diff options
author | Jean-Michel Trivi <jmtrivi@google.com> | 2020-07-10 18:32:39 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-07-10 18:32:39 +0000 |
commit | ef38dee702f1d8d34ab53e957549d410fc99262b (patch) | |
tree | 0e353968c34e8c9699663a9b252836b70847c30b | |
parent | e445fffa0c3b9de62b533d6af0cb4c50d8480511 (diff) | |
parent | 73da86e336c5d79b12a5d54da4448f85bbd8875b (diff) | |
download | fdk-aac-ef38dee702f1d8d34ab53e957549d410fc99262b.tar.gz fdk-aac-ef38dee702f1d8d34ab53e957549d410fc99262b.tar.bz2 fdk-aac-ef38dee702f1d8d34ab53e957549d410fc99262b.zip |
Merge "Improve code coverage for aac_dec_fuzzer" am: 760e8921c2 am: 946a672b0f am: e0624f4c05 am: 73da86e336
Original change: https://android-review.googlesource.com/c/platform/external/aac/+/1324135
Change-Id: I68267add047f0ea432e5f83e1fbd5d673ba21715
-rw-r--r-- | fuzzer/aac_dec_fuzzer.cpp | 66 |
1 files changed, 61 insertions, 5 deletions
diff --git a/fuzzer/aac_dec_fuzzer.cpp b/fuzzer/aac_dec_fuzzer.cpp index 686c42f..b5545fc 100644 --- a/fuzzer/aac_dec_fuzzer.cpp +++ b/fuzzer/aac_dec_fuzzer.cpp @@ -19,10 +19,58 @@ */ #include <stdint.h> +#include <string.h> +#include <algorithm> #include "aacdecoder_lib.h" constexpr uint8_t kNumberOfLayers = 1; constexpr uint8_t kMaxChannelCount = 8; +constexpr uint32_t kMaxConfigurationSize = 1024; +constexpr uint32_t kMaxOutBufferSize = 2048 * kMaxChannelCount; + +// Value indicating the start of AAC Header Segment +constexpr const char *kAacSegStartSeq = "AAC_STRT"; +constexpr uint8_t kAacSegStartSeqLen = sizeof(kAacSegStartSeq); +// Value indicating the end of AAC Header Segment +constexpr const char *kAacSegEndSeq = "AAC_ENDS"; +constexpr uint8_t kAacSegEndSeqLen = sizeof(kAacSegEndSeq); + +// Number of bytes used to signal the length of the header +constexpr uint8_t kHeaderLengthBytes = 2; +// Minimum size of an AAC header is 2 +// Minimum data required is +// strlen(AAC_STRT) + strlen(AAC_ENDS) + kHeaderLengthBytes + 2; +constexpr UINT kMinDataSize = kAacSegStartSeqLen + kAacSegEndSeqLen + kHeaderLengthBytes + 2; + +UINT getHeaderSize(UCHAR *data, UINT size) { + if (size < kMinDataSize) { + return 0; + } + + int32_t result = memcmp(data, kAacSegStartSeq, kAacSegStartSeqLen); + if (result) { + return 0; + } + data += kAacSegStartSeqLen; + size -= kAacSegStartSeqLen; + + uint32_t headerLengthInBytes = (data[0] << 8 | data[1]) & 0xFFFF; + data += kHeaderLengthBytes; + size -= kHeaderLengthBytes; + + if (headerLengthInBytes + kAacSegEndSeqLen > size) { + return 0; + } + + data += headerLengthInBytes; + size -= headerLengthInBytes; + result = memcmp(data, kAacSegEndSeq, kAacSegEndSeqLen); + if (result) { + return 0; + } + + return std::min(headerLengthInBytes, kMaxConfigurationSize); +} class Codec { public: @@ -51,6 +99,14 @@ void Codec::deInitDecoder() { } void Codec::decodeFrames(UCHAR *data, UINT size) { + UINT headerSize = getHeaderSize(data, size); + if (headerSize != 0) { + data += kAacSegStartSeqLen + kHeaderLengthBytes; + size -= kAacSegStartSeqLen + kHeaderLengthBytes; + aacDecoder_ConfigRaw(mAacDecoderHandle, &data, &headerSize); + data += headerSize + kAacSegEndSeqLen; + size -= headerSize + kAacSegEndSeqLen; + } while (size > 0) { UINT inputSize = size; UINT valid = size; @@ -59,11 +115,11 @@ void Codec::decodeFrames(UCHAR *data, UINT size) { ++data; --size; } else { - INT_PCM outputBuf[2048 * kMaxChannelCount]; - aacDecoder_DecodeFrame(mAacDecoderHandle, outputBuf, 2048 * kMaxChannelCount, 0); - if (valid >= inputSize) { - return; - } + INT_PCM outputBuf[kMaxOutBufferSize]; + do { + mErrorCode = + aacDecoder_DecodeFrame(mAacDecoderHandle, outputBuf, sizeof(outputBuf), 0); + } while (mErrorCode == AAC_DEC_OK); UINT offset = inputSize - valid; data += offset; size = valid; |