From 456eded09c7f24c5ee3f14fd2e358edc7de9064c Mon Sep 17 00:00:00 2001
From: Tyson Smith <tysmith@users.noreply.github.com>
Date: Fri, 25 Jan 2019 12:39:10 -0800
Subject: [openh264] Add to corpus and enable ASM for non-MSAN (#2113)

---
 projects/openh264/Dockerfile         |  2 +-
 projects/openh264/build.sh           | 12 ++++++++++--
 projects/openh264/decoder_fuzzer.cpp |  4 +++-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/projects/openh264/Dockerfile b/projects/openh264/Dockerfile
index eef2b15e..ff598fca 100644
--- a/projects/openh264/Dockerfile
+++ b/projects/openh264/Dockerfile
@@ -16,7 +16,7 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder
 MAINTAINER twsmith@mozilla.com
-RUN apt-get update && apt-get install -y libstdc++-5-dev
+RUN apt-get update && apt-get install -y libstdc++-5-dev nasm subversion
 RUN git clone --depth 1 https://github.com/cisco/openh264.git openh264
 WORKDIR openh264
 COPY build.sh decoder_fuzzer.cpp $SRC/
diff --git a/projects/openh264/build.sh b/projects/openh264/build.sh
index 22b34ad2..cc011a10 100755
--- a/projects/openh264/build.sh
+++ b/projects/openh264/build.sh
@@ -16,8 +16,16 @@
 ################################################################################
 
 # prepare corpus
-zip -q0r ${OUT}/decoder_fuzzer_seed_corpus.zip ./res/
+svn export https://github.com/mozillasecurity/fuzzdata.git/trunk/samples/h264 corpus/
+mv ./res/*.264 ./corpus/
+zip -q0r ${OUT}/decoder_fuzzer_seed_corpus.zip ./corpus/
 
 # build 
-make -j$(nproc) USE_ASM=No BUILDTYPE=Debug libraries
+if [[ $CXXFLAGS = *sanitize=memory* ]]
+then
+  ASM_BUILD=No
+else
+  ASM_BUILD=Yes
+fi
+make -j$(nproc) USE_ASM=$ASM_BUILD BUILDTYPE=Debug libraries
 $CXX $CXXFLAGS -o $OUT/decoder_fuzzer -I./codec/api/svc -I./codec/console/common/inc -I./codec/common/inc -L. -lFuzzingEngine $SRC/decoder_fuzzer.cpp libopenh264.a
diff --git a/projects/openh264/decoder_fuzzer.cpp b/projects/openh264/decoder_fuzzer.cpp
index 2d5abb74..2c639adf 100644
--- a/projects/openh264/decoder_fuzzer.cpp
+++ b/projects/openh264/decoder_fuzzer.cpp
@@ -26,6 +26,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
   int32_t i;
   int32_t iBufPos = 0;
   int32_t iEndOfStreamFlag;
+  int iLevelSetting = (int) WELS_LOG_QUIET; // disable logging while fuzzing
   int32_t iSliceSize;
   ISVCDecoder *pDecoder;
   SDecodingParam sDecParam = {0};
@@ -40,11 +41,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
   // TODO: is this the best/fastest ERROR_CON to use?
   sDecParam.eEcActiveIdc = ERROR_CON_SLICE_COPY;
-  // TODO: should we also fuzz VIDEO_BITSTREAM_SVC
+  // TODO: should we also fuzz VIDEO_BITSTREAM_SVC?
   sDecParam.sVideoProperty.eVideoBsType = VIDEO_BITSTREAM_AVC;
   
   WelsCreateDecoder (&pDecoder);
   pDecoder->Initialize (&sDecParam);
+  pDecoder->SetOption (DECODER_OPTION_TRACE_LEVEL, &iLevelSetting);
 
   while (1) {
     if (iBufPos >= size) {
-- 
cgit v1.2.3