Skip to content

Commit a3f40ff

Browse files
kpchoikpchoi
authored
Fuzzing test (#25)
Signed-off-by: [email protected] <[email protected]>
1 parent db6baa6 commit a3f40ff

File tree

2 files changed

+7
-0
lines changed

2 files changed

+7
-0
lines changed

src/oapv.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1865,6 +1865,9 @@ oapvd_t oapvd_create(oapvd_cdesc_t *cdesc, int *err)
18651865
DUMP_CREATE(0);
18661866
ctx = NULL;
18671867

1868+
/* check if any decoder argument is correctly set */
1869+
oapv_assert_gv(cdesc->threads > 0 && cdesc->threads <= OAPV_MAX_THREADS, ret, OAPV_ERR_INVALID_ARGUMENT, ERR);
1870+
18681871
/* memory allocation for ctx and core structure */
18691872
ctx = (oapvd_ctx_t *)dec_ctx_alloc();
18701873
oapv_assert_gv(ctx != NULL, ret, OAPV_ERR_OUT_OF_MEMORY, ERR);
@@ -2074,6 +2077,7 @@ int oapvd_info(void *au, int au_size, oapv_au_info_t *aui)
20742077
// parse frame_info in PBU
20752078
oapv_fi_t fi;
20762079

2080+
oapv_assert_rv(frm_count < OAPV_MAX_NUM_FRAMES, OAPV_ERR_REACHED_MAX)
20772081
ret = oapvd_vlc_frame_info(&bs, &fi);
20782082
oapv_assert_rv(OAPV_SUCCEEDED(ret), ret);
20792083

src/oapv_vlc.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -672,11 +672,13 @@ int oapvd_vlc_frame_info(oapv_bs_t *bs, oapv_fi_t *fi)
672672
DUMP_HLS(fi->frame_width, fi->frame_width);
673673
oapv_assert_rv(fi->frame_width > 0 && fi->frame_width < 0xFFFFFFFF, OAPV_ERR_MALFORMED_BITSTREAM);
674674
fi->frame_width += 1;
675+
oapv_assert_rv(fi->frame_width <= INT_MAX, OAPV_ERR_UNSUPPORTED); // frame width greater than 2^31 is unsupported in the current implementation
675676

676677
fi->frame_height = oapv_bsr_read(bs, 32);
677678
DUMP_HLS(fi->frame_height, fi->frame_height);
678679
oapv_assert_rv(fi->frame_height > 0 && fi->frame_height < 0xFFFFFFFF, OAPV_ERR_MALFORMED_BITSTREAM);
679680
fi->frame_height += 1;
681+
oapv_assert_rv(fi->frame_height <= INT_MAX, OAPV_ERR_UNSUPPORTED); // frame height greater than 2^31 is unsupported in the current implementation
680682

681683
fi->chroma_format_idc = oapv_bsr_read(bs, 4);
682684
DUMP_HLS(fi->chroma_format_idc, fi->chroma_format_idc);
@@ -711,6 +713,7 @@ int oapvd_vlc_au_info(oapv_bs_t *bs, oapv_aui_t *aui)
711713

712714
aui->num_frames = oapv_bsr_read(bs, 16);
713715
DUMP_HLS(num_frames, aui->num_frames);
716+
oapv_assert_rv(aui->num_frames <= OAPV_MAX_NUM_FRAMES, OAPV_ERR_REACHED_MAX);
714717
for(int fidx = 0; fidx < aui->num_frames; fidx++) {
715718
aui->pbu_type[fidx] = oapv_bsr_read(bs, 8);
716719
DUMP_HLS(pbu_type, aui->pbu_type[fidx]);

0 commit comments

Comments
 (0)