diff options
author | Martijn van Beurden <mvanb1@gmail.com> | 2022-08-13 20:22:46 +0200 |
---|---|---|
committer | Martijn van Beurden <mvanb1@gmail.com> | 2022-08-20 16:03:53 +0200 |
commit | 1f21ae2702dd5073cc068a37a99313f752ff9cf8 (patch) | |
tree | 67d8805d4c796f7ebc711a0331ee99758b7e0edc | |
parent | 3ce4475451d19ea2762c596797f95c8fd0204bf2 (diff) | |
download | flac-1f21ae2702dd5073cc068a37a99313f752ff9cf8.tar.gz |
Add write callback abort check to seeking fuzzer
If the write callback calls for an abort, this must be honored.
This commit adds a check to ascertain the write callback isn't
called again
-rw-r--r-- | oss-fuzz/fuzzer_seek.cc | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/oss-fuzz/fuzzer_seek.cc b/oss-fuzz/fuzzer_seek.cc index 023ac405..ed89b233 100644 --- a/oss-fuzz/fuzzer_seek.cc +++ b/oss-fuzz/fuzzer_seek.cc @@ -34,6 +34,8 @@ #include "FLAC/stream_decoder.h" #include "fuzzer_common.h" +int write_abort_check_counter = -1; + #if 0 /* set to 1 to debug */ #define FPRINTF_DEBUG_ONLY(...) fprintf(__VA_ARGS__) #else @@ -45,6 +47,13 @@ static FLAC__StreamDecoderWriteStatus write_callback(const FLAC__StreamDecoder *decoder, const FLAC__Frame *frame, const FLAC__int32 *const buffer[], void *client_data) { (void)decoder, (void)frame, (void)buffer, (void)client_data; + if(write_abort_check_counter > 0) + write_abort_check_counter--; + if(write_abort_check_counter == 0) + return FLAC__STREAM_DECODER_WRITE_STATUS_ABORT; + else if(write_abort_check_counter == 0) + /* This must not happen: write callback called after abort is returned */ + abort(); return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE; } @@ -67,6 +76,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) alloc_check_threshold = INT32_MAX; alloc_check_counter = 0; + write_abort_check_counter = -1; /* allocate the decoder */ if((decoder = FLAC__stream_decoder_new()) == NULL) { @@ -123,7 +133,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) uint8_t shift = 1u << (command[0] >> 3); FLAC__uint64 seekpos; - switch(command[0] & 7){ + switch(command[0] & 15){ case 0: FPRINTF_DEBUG_ONLY(stderr,"end_of_stream\n"); decoder_valid = FLAC__stream_decoder_process_until_end_of_stream(decoder); @@ -149,6 +159,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) decoder_valid = FLAC__stream_decoder_flush(decoder); break; case 6: + case 14: shift = 1u << (command[0] >> 3); FPRINTF_DEBUG_ONLY(stderr,"seek short %hhu\n",shift); decoder_valid = FLAC__stream_decoder_seek_absolute(decoder,shift); @@ -168,6 +179,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) FPRINTF_DEBUG_ONLY(stderr,"seek long %lu\n",seekpos); decoder_valid = FLAC__stream_decoder_seek_absolute(decoder,seekpos); break; + case 8: + /* Set abort on write callback */ + write_abort_check_counter = (command[0] >> 4) + 1; + break; } } |