* mpg123: limit runtime of decode_fuzzer
To avoid spurious timeout reports, the test shall end after 10000 MPEG frames
or 1 MiB of data, which should both be reasonable numbers. The timeout
report motivating this had 500K with 140k bad frames. The limit of
10000 frames corresponds to a normal radio song as MP3 stream.
* mpg123: limit runtime of read_fuzzer
This applies the same logic as the decode fuzzer: stop decoding after
10000 MPEG frames or 1 MiB of input data. We could debate a bigger
limit on the data size, but we do want compact testcases, right?
* mpg123/read_fuzzer: disable error messages from libmpg123
This shall remove any error messages libmpg123 prints out during fuzzing,
leaving only the crash trace at the inevitable end.
* Add fuzzer for mpg123_decode.
This fuzzes a different and non-filebased API that read_fuzzer.c.
mpg123_decode is, however, streaming based so we need to chunk the
fuzzer's input into multiple pieces, and pass them to the library. This
is pretty annoying to do by hand so I've introduced byte_stream.h to do
this automatically. Sadly, byte_stream.h is very C++ so the
decode_fuzzer is also C++ now. This isn't ideal since mpg123 is a
C library but this is the easiest way to do it.
* Do not carry next input within std::string.
* Malloc a new buffer for each decode invocation.
I used malloc instead of new since ideally this fuzz target would be
written in C.
Thomas Orgis