1 /*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <datasource/FileSource.h>
18 #include <fcntl.h>
19 #include <fuzzer/FuzzedDataProvider.h>
20 #include <media/NdkMediaFormat.h>
21 #include <media/stagefright/foundation/AMessage.h>
22 #include <sys/mman.h>
23 #include <unistd.h>
24 #include <utils/Log.h>
25 #include <fstream>
26
27 const char* kValidKeys[] = {
28 AMEDIAFORMAT_KEY_AAC_DRC_ATTENUATION_FACTOR,
29 AMEDIAFORMAT_KEY_AAC_DRC_BOOST_FACTOR,
30 AMEDIAFORMAT_KEY_AAC_DRC_HEAVY_COMPRESSION,
31 AMEDIAFORMAT_KEY_AAC_DRC_TARGET_REFERENCE_LEVEL,
32 AMEDIAFORMAT_KEY_AAC_ENCODED_TARGET_LEVEL,
33 AMEDIAFORMAT_KEY_AAC_MAX_OUTPUT_CHANNEL_COUNT,
34 AMEDIAFORMAT_KEY_AAC_PROFILE,
35 AMEDIAFORMAT_KEY_AAC_SBR_MODE,
36 AMEDIAFORMAT_KEY_ALBUM,
37 AMEDIAFORMAT_KEY_ALBUMART,
38 AMEDIAFORMAT_KEY_ALBUMARTIST,
39 AMEDIAFORMAT_KEY_ARTIST,
40 AMEDIAFORMAT_KEY_AUDIO_PRESENTATION_INFO,
41 AMEDIAFORMAT_KEY_AUDIO_PRESENTATION_PRESENTATION_ID,
42 AMEDIAFORMAT_KEY_AUDIO_PRESENTATION_PROGRAM_ID,
43 AMEDIAFORMAT_KEY_AUDIO_SESSION_ID,
44 AMEDIAFORMAT_KEY_AUTHOR,
45 AMEDIAFORMAT_KEY_BITRATE_MODE,
46 AMEDIAFORMAT_KEY_BIT_RATE,
47 AMEDIAFORMAT_KEY_BITS_PER_SAMPLE,
48 AMEDIAFORMAT_KEY_CAPTURE_RATE,
49 AMEDIAFORMAT_KEY_CDTRACKNUMBER,
50 AMEDIAFORMAT_KEY_CHANNEL_COUNT,
51 AMEDIAFORMAT_KEY_CHANNEL_MASK,
52 AMEDIAFORMAT_KEY_COLOR_FORMAT,
53 AMEDIAFORMAT_KEY_COLOR_RANGE,
54 AMEDIAFORMAT_KEY_COLOR_STANDARD,
55 AMEDIAFORMAT_KEY_COLOR_TRANSFER,
56 AMEDIAFORMAT_KEY_COMPILATION,
57 AMEDIAFORMAT_KEY_COMPLEXITY,
58 AMEDIAFORMAT_KEY_COMPOSER,
59 AMEDIAFORMAT_KEY_CREATE_INPUT_SURFACE_SUSPENDED,
60 AMEDIAFORMAT_KEY_CRYPTO_DEFAULT_IV_SIZE,
61 AMEDIAFORMAT_KEY_CRYPTO_ENCRYPTED_BYTE_BLOCK,
62 AMEDIAFORMAT_KEY_CRYPTO_ENCRYPTED_SIZES,
63 AMEDIAFORMAT_KEY_CRYPTO_IV,
64 AMEDIAFORMAT_KEY_CRYPTO_KEY,
65 AMEDIAFORMAT_KEY_CRYPTO_MODE,
66 AMEDIAFORMAT_KEY_CRYPTO_PLAIN_SIZES,
67 AMEDIAFORMAT_KEY_CRYPTO_SKIP_BYTE_BLOCK,
68 AMEDIAFORMAT_KEY_CSD,
69 AMEDIAFORMAT_KEY_CSD_0,
70 AMEDIAFORMAT_KEY_CSD_1,
71 AMEDIAFORMAT_KEY_CSD_2,
72 AMEDIAFORMAT_KEY_CSD_AVC,
73 AMEDIAFORMAT_KEY_CSD_HEVC,
74 AMEDIAFORMAT_KEY_D263,
75 AMEDIAFORMAT_KEY_DATE,
76 AMEDIAFORMAT_KEY_DISCNUMBER,
