1*600f14f4SXin Li /* Copyright 2019 Guido Vranken
2*600f14f4SXin Li *
3*600f14f4SXin Li * Permission is hereby granted, free of charge, to any person obtaining
4*600f14f4SXin Li * a copy of this software and associated documentation files (the
5*600f14f4SXin Li * "Software"), to deal in the Software without restriction, including
6*600f14f4SXin Li * without limitation the rights to use, copy, modify, merge, publish,
7*600f14f4SXin Li * distribute, sublicense, and/or sell copies of the Software, and to
8*600f14f4SXin Li * permit persons to whom the Software is furnished to do so, subject
9*600f14f4SXin Li * to the following conditions:
10*600f14f4SXin Li *
11*600f14f4SXin Li * The above copyright notice and this permission notice shall be
12*600f14f4SXin Li * included in all copies or substantial portions of the Software.
13*600f14f4SXin Li *
14*600f14f4SXin Li * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15*600f14f4SXin Li * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16*600f14f4SXin Li * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17*600f14f4SXin Li * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
18*600f14f4SXin Li * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
19*600f14f4SXin Li * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20*600f14f4SXin Li * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21*600f14f4SXin Li * SOFTWARE.
22*600f14f4SXin Li */
23*600f14f4SXin Li
24*600f14f4SXin Li #include <cstddef>
25*600f14f4SXin Li #include <cstdint>
26*600f14f4SXin Li #include <limits>
27*600f14f4SXin Li
28*600f14f4SXin Li #include <fuzzing/datasource/datasource.hpp>
29*600f14f4SXin Li #include <fuzzing/memory.hpp>
30*600f14f4SXin Li
31*600f14f4SXin Li #include "FLAC++/encoder.h"
32*600f14f4SXin Li #include "common.h"
33*600f14f4SXin Li
34*600f14f4SXin Li namespace FLAC {
35*600f14f4SXin Li namespace Encoder {
36*600f14f4SXin Li class FuzzerStream : public Stream {
37*600f14f4SXin Li private:
38*600f14f4SXin Li // fuzzing::datasource::Datasource& ds;
39*600f14f4SXin Li public:
FuzzerStream(fuzzing::datasource::Datasource &)40*600f14f4SXin Li FuzzerStream(fuzzing::datasource::Datasource&) :
41*600f14f4SXin Li Stream() { }
42*600f14f4SXin Li
write_callback(const FLAC__byte buffer[],size_t bytes,uint32_t,uint32_t)43*600f14f4SXin Li ::FLAC__StreamEncoderWriteStatus write_callback(const FLAC__byte buffer[], size_t bytes, uint32_t /* samples */, uint32_t /* current_frame */) override {
44*600f14f4SXin Li fuzzing::memory::memory_test(buffer, bytes);
45*600f14f4SXin Li #if 0
46*600f14f4SXin Li try {
47*600f14f4SXin Li if ( ds.Get<bool>() == true ) {
48*600f14f4SXin Li return FLAC__STREAM_ENCODER_WRITE_STATUS_FATAL_ERROR;
49*600f14f4SXin Li }
50*600f14f4SXin Li } catch ( ... ) { }
51*600f14f4SXin Li #endif
52*600f14f4SXin Li return FLAC__STREAM_ENCODER_WRITE_STATUS_OK;
53*600f14f4SXin Li }
54*600f14f4SXin Li };
55*600f14f4SXin Li }
56*600f14f4SXin Li }
57*600f14f4SXin Li
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)58*600f14f4SXin Li extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
59*600f14f4SXin Li fuzzing::datasource::Datasource ds(data, size);
60*600f14f4SXin Li FLAC::Encoder::FuzzerStream encoder(ds);
61*600f14f4SXin Li
62*600f14f4SXin Li try {
63*600f14f4SXin Li const int channels = ds.Get<uint8_t>();
64*600f14f4SXin Li const int bps = ds.Get<uint8_t>();
65*600f14f4SXin Li encoder.set_channels(channels);
66*600f14f4SXin Li encoder.set_bits_per_sample(bps);
67*600f14f4SXin Li
68*600f14f4SXin Li {
69*600f14f4SXin Li const bool res = encoder.set_streamable_subset(ds.Get<bool>());
