[libaom] Use fuzzer plugin source from libaom repository (#2515)

Removed av1_dec_fuzzer.cc from projects/libaom and instead using
from libaom repository

BUG=https://crbug.com/aomedia/2257
This commit is contained in:
Harish Mahendrakar 2019-06-14 08:29:20 -07:00 committed by Abhishek Arya
parent 147803b92d
commit 9e3ec89cf2
3 changed files with 13 additions and 98 deletions

View File

@ -19,5 +19,5 @@ MAINTAINER urvang@google.com
RUN apt-get update && apt-get install -y cmake yasm wget RUN apt-get update && apt-get install -y cmake yasm wget
RUN git clone https://aomedia.googlesource.com/aom RUN git clone https://aomedia.googlesource.com/aom
ADD https://storage.googleapis.com/aom-test-data/fuzzer/dec_fuzzer_seed_corpus.zip $SRC/ ADD https://storage.googleapis.com/aom-test-data/fuzzer/dec_fuzzer_seed_corpus.zip $SRC/
COPY build.sh av1_dec_fuzzer.cc av1_dec_fuzzer.dict $SRC/ COPY build.sh av1_dec_fuzzer.dict $SRC/
WORKDIR aom WORKDIR aom

View File

@ -1,68 +0,0 @@
// Fuzzing of AV1 decoder.
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#if defined(DECODE_MODE_threaded)
#include <algorithm>
#endif
#include <memory>
#include "config/aom_config.h"
#include "aom/aom_decoder.h"
#include "aom/aomdx.h"
#include "aom_ports/mem_ops.h"
#include "common/ivfdec.h"
static void close_file(FILE *file) { fclose(file); }
extern "C" void usage_exit(void) { exit(EXIT_FAILURE); }
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
std::unique_ptr<FILE, decltype(&close_file)> file(
fmemopen((void *)data, size, "rb"), &close_file);
if (file == nullptr) {
return 0;
}
char header[32];
if (fread(header, 1, 32, file.get()) != 32) {
return 0;
}
const AvxInterface *decoder = get_aom_decoder_by_name("av1");
if (decoder == nullptr) {
return 0;
}
aom_codec_ctx_t codec;
#if defined(DECODE_MODE)
const unsigned int threads = 1;
#elif defined(DECODE_MODE_threaded)
// Set thread count in the range [2, 64].
const unsigned int threads = std::max((header[0] & 0x3f) + 1, 2);
#else
#error define one of DECODE_MODE or DECODE_MODE_threaded
#endif
aom_codec_dec_cfg_t cfg = {threads, 0, 0, CONFIG_LOWBITDEPTH};
if (aom_codec_dec_init(&codec, decoder->codec_interface(), &cfg, 0)) {
return 0;
}
uint8_t *buffer = nullptr;
size_t buffer_size = 0;
size_t frame_size = 0;
while (!ivf_read_frame(file.get(), &buffer, &frame_size, &buffer_size,
nullptr)) {
const aom_codec_err_t err =
aom_codec_decode(&codec, buffer, frame_size, nullptr);
static_cast<void>(err);
aom_codec_iter_t iter = nullptr;
aom_image_t *img = nullptr;
while ((img = aom_codec_get_frame(&codec, &iter)) != nullptr) {
}
}
aom_codec_destroy(&codec);
free(buffer);
return 0;
}

View File

@ -43,8 +43,7 @@ if [[ $CFLAGS = *sanitize=memory* ]]; then
fi fi
cmake $SRC/aom -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS_RELEASE='-O3 -g' \ cmake $SRC/aom -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS_RELEASE='-O3 -g' \
-DCMAKE_CXX_FLAGS_RELEASE='-O3 -g' -DCMAKE_LD_FLAGS_RELEASE='-O3 -g' \ -DCMAKE_CXX_FLAGS_RELEASE='-O3 -g' -DCONFIG_PIC=1 -DCONFIG_LOWBITDEPTH=1 \
-DCONFIG_PIC=1 -DCONFIG_SCALABILITY=0 -DCONFIG_LOWBITDEPTH=1 \
-DCONFIG_AV1_ENCODER=0 -DENABLE_EXAMPLES=0 -DENABLE_DOCS=0 -DENABLE_TESTS=0 \ -DCONFIG_AV1_ENCODER=0 -DENABLE_EXAMPLES=0 -DENABLE_DOCS=0 -DENABLE_TESTS=0 \
-DCONFIG_SIZE_LIMIT=1 -DDECODE_HEIGHT_LIMIT=12288 -DDECODE_WIDTH_LIMIT=12288 \ -DCONFIG_SIZE_LIMIT=1 -DDECODE_HEIGHT_LIMIT=12288 -DDECODE_WIDTH_LIMIT=12288 \
-DAOM_EXTRA_C_FLAGS="${extra_c_flags}" \ -DAOM_EXTRA_C_FLAGS="${extra_c_flags}" \
@ -52,35 +51,19 @@ cmake $SRC/aom -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS_RELEASE='-O3 -g' \
make -j$(nproc) make -j$(nproc)
popd popd
# Build some libaom utils that are not part of the core lib.
$CC $CFLAGS -std=c99 -c \
-I$SRC/aom \
-I${build_dir} \
$SRC/aom/common/ivfdec.c -o ${build_dir}/ivfdec.o
$CC $CFLAGS -std=c99 -c \
-I$SRC/aom \
-I${build_dir} \
$SRC/aom/common/tools_common.c -o ${build_dir}/tools_common.o
# build fuzzers # build fuzzers
fuzzer_src_name=av1_dec_fuzzer fuzzer_src_name=av1_dec_fuzzer
fuzzer_modes=( '' '_threaded' ) fuzzer_name=${fuzzer_src_name}
for mode in "${fuzzer_modes[@]}"; do $CXX $CXXFLAGS -std=c++11 \
fuzzer_name=${fuzzer_src_name}${mode} -I$SRC/aom \
-I${build_dir} \
-Wl,--start-group \
$LIB_FUZZING_ENGINE \
$SRC/aom/examples/${fuzzer_src_name}.cc -o $OUT/${fuzzer_name} \
${build_dir}/libaom.a -Wl,--end-group
$CXX $CXXFLAGS -std=c++11 \ # copy seed corpus.
-DDECODE_MODE${mode} \ cp $SRC/dec_fuzzer_seed_corpus.zip $OUT/${fuzzer_name}_seed_corpus.zip
-I$SRC/aom \ cp $SRC/av1_dec_fuzzer.dict $OUT/${fuzzer_name}.dict
-I${build_dir} \
-Wl,--start-group \
$LIB_FUZZING_ENGINE \
$SRC/${fuzzer_src_name}.cc -o $OUT/${fuzzer_name} \
${build_dir}/libaom.a ${build_dir}/ivfdec.o ${build_dir}/tools_common.o \
-Wl,--end-group
# copy seed corpus.
cp $SRC/dec_fuzzer_seed_corpus.zip $OUT/${fuzzer_name}_seed_corpus.zip
cp $SRC/av1_dec_fuzzer.dict $OUT/${fuzzer_name}.dict
done