summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMathis Rosenhauer <rosenhauer@dkrz.de>2017-07-05 08:51:03 (GMT)
committerMathis Rosenhauer <rosenhauer@dkrz.de>2017-07-05 08:51:03 (GMT)
commitba3a89a1c1bc6b483526b53ff42e5831a225b7b9 (patch)
treecae23515475e5ef69e86f291149e038e11533e1d
parent62f82d001059962bc0fca7272536b394ab823d42 (diff)
downloadlibaec-ba3a89a1c1bc6b483526b53ff42e5831a225b7b9.zip
libaec-ba3a89a1c1bc6b483526b53ff42e5831a225b7b9.tar.gz
libaec-ba3a89a1c1bc6b483526b53ff42e5831a225b7b9.tar.bz2
fuzzing: dump test patterns to files for initial corpus
-rw-r--r--fuzz/fuzz_target.cc4
-rw-r--r--tests/check_aec.c42
-rw-r--r--tests/check_aec.h2
-rw-r--r--tests/check_code_options.c8
4 files changed, 54 insertions, 2 deletions
diff --git a/fuzz/fuzz_target.cc b/fuzz/fuzz_target.cc
index 4f90055..63fcf79 100644
--- a/fuzz/fuzz_target.cc
+++ b/fuzz/fuzz_target.cc
@@ -19,7 +19,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
strm.flags |= AEC_DATA_MSB;
if (Data[1] & 0x40)
strm.flags |= AEC_DATA_SIGNED;
- if (strm.bits_per_sample <= 24 && strm.bits_per_sample > 16)
+ if (strm.bits_per_sample <= 24 &&
+ strm.bits_per_sample > 16 &&
+ Data[1] & 0x10)
strm.flags |= AEC_DATA_3BYTE;
strm.next_in = (unsigned char *)(Data + 2);
strm.avail_in = Size - 2;
diff --git a/tests/check_aec.c b/tests/check_aec.c
index 4d89fdf..c9d9413 100644
--- a/tests/check_aec.c
+++ b/tests/check_aec.c
@@ -202,6 +202,10 @@ int encode_decode_small(struct test_state *state)
int encode_decode_large(struct test_state *state)
{
int status, i;
+ char fbase[1024];
+ char fname[1024];
+ FILE *fp;
+ int bflags;
size_t to;
struct aec_stream *strm = state->strm;
@@ -215,6 +219,31 @@ int encode_decode_large(struct test_state *state)
printf("Init failed.\n");
return 99;
}
+ if (state->dump) {
+ snprintf(fbase, sizeof(fbase), "BPS%02iID%iBS%02iRSI%04iFLG%04i",
+ strm->bits_per_sample,
+ state->id,
+ strm->block_size,
+ strm->rsi,
+ strm->flags);
+ snprintf(fname, sizeof(fname), "%s.dat", fbase);
+ if ((fp = fopen(fname, "wb")) == NULL) {
+ fprintf(stderr, "ERROR: cannot open dump file %s\n", fname);
+ return 99;
+ }
+ fputc(strm->bits_per_sample, fp);
+ bflags = strm->block_size >> 8;
+ if (strm->flags | AEC_DATA_MSB)
+ bflags |= 0x80;
+ if (strm->flags | AEC_DATA_SIGNED)
+ bflags |= 0x40;
+ if (strm->flags | AEC_DATA_3BYTE)
+ bflags |= 0x10;
+ bflags |= 0x20; /* encode */
+ fputc(bflags, fp);
+ fwrite(strm->next_in, strm->avail_in, 1, fp);
+ fclose(fp);
+ }
status = aec_encode(strm, AEC_FLUSH);
if (status != AEC_OK) {
@@ -224,6 +253,19 @@ int encode_decode_large(struct test_state *state)
aec_encode_end(strm);
+ if (state->dump) {
+ snprintf(fname, sizeof(fname), "%s.rz", fbase);
+ if ((fp = fopen(fname, "wb")) == NULL) {
+ fprintf(stderr, "ERROR: cannot open dump file %s\n", fname);
+ return 99;
+ }
+ fputc(strm->bits_per_sample, fp);
+ bflags &= ~0x20;
+ fputc(bflags, fp);
+ fwrite(state->cbuf, strm->total_out, 1, fp);
+ fclose(fp);
+ }
+
strm->avail_in = strm->total_out;
strm->avail_out = state->buf_len;
strm->next_in = state->cbuf;
diff --git a/tests/check_aec.h b/tests/check_aec.h
index d5fdb99..02c3e77 100644
--- a/tests/check_aec.h
+++ b/tests/check_aec.h
@@ -4,6 +4,7 @@
struct test_state {
int (* codec)(struct test_state *state);
+ int id;
int id_len;
int bytes_per_sample;
unsigned char *ubuf;
@@ -15,6 +16,7 @@ struct test_state {
long long int xmax;
long long int xmin;
void (*out)(unsigned char *dest, unsigned long long int val, int size);
+ int dump; /* dump buffer to file for fuzzing corpus */
struct aec_stream *strm;
};
diff --git a/tests/check_code_options.c b/tests/check_code_options.c
index f77b789..4f013b0 100644
--- a/tests/check_code_options.c
+++ b/tests/check_code_options.c
@@ -9,6 +9,7 @@ int check_block_sizes(struct test_state *state, int id, int id_len)
{
int bs, status, rsi, max_rsi;
+ state->id = id;
for (bs = 8; bs <= 64; bs *= 2) {
state->strm->block_size = bs;
@@ -282,12 +283,17 @@ int check_byte_orderings(struct test_state *state)
return 0;
}
-int main (void)
+int main(int argc, char *argv[])
{
int status;
struct aec_stream strm;
struct test_state state;
+ if (argc > 1 && strncmp(argv[1], "-d", 2) == 0)
+ state.dump = 1;
+ else
+ state.dump = 0;
+
state.buf_len = state.ibuf_len = BUF_SIZE;
state.cbuf_len = 2 * BUF_SIZE;