70*600f14f4SXin Li fuzzing::memory::memory_test(res);
71*600f14f4SXin Li }
72*600f14f4SXin Li {
73*600f14f4SXin Li const bool res = encoder.set_ogg_serial_number(ds.Get<long>());
74*600f14f4SXin Li fuzzing::memory::memory_test(res);
75*600f14f4SXin Li }
76*600f14f4SXin Li {
77*600f14f4SXin Li const bool res = encoder.set_verify(ds.Get<bool>());
78*600f14f4SXin Li fuzzing::memory::memory_test(res);
79*600f14f4SXin Li }
80*600f14f4SXin Li {
81*600f14f4SXin Li const bool res = encoder.set_compression_level(ds.Get<uint8_t>());
82*600f14f4SXin Li fuzzing::memory::memory_test(res);
83*600f14f4SXin Li }
84*600f14f4SXin Li {
85*600f14f4SXin Li const bool res = encoder.set_do_exhaustive_model_search(ds.Get<bool>());
86*600f14f4SXin Li fuzzing::memory::memory_test(res);
87*600f14f4SXin Li }
88*600f14f4SXin Li {
89*600f14f4SXin Li const bool res = encoder.set_do_mid_side_stereo(ds.Get<bool>());
90*600f14f4SXin Li fuzzing::memory::memory_test(res);
91*600f14f4SXin Li }
92*600f14f4SXin Li {
93*600f14f4SXin Li const bool res = encoder.set_loose_mid_side_stereo(ds.Get<bool>());
94*600f14f4SXin Li fuzzing::memory::memory_test(res);
95*600f14f4SXin Li }
96*600f14f4SXin Li {
97*600f14f4SXin Li const auto s = ds.Get<std::string>();
98*600f14f4SXin Li const bool res = encoder.set_apodization(s.data());
99*600f14f4SXin Li fuzzing::memory::memory_test(res);
100*600f14f4SXin Li }
101*600f14f4SXin Li {
102*600f14f4SXin Li const bool res = encoder.set_max_lpc_order(ds.Get<uint8_t>());
103*600f14f4SXin Li fuzzing::memory::memory_test(res);
104*600f14f4SXin Li }
105*600f14f4SXin Li {
106*600f14f4SXin Li const bool res = encoder.set_qlp_coeff_precision(ds.Get<uint32_t>());
107*600f14f4SXin Li fuzzing::memory::memory_test(res);
108*600f14f4SXin Li }
109*600f14f4SXin Li {
110*600f14f4SXin Li const bool res = encoder.set_do_qlp_coeff_prec_search(ds.Get<bool>());
111*600f14f4SXin Li fuzzing::memory::memory_test(res);
112*600f14f4SXin Li }
113*600f14f4SXin Li {
114*600f14f4SXin Li const bool res = encoder.set_do_escape_coding(ds.Get<bool>());
115*600f14f4SXin Li fuzzing::memory::memory_test(res);
116*600f14f4SXin Li }
117*600f14f4SXin Li {
118*600f14f4SXin Li const bool res = encoder.set_min_residual_partition_order(ds.Get<uint32_t>());
119*600f14f4SXin Li fuzzing::memory::memory_test(res);
120*600f14f4SXin Li }
121*600f14f4SXin Li {
122*600f14f4SXin Li const bool res = encoder.set_max_residual_partition_order(ds.Get<uint32_t>());
123*600f14f4SXin Li fuzzing::memory::memory_test(res);
124*600f14f4SXin Li }
125*600f14f4SXin Li {
126*600f14f4SXin Li const bool res = encoder.set_rice_parameter_search_dist(ds.Get<uint32_t>());
127*600f14f4SXin Li fuzzing::memory::memory_test(res);
128*600f14f4SXin Li }
129*600f14f4SXin Li {
130*600f14f4SXin Li const bool res = encoder.set_total_samples_estimate(ds.Get<uint64_t>());
131*600f14f4SXin Li fuzzing::memory::memory_test(res);
132*600f14f4SXin Li }
133*600f14f4SXin Li {
134*600f14f4SXin Li const bool res = encoder.set_blocksize(ds.Get<uint16_t>());
135*600f14f4SXin Li fuzzing::memory::memory_test(res);
136*600f14f4SXin Li }
137*600f14f4SXin Li {
138*600f14f4SXin Li const bool res = encoder.set_limit_min_bitrate(ds.Get<bool>());
139*600f14f4SXin Li fuzzing::memory::memory_test(res);
140*600f14f4SXin Li }
141*600f14f4SXin Li {
142*600f14f4SXin Li const bool res = encoder.set_sample_rate(ds.Get<uint32_t>());
143*600f14f4SXin Li fuzzing::memory::memory_test(res);
144*600f14f4SXin Li }
145*600f14f4SXin Li
146*600f14f4SXin Li if ( size > 2 * 65535 * 4 ) {
147*600f14f4SXin Li /* With large inputs and expensive options enabled, the fuzzer can get *really* slow.
