diff options
author | Mathis Rosenhauer <rosenhauer@dkrz.de> | 2017-07-05 10:51:03 +0200 |
---|---|---|
committer | Mathis Rosenhauer <rosenhauer@dkrz.de> | 2017-07-05 10:51:03 +0200 |
commit | ba3a89a1c1bc6b483526b53ff42e5831a225b7b9 (patch) | |
tree | cae23515475e5ef69e86f291149e038e11533e1d | |
parent | 62f82d001059962bc0fca7272536b394ab823d42 (diff) | |
download | libaec-ba3a89a1c1bc6b483526b53ff42e5831a225b7b9.tar.gz libaec-ba3a89a1c1bc6b483526b53ff42e5831a225b7b9.tar.bz2 libaec-ba3a89a1c1bc6b483526b53ff42e5831a225b7b9.zip |
fuzzing: dump test patterns to files for initial corpus
-rw-r--r-- | fuzz/fuzz_target.cc | 4 | ||||
-rw-r--r-- | tests/check_aec.c | 42 | ||||
-rw-r--r-- | tests/check_aec.h | 2 | ||||
-rw-r--r-- | tests/check_code_options.c | 8 |
4 files changed, 54 insertions, 2 deletions
diff --git a/fuzz/fuzz_target.cc b/fuzz/fuzz_target.cc index 4f90055..63fcf79 100644 --- a/fuzz/fuzz_target.cc +++ b/fuzz/fuzz_target.cc @@ -19,7 +19,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { strm.flags |= AEC_DATA_MSB; if (Data[1] & 0x40) strm.flags |= AEC_DATA_SIGNED; - if (strm.bits_per_sample <= 24 && strm.bits_per_sample > 16) + if (strm.bits_per_sample <= 24 && + strm.bits_per_sample > 16 && + Data[1] & 0x10) strm.flags |= AEC_DATA_3BYTE; strm.next_in = (unsigned char *)(Data + 2); strm.avail_in = Size - 2; diff --git a/tests/check_aec.c b/tests/check_aec.c index 4d89fdf..c9d9413 100644 --- a/tests/check_aec.c +++ b/tests/check_aec.c @@ -202,6 +202,10 @@ int encode_decode_small(struct test_state *state) int encode_decode_large(struct test_state *state) { int status, i; + char fbase[1024]; + char fname[1024]; + FILE *fp; + int bflags; size_t to; struct aec_stream *strm = state->strm; @@ -215,6 +219,31 @@ int encode_decode_large(struct test_state *state) printf("Init failed.\n"); return 99; } + if (state->dump) { + snprintf(fbase, sizeof(fbase), "BPS%02iID%iBS%02iRSI%04iFLG%04i", + strm->bits_per_sample, + state->id, + strm->block_size, + strm->rsi, + strm->flags); + snprintf(fname, sizeof(fname), "%s.dat", fbase); + if ((fp = fopen(fname, "wb")) == NULL) { + fprintf(stderr, "ERROR: cannot open dump file %s\n", fname); + return 99; + } + fputc(strm->bits_per_sample, fp); + bflags = strm->block_size >> 8; + if (strm->flags | AEC_DATA_MSB) + bflags |= 0x80; + if (strm->flags | AEC_DATA_SIGNED) + bflags |= 0x40; + if (strm->flags | AEC_DATA_3BYTE) + bflags |= 0x10; + bflags |= 0x20; /* encode */ + fputc(bflags, fp); + fwrite(strm->next_in, strm->avail_in, 1, fp); + fclose(fp); + } status = aec_encode(strm, AEC_FLUSH); if (status != AEC_OK) { @@ -224,6 +253,19 @@ int encode_decode_large(struct test_state *state) aec_encode_end(strm); + if (state->dump) { + snprintf(fname, sizeof(fname), "%s.rz", fbase); + if ((fp = fopen(fname, "wb")) == NULL) { + fprintf(stderr, "ERROR: cannot open dump file %s\n", fname); + return 99; + } + fputc(strm->bits_per_sample, fp); + bflags &= ~0x20; + fputc(bflags, fp); + fwrite(state->cbuf, strm->total_out, 1, fp); + fclose(fp); + } + strm->avail_in = strm->total_out; strm->avail_out = state->buf_len; strm->next_in = state->cbuf; diff --git a/tests/check_aec.h b/tests/check_aec.h index d5fdb99..02c3e77 100644 --- a/tests/check_aec.h +++ b/tests/check_aec.h @@ -4,6 +4,7 @@ struct test_state { int (* codec)(struct test_state *state); + int id; int id_len; int bytes_per_sample; unsigned char *ubuf; @@ -15,6 +16,7 @@ struct test_state { long long int xmax; long long int xmin; void (*out)(unsigned char *dest, unsigned long long int val, int size); + int dump; /* dump buffer to file for fuzzing corpus */ struct aec_stream *strm; }; diff --git a/tests/check_code_options.c b/tests/check_code_options.c index f77b789..4f013b0 100644 --- a/tests/check_code_options.c +++ b/tests/check_code_options.c @@ -9,6 +9,7 @@ int check_block_sizes(struct test_state *state, int id, int id_len) { int bs, status, rsi, max_rsi; + state->id = id; for (bs = 8; bs <= 64; bs *= 2) { state->strm->block_size = bs; @@ -282,12 +283,17 @@ int check_byte_orderings(struct test_state *state) return 0; } -int main (void) +int main(int argc, char *argv[]) { int status; struct aec_stream strm; struct test_state state; + if (argc > 1 && strncmp(argv[1], "-d", 2) == 0) + state.dump = 1; + else + state.dump = 0; + state.buf_len = state.ibuf_len = BUF_SIZE; state.cbuf_len = 2 * BUF_SIZE; |