77 AMEDIAFORMAT_KEY_DISPLAY_CROP,
78 AMEDIAFORMAT_KEY_DISPLAY_HEIGHT,
79 AMEDIAFORMAT_KEY_DISPLAY_WIDTH,
80 AMEDIAFORMAT_KEY_DURATION,
81 AMEDIAFORMAT_KEY_ENCODER_DELAY,
82 AMEDIAFORMAT_KEY_ENCODER_PADDING,
83 AMEDIAFORMAT_KEY_ESDS,
84 AMEDIAFORMAT_KEY_EXIF_OFFSET,
85 AMEDIAFORMAT_KEY_EXIF_SIZE,
86 AMEDIAFORMAT_KEY_FLAC_COMPRESSION_LEVEL,
87 AMEDIAFORMAT_KEY_FRAME_COUNT,
88 AMEDIAFORMAT_KEY_FRAME_RATE,
89 AMEDIAFORMAT_KEY_GENRE,
90 AMEDIAFORMAT_KEY_GRID_COLUMNS,
91 AMEDIAFORMAT_KEY_GRID_ROWS,
92 AMEDIAFORMAT_KEY_HAPTIC_CHANNEL_COUNT,
93 AMEDIAFORMAT_KEY_HDR_STATIC_INFO,
94 AMEDIAFORMAT_KEY_HDR10_PLUS_INFO,
95 AMEDIAFORMAT_KEY_HEIGHT,
96 AMEDIAFORMAT_KEY_ICC_PROFILE,
97 AMEDIAFORMAT_KEY_INTRA_REFRESH_PERIOD,
98 AMEDIAFORMAT_KEY_IS_ADTS,
99 AMEDIAFORMAT_KEY_IS_AUTOSELECT,
100 AMEDIAFORMAT_KEY_IS_DEFAULT,
101 AMEDIAFORMAT_KEY_IS_FORCED_SUBTITLE,
102 AMEDIAFORMAT_KEY_IS_SYNC_FRAME,
103 AMEDIAFORMAT_KEY_I_FRAME_INTERVAL,
104 AMEDIAFORMAT_KEY_LANGUAGE,
105 AMEDIAFORMAT_KEY_LAST_SAMPLE_INDEX_IN_CHUNK,
106 AMEDIAFORMAT_KEY_LATENCY,
107 AMEDIAFORMAT_KEY_LEVEL,
108 AMEDIAFORMAT_KEY_LOCATION,
109 AMEDIAFORMAT_KEY_LOOP,
110 AMEDIAFORMAT_KEY_LOW_LATENCY,
111 AMEDIAFORMAT_KEY_LYRICIST,
112 AMEDIAFORMAT_KEY_MANUFACTURER,
113 AMEDIAFORMAT_KEY_MAX_BIT_RATE,
114 AMEDIAFORMAT_KEY_MAX_FPS_TO_ENCODER,
115 AMEDIAFORMAT_KEY_MAX_HEIGHT,
116 AMEDIAFORMAT_KEY_MAX_INPUT_SIZE,
117 AMEDIAFORMAT_KEY_MAX_PTS_GAP_TO_ENCODER,
118 AMEDIAFORMAT_KEY_MAX_WIDTH,
119 AMEDIAFORMAT_KEY_MIME,
120 AMEDIAFORMAT_KEY_MPEG_USER_DATA,
121 AMEDIAFORMAT_KEY_MPEG2_STREAM_HEADER,
122 AMEDIAFORMAT_KEY_MPEGH_COMPATIBLE_SETS,
123 AMEDIAFORMAT_KEY_MPEGH_PROFILE_LEVEL_INDICATION,
124 AMEDIAFORMAT_KEY_MPEGH_REFERENCE_CHANNEL_LAYOUT,
125 AMEDIAFORMAT_KEY_OPERATING_RATE,
126 AMEDIAFORMAT_KEY_PCM_ENCODING,
127 AMEDIAFORMAT_KEY_PICTURE_TYPE,
128 AMEDIAFORMAT_KEY_PRIORITY,
129 AMEDIAFORMAT_KEY_PROFILE,
130 AMEDIAFORMAT_KEY_PCM_BIG_ENDIAN,
131 AMEDIAFORMAT_KEY_PSSH,
132 AMEDIAFORMAT_KEY_PUSH_BLANK_BUFFERS_ON_STOP,
133 AMEDIAFORMAT_KEY_REPEAT_PREVIOUS_FRAME_AFTER,
134 AMEDIAFORMAT_KEY_ROTATION,
135 AMEDIAFORMAT_KEY_SAMPLE_FILE_OFFSET,