148*600f14f4SXin Li * Some combinations can make the fuzzer timeout (>60 seconds). However, while combining
149*600f14f4SXin Li * options makes the fuzzer slower, most options do not expose new code when combined.
150*600f14f4SXin Li * Therefore, combining slow options is disabled for large inputs. Any input containing
151*600f14f4SXin Li * more than 65536 * 2 samples of 32 bits each (max blocksize, stereo) is considered large
152*600f14f4SXin Li */
153*600f14f4SXin Li encoder.set_do_qlp_coeff_prec_search(false);
154*600f14f4SXin Li encoder.set_do_exhaustive_model_search(false);
155*600f14f4SXin Li }
156*600f14f4SXin Li if ( size > 2 * 4096 * 4 + 250 ) {
157*600f14f4SXin Li /* With subdivide_tukey in the mix testing apodizations can get really expensive. Therefore
158*600f14f4SXin Li * this is disabled for inputs of more than one whole stereo block of 32-bit inputs plus a
159*600f14f4SXin Li * bit of overhead */
160*600f14f4SXin Li encoder.set_apodization("");
161*600f14f4SXin Li }
162*600f14f4SXin Li
163*600f14f4SXin Li {
164*600f14f4SXin Li ::FLAC__StreamEncoderInitStatus ret;
165*600f14f4SXin Li if ( ds.Get<bool>() ) {
166*600f14f4SXin Li ret = encoder.init();
167*600f14f4SXin Li } else {
168*600f14f4SXin Li ret = encoder.init_ogg();
169*600f14f4SXin Li }
170*600f14f4SXin Li
171*600f14f4SXin Li if ( ret != FLAC__STREAM_ENCODER_INIT_STATUS_OK ) {
172*600f14f4SXin Li goto end;
173*600f14f4SXin Li }
174*600f14f4SXin Li }
175*600f14f4SXin Li
176*600f14f4SXin Li /* These sets must fail, because encoder is already initialized */
177*600f14f4SXin Li {
178*600f14f4SXin Li bool res = false;
179*600f14f4SXin Li res = res || encoder.set_streamable_subset(true);
180*600f14f4SXin Li res = res || encoder.set_ogg_serial_number(0);
181*600f14f4SXin Li res = res || encoder.set_verify(true);
182*600f14f4SXin Li res = res || encoder.set_compression_level(0);
183*600f14f4SXin Li res = res || encoder.set_do_exhaustive_model_search(true);
184*600f14f4SXin Li res = res || encoder.set_do_mid_side_stereo(true);
185*600f14f4SXin Li res = res || encoder.set_loose_mid_side_stereo(true);
186*600f14f4SXin Li res = res || encoder.set_apodization("test");
187*600f14f4SXin Li res = res || encoder.set_max_lpc_order(0);
188*600f14f4SXin Li res = res || encoder.set_qlp_coeff_precision(0);
189*600f14f4SXin Li res = res || encoder.set_do_qlp_coeff_prec_search(true);
190*600f14f4SXin Li res = res || encoder.set_do_escape_coding(true);
191*600f14f4SXin Li res = res || encoder.set_min_residual_partition_order(0);
192*600f14f4SXin Li res = res || encoder.set_max_residual_partition_order(0);
193*600f14f4SXin Li res = res || encoder.set_rice_parameter_search_dist(0);
194*600f14f4SXin Li res = res || encoder.set_total_samples_estimate(0);
195*600f14f4SXin Li res = res || encoder.set_channels(channels);
196*600f14f4SXin Li res = res || encoder.set_bits_per_sample(16);
197*600f14f4SXin Li res = res || encoder.set_limit_min_bitrate(true);
