuzzer -I./include src/nestegg.c test/fuzz.cc -o fuzz
20		*
21		* NOTE: At the moment there are large chunks of code that have been copied
22		* from regress.c
23		*/
24
25		/* Three functions that implement the nestegg_io interface, operating on a
26		io_buffer. */
27		struct io_buffer {
28		unsigned char const * buffer;
29		size_t length;
30		int64_t offset;
31		};
32
33		static int
34		ne_buffer_read(void * buffer, size_t length, void * userdata)
35	3.02M	{
36	3.02M	struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
37	3.02M	size_t available = iob->length - iob->offset;
38
39	3.02M	if (available == 0)
40	5.60k	return 0;
41
42	3.02M	if (available < length)
43	107	return -1;
44
45	3.02M	memcpy(buffer, iob->buffer + iob->offset, length);
46	3.02M	iob->offset += length;
47
48	3.02M	return 1;
49	3.02M	}
50
51		static int
52		ne_buffer_seek(int64_t offset, int whence, void * userdata)
53	0	{
54	0	struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
55	0	int64_t o = iob->offset;
56
57	0	switch(whence) {
58	0	case NESTEGG_SEEK_SET:
59	0	o = offset;
60	0	break;
61	0	case NESTEGG_SEEK_CUR:
62	0	o += offset;
63	0	break;
64	0	case NESTEGG_SEEK_END:
65	0	o = iob->length + offset;
66	0	break;
67	0	}
68
69	0	if (o < 0 \|\| o > (int64_t) iob->length)
70	0	return -1;
71
72	0	iob->offset = o;
73	0	return 0;
74	0	}
75
76		static int64_t
77		ne_buffer_tell(void * userdata)
78	80.0k	{
79	80.0k	struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
80	80.0k	return iob->offset;
81	80.0k	}
82
83
84		extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
85	7.28k	{
86	7.28k	int r, type, id, track_encoding, pkt_keyframe, pkt_encryption, cues;
87	7.28k	int64_t read_limit = -1;
88	7.28k	nestegg * ctx;
89	7.28k	nestegg_audio_params aparams;
90	7.28k	nestegg_packet * pkt;
91	7.28k	nestegg_video_params vparams;
92	7.28k	size_t length;
93	7.28k	uint64_t duration = ~0, pkt_tstamp, pkt_duration, tstamp_scale, default_duration;
94	7.28k	int64_t pkt_discard_padding, pkt_reference_block;
95	7.28k	unsigned char * codec_data, * ptr, * pkt_additional;
96	7.28k	unsigned char const * track_content_enc_key_id, * pkt_encryption_iv;
97	7.28k	unsigned int i, j, tracks = 0, pkt_cnt, pkt_track;
98	7.28k	unsigned int data_items = 0;
99	7.28k	uint8_t pkt_num_offsets;
100	7.28k	uint32_t const * pkt_partition_offsets;
101
102	7.28k	nestegg_io io;
103	7.28k	struct io_buffer userdata;
104	7.28k	userdata.buffer = data;
105	7.28k	userdata.length = size;
106	7.28k	userdata.offset = 0;
107
108	7.28k	io.read = ne_buffer_read;
109	7.28k	io.seek = ne_buffer_seek;
110	7.28k	io.tell = ne_buffer_tell;
111	7.28k	io.userdata = &userdata;
112
113	7.28k	ctx = NULL;
114	7.28k	r = nestegg_init(&ctx, io, NULL, read_limit);
115	7.28k	if (r != 0)
116	1.40k	return 0;
117
118	5.87k	nestegg_track_count(ctx, &tracks);
119	5.87k	nestegg_duration(ctx, &duration);
120	5.87k	nestegg_tstamp_scale(ctx, &tstamp_scale);
121	5.87k	cues = nestegg_has_cues(ctx);
122
123	122k	for (i = 0; i < tracks; ++i) {
124	116k	type = nestegg_track_type(ctx, i);
125	116k	id = nestegg_track_codec_id(ctx, i);
126	116k	nestegg_track_codec_data_count(ctx, i, &data_items);
127	116k	track_encoding = nestegg_track_encoding(ctx, i);
128	116k	r = nestegg_track_default_duration(ctx, i, &default_duration);
129	116k	if (track_encoding == NESTEGG_ENCODING_ENCRYPTION) {
130	1.57k	nestegg_track_content_enc_key_id(ctx, i, &track_content_enc_key_id, &length);
131	1.57k	}
132	149k	for (j = 0; j < data_items; ++j) {
133	33.3k	nestegg_track_codec_data(ctx, i, j, &codec_data, &length);
134	33.3k	}
135	116k	switch (type) {
136	12.4k	case NESTEGG_TRACK_VIDEO:
137	12.4k	nestegg_track_video_params(ctx, i, &vparams);
138	12.4k	break;
139	1.61k	case NESTEGG_TRACK_AUDIO:
140	1.61k	nestegg_track_audio_params(ctx, i, &aparams);
141	1.61k	break;
142		//case NESTEGG_TRACK_UNKNOWN:
143		// break;
144	102k	default:
145	102k	break;
146	116k	}
147	116k	}
148
149	13.2k	for (;;) {
150	13.2k	pkt = NULL;
151	13.2k	r = nestegg_read_packet(ctx, &pkt);
152	13.2k	if (r <= 0) {
153	5.87k	assert(pkt == NULL);
154	5.87k	break;
155	5.87k	}
156	7.39k	nestegg_packet_track(pkt, &pkt_track);
157	7.39k	pkt_keyframe = nestegg_packet_has_keyframe(pkt);
158	7.39k	nestegg_packet_count(pkt, &pkt_cnt);
159	7.39k	nestegg_packet_tstamp(pkt, &pkt_tstamp);
160	7.39k	pkt_duration = 0;
161	7.39k	nestegg_packet_duration(pkt, &pkt_duration);
162	7.39k	pkt_discard_padding = 0;
163	7.39k	nestegg_packet_discard_padding(pkt, &pkt_discard_padding);
164	7.39k	pkt_reference_block = 0;
165	7.39k	nestegg_packet_reference_block(pkt, &pkt_reference_block);
166	7.39k	pkt_additional = NULL;
167	7.39k	nestegg_packet_additional_data(pkt, 1, &pkt_additional, &length);
168	7.39k	pkt_encryption = nestegg_packet_encryption(pkt);
169	7.39k	if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_ENCRYPTED \|\|
170	7.39k	pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
171	760	nestegg_packet_iv(pkt, &pkt_encryption_iv, &length);
172	760	}
173	7.39k	if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
174	545	nestegg_packet_offsets(pkt, &pkt_partition_offsets, &pkt_num_offsets);
175	545	}
176	45.6k	for (i = 0; i < pkt_cnt; ++i) {
177	38.2k	nestegg_packet_data(pkt, i, &ptr, &length);
178	38.2k	}
179	7.39k	nestegg_free_packet(pkt);
180	7.39k	}
181
182	5.87k	nestegg_destroy(ctx);
183	5.87k	return 0;
184	5.87k	}

Coverage Report

Created: 2025-07-18 06:37