1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#include <fuzzer/FuzzedDataProvider.h>
#include <cstddef>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <vector>
#include "mpg123.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
static bool initialized = false;
if (!initialized) {
mpg123_init();
initialized = true;
}
int ret;
mpg123_handle* handle = mpg123_new(nullptr, &ret);
if (handle == nullptr) {
return 0;
}
ret = mpg123_param(handle, MPG123_ADD_FLAGS, MPG123_QUIET, 0.);
if(ret == MPG123_OK)
ret = mpg123_open_feed(handle);
if (ret != MPG123_OK) {
mpg123_delete(handle);
return 0;
}
std::vector<uint8_t> output_buffer(mpg123_outblock(handle));
size_t output_written = 0;
// Initially, start by feeding the decoder more data.
int decode_ret = MPG123_NEED_MORE;
FuzzedDataProvider provider(data, size);
while ((decode_ret != MPG123_ERR)) {
if (decode_ret == MPG123_NEED_MORE) {
if (provider.remaining_bytes() == 0
|| mpg123_tellframe(handle) > 10000
|| mpg123_tell_stream(handle) > 1<<20) {
break;
}
const size_t next_size = provider.ConsumeIntegralInRange<size_t>(
0,
provider.remaining_bytes());
auto next_input = provider.ConsumeBytes<unsigned char>(next_size);
decode_ret = mpg123_decode(handle, next_input.data(), next_input.size(),
output_buffer.data(), output_buffer.size(),
&output_written);
} else if (decode_ret != MPG123_ERR && decode_ret != MPG123_NEED_MORE) {
decode_ret = mpg123_decode(handle, nullptr, 0, output_buffer.data(),
output_buffer.size(), &output_written);
} else {
// Unhandled mpg123_decode return value.
abort();
}
}
mpg123_delete(handle);
return 0;
}
|