198*600f14f4SXin Li res = res || encoder.set_blocksize(3021);
199*600f14f4SXin Li res = res || encoder.set_sample_rate(44100);
200*600f14f4SXin Li fuzzing::memory::memory_test(res);
201*600f14f4SXin Li if(res)
202*600f14f4SXin Li abort();
203*600f14f4SXin Li }
204*600f14f4SXin Li
205*600f14f4SXin Li
206*600f14f4SXin Li {
207*600f14f4SXin Li /* XORing values as otherwise compiler will optimize, apparently */
208*600f14f4SXin Li bool res = false;
209*600f14f4SXin Li res = res != encoder.get_streamable_subset();
210*600f14f4SXin Li res = res != encoder.get_verify();
211*600f14f4SXin Li res = res != encoder.get_do_exhaustive_model_search();
212*600f14f4SXin Li res = res != encoder.get_do_mid_side_stereo();
213*600f14f4SXin Li res = res != encoder.get_loose_mid_side_stereo();
214*600f14f4SXin Li res = res != encoder.get_max_lpc_order();
215*600f14f4SXin Li res = res != encoder.get_qlp_coeff_precision();
216*600f14f4SXin Li res = res != encoder.get_do_qlp_coeff_prec_search();
217*600f14f4SXin Li res = res != encoder.get_do_escape_coding();
218*600f14f4SXin Li res = res != encoder.get_min_residual_partition_order();
219*600f14f4SXin Li res = res != encoder.get_max_residual_partition_order();
220*600f14f4SXin Li res = res != encoder.get_rice_parameter_search_dist();
221*600f14f4SXin Li res = res != encoder.get_total_samples_estimate();
222*600f14f4SXin Li res = res != encoder.get_channels();
223*600f14f4SXin Li res = res != encoder.get_bits_per_sample();
224*600f14f4SXin Li res = res != encoder.get_limit_min_bitrate();
225*600f14f4SXin Li res = res != encoder.get_blocksize();
226*600f14f4SXin Li res = res != encoder.get_sample_rate();
227*600f14f4SXin Li fuzzing::memory::memory_test(res);
228*600f14f4SXin Li }
229*600f14f4SXin Li
230*600f14f4SXin Li
231*600f14f4SXin Li while ( ds.Get<bool>() ) {
232*600f14f4SXin Li {
233*600f14f4SXin Li auto dat = ds.GetVector<FLAC__int32>();
234*600f14f4SXin Li
235*600f14f4SXin Li if( ds.Get<bool>() )
236*600f14f4SXin Li /* Mask */
237*600f14f4SXin Li for (size_t i = 0; i < dat.size(); i++)
238*600f14f4SXin Li /* If we get here, bps is 4 or larger, or init will have failed */
239*600f14f4SXin Li dat[i] = (int32_t)(((uint32_t)(dat[i]) << (32-bps)) >> (32-bps));
240*600f14f4SXin Li
241*600f14f4SXin Li const uint32_t samples = dat.size() / channels;
242*600f14f4SXin Li if ( samples > 0 ) {
243*600f14f4SXin Li const int32_t* ptr = dat.data();
244*600f14f4SXin Li const bool res = encoder.process_interleaved(ptr, samples);
245*600f14f4SXin Li fuzzing::memory::memory_test(res);
246*600f14f4SXin Li }
247*600f14f4SXin Li }
248*600f14f4SXin Li }
249*600f14f4SXin Li } catch ( ... ) { }
250*600f14f4SXin Li
251*600f14f4SXin Li end:
252*600f14f4SXin Li {
253*600f14f4SXin Li const bool res = encoder.finish();
254*600f14f4SXin Li fuzzing::memory::memory_test(res);
255*600f14f4SXin Li }
256*600f14f4SXin Li return 0;
257*600f14f4SXin Li }
258