Commit ba3a89a1 authored by Mathis Rosenhauer's avatar Mathis Rosenhauer

fuzzing: dump test patterns to files for initial corpus

parent 62f82d00
......@@ -19,7 +19,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
strm.flags |= AEC_DATA_MSB;
if (Data[1] & 0x40)
strm.flags |= AEC_DATA_SIGNED;
if (strm.bits_per_sample <= 24 && strm.bits_per_sample > 16)
if (strm.bits_per_sample <= 24 &&
strm.bits_per_sample > 16 &&
Data[1] & 0x10)
strm.flags |= AEC_DATA_3BYTE;
strm.next_in = (unsigned char *)(Data + 2);
strm.avail_in = Size - 2;
......
......@@ -202,6 +202,10 @@ int encode_decode_small(struct test_state *state)
int encode_decode_large(struct test_state *state)
{
int status, i;
char fbase[1024];
char fname[1024];
FILE *fp;
int bflags;
size_t to;
struct aec_stream *strm = state->strm;
......@@ -215,6 +219,31 @@ int encode_decode_large(struct test_state *state)
printf("Init failed.\n");
return 99;
}
if (state->dump) {
snprintf(fbase, sizeof(fbase), "BPS%02iID%iBS%02iRSI%04iFLG%04i",
strm->bits_per_sample,
state->id,
strm->block_size,
strm->rsi,
strm->flags);
snprintf(fname, sizeof(fname), "%s.dat", fbase);
if ((fp = fopen(fname, "wb")) == NULL) {
fprintf(stderr, "ERROR: cannot open dump file %s\n", fname);
return 99;
}
fputc(strm->bits_per_sample, fp);
bflags = strm->block_size >> 8;
if (strm->flags | AEC_DATA_MSB)
bflags |= 0x80;
if (strm->flags | AEC_DATA_SIGNED)
bflags |= 0x40;
if (strm->flags | AEC_DATA_3BYTE)
bflags |= 0x10;
bflags |= 0x20; /* encode */
fputc(bflags, fp);
fwrite(strm->next_in, strm->avail_in, 1, fp);
fclose(fp);
}
status = aec_encode(strm, AEC_FLUSH);
if (status != AEC_OK) {
......@@ -224,6 +253,19 @@ int encode_decode_large(struct test_state *state)
aec_encode_end(strm);
if (state->dump) {
snprintf(fname, sizeof(fname), "%s.rz", fbase);
if ((fp = fopen(fname, "wb")) == NULL) {
fprintf(stderr, "ERROR: cannot open dump file %s\n", fname);
return 99;
}
fputc(strm->bits_per_sample, fp);
bflags &= ~0x20;
fputc(bflags, fp);
fwrite(state->cbuf, strm->total_out, 1, fp);
fclose(fp);
}
strm->avail_in = strm->total_out;
strm->avail