136 AMEDIAFORMAT_KEY_SAMPLE_RATE,
137 AMEDIAFORMAT_KEY_SAMPLE_TIME_BEFORE_APPEND,
138 AMEDIAFORMAT_KEY_SAR_HEIGHT,
139 AMEDIAFORMAT_KEY_SAR_WIDTH,
140 AMEDIAFORMAT_KEY_SEI,
141 AMEDIAFORMAT_KEY_SLICE_HEIGHT,
142 AMEDIAFORMAT_KEY_SLOW_MOTION_MARKERS,
143 AMEDIAFORMAT_KEY_STRIDE,
144 AMEDIAFORMAT_KEY_TARGET_TIME,
145 AMEDIAFORMAT_KEY_TEMPORAL_LAYER_COUNT,
146 AMEDIAFORMAT_KEY_TEMPORAL_LAYER_ID,
147 AMEDIAFORMAT_KEY_TEMPORAL_LAYERING,
148 AMEDIAFORMAT_KEY_TEXT_FORMAT_DATA,
149 AMEDIAFORMAT_KEY_THUMBNAIL_CSD_AV1C,
150 AMEDIAFORMAT_KEY_THUMBNAIL_CSD_HEVC,
151 AMEDIAFORMAT_KEY_THUMBNAIL_HEIGHT,
152 AMEDIAFORMAT_KEY_THUMBNAIL_TIME,
153 AMEDIAFORMAT_KEY_THUMBNAIL_WIDTH,
154 AMEDIAFORMAT_KEY_TILE_HEIGHT,
155 AMEDIAFORMAT_KEY_TILE_WIDTH,
156 AMEDIAFORMAT_KEY_TIME_US,
157 AMEDIAFORMAT_KEY_TITLE,
158 AMEDIAFORMAT_KEY_TRACK_ID,
159 AMEDIAFORMAT_KEY_TRACK_INDEX,
160 AMEDIAFORMAT_KEY_VALID_SAMPLES,
161 AMEDIAFORMAT_KEY_VIDEO_ENCODING_STATISTICS_LEVEL,
162 AMEDIAFORMAT_KEY_VIDEO_QP_AVERAGE,
163 AMEDIAFORMAT_VIDEO_QP_B_MAX,
164 AMEDIAFORMAT_VIDEO_QP_B_MIN,
165 AMEDIAFORMAT_VIDEO_QP_I_MAX,
166 AMEDIAFORMAT_VIDEO_QP_I_MIN,
167 AMEDIAFORMAT_VIDEO_QP_MAX,
168 AMEDIAFORMAT_VIDEO_QP_MIN,
169 AMEDIAFORMAT_VIDEO_QP_P_MAX,
170 AMEDIAFORMAT_VIDEO_QP_P_MIN,
171 AMEDIAFORMAT_KEY_WIDTH,
172 AMEDIAFORMAT_KEY_XMP_OFFSET,
173 AMEDIAFORMAT_KEY_XMP_SIZE,
174 AMEDIAFORMAT_KEY_YEAR,
175 };
176 constexpr size_t kMinBytes = 0;
177 constexpr size_t kMaxBytes = 1000;
178 constexpr size_t kMinChoice = 0;
179 constexpr size_t kMaxChoice = 9;
180 const size_t kMaxIteration = android::AMessage::maxAllowedEntries();
181
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)182 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
183 FuzzedDataProvider fdp(data, size);
184 AMediaFormat* mediaFormat = AMediaFormat_new();
185 std::vector<std::string> nameCollection;
186 while (fdp.remaining_bytes() && nameCollection.size() < kMaxIteration) {
187 const char* name = nullptr;
188 std::string nameString;
189 if (fdp.ConsumeBool()) {
190 nameString =
191 fdp.ConsumeBool()
192 ? fdp.PickValueInArray(kValidKeys)
193 : fdp.ConsumeRandomLengthString(
