ref: 6ef9a030145eef79fdeab6d4d38e00423ae7a83d
parent: ee31bb858f7a19880260797c0ef7f4dfcc102dc2
author: James Almer <jamrial@gmail.com>
date: Sun Jul 7 18:10:30 EDT 2019
dav1d_fuzzer: use Dav1dSettings.frame_size_limit instead of a custom picture allocator Limit frame size in pixels to about 16MP, while allowing the fuzzer to test frame widths and heights above 4096.
--- a/tests/libfuzzer/dav1d_fuzzer.c
+++ b/tests/libfuzzer/dav1d_fuzzer.c
@@ -54,19 +54,8 @@
return ((uint32_t)p[3] << 24U) | (p[2] << 16U) | (p[1] << 8U) | p[0];
}
-#define DAV1D_FUZZ_MAX_SIZE 4096
+#define DAV1D_FUZZ_MAX_SIZE 4096 * 4096
-#if defined(DAV1D_FUZZ_MAX_SIZE)
-static int (*default_picture_allocator)(Dav1dPicture *, void *);
-
-static int fuzz_picture_allocator(Dav1dPicture *pic, void *cookie) {- if (pic->p.w > DAV1D_FUZZ_MAX_SIZE || pic->p.h > DAV1D_FUZZ_MAX_SIZE)
- return DAV1D_ERR(EINVAL);
-
- return default_picture_allocator(pic, cookie);
-}
-#endif
-
// expects ivf input
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
@@ -111,8 +100,7 @@
settings.n_frame_threads = settings.n_tile_threads = 1;
#endif
#if defined(DAV1D_FUZZ_MAX_SIZE)
- default_picture_allocator = settings.allocator.alloc_picture_callback;
- settings.allocator.alloc_picture_callback = fuzz_picture_allocator;
+ settings.frame_size_limit = DAV1D_FUZZ_MAX_SIZE;
#endif
err = dav1d_open(&ctx, &settings);