194 fdp.ConsumeIntegralInRange<size_t>(kMinBytes, kMaxBytes));
195 name = nameString.c_str();
196 std::vector<std::string>::iterator it =
197 find(nameCollection.begin(), nameCollection.end(), name);
198 if (it == nameCollection.end()) {
199 nameCollection.push_back(name);
200 }
201 }
202 switch (fdp.ConsumeIntegralInRange<int32_t>(kMinChoice, kMaxChoice)) {
203 case 0: {
204 AMediaFormat_setInt32(mediaFormat, name,
205 fdp.ConsumeIntegral<int32_t>() /* value */);
206 break;
207 }
208 case 1: {
209 AMediaFormat_setInt64(mediaFormat, name,
210 fdp.ConsumeIntegral<int64_t>() /* value */);
211 break;
212 }
213 case 2: {
214 AMediaFormat_setFloat(mediaFormat, name,
215 fdp.ConsumeFloatingPoint<float>() /* value */);
216 break;
217 }
218 case 3: {
219 AMediaFormat_setDouble(mediaFormat, name,
220 fdp.ConsumeFloatingPoint<double>() /* value */);
221 break;
222 }
223 case 4: {
224 AMediaFormat_setSize(mediaFormat, name, fdp.ConsumeIntegral<size_t>() /* value */);
225 break;
226 }
227 case 5: {
228 std::string value;
229 if (fdp.ConsumeBool()) {
230 value = fdp.ConsumeRandomLengthString(
231 fdp.ConsumeIntegralInRange<size_t>(kMinBytes, kMaxBytes));
232 }
233 AMediaFormat_setString(mediaFormat, name,
234 fdp.ConsumeBool() ? nullptr : value.c_str());
235 break;
236 }
237 case 6: {
238 AMediaFormat_setRect(mediaFormat, name, fdp.ConsumeIntegral<int32_t>() /* left */,
239 fdp.ConsumeIntegral<int32_t>() /* top */,
240 fdp.ConsumeIntegral<int32_t>() /* bottom */,
241 fdp.ConsumeIntegral<int32_t>() /* right */);
242 break;
243 }
244 case 7: {
245 std::vector<uint8_t> bufferData = fdp.ConsumeBytes<uint8_t>(
246 fdp.ConsumeIntegralInRange<size_t>(kMinBytes, kMaxBytes));
247 AMediaFormat_setBuffer(mediaFormat, name, bufferData.data(), bufferData.size());
248 break;
249 }
250 case 8: {
251 AMediaFormat_toString(mediaFormat);
252 break;
253 }
254 default: {
255 AMediaFormat* format = fdp.ConsumeBool() ? nullptr : AMediaFormat_new();
256 AMediaFormat_copy(format, mediaFormat);
257 AMediaFormat_delete(format);
258 break;
259 }
260 }
261 }
262 AMediaFormat_clear(mediaFormat);
263 AMediaFormat_delete(mediaFormat);
264 return 0;
265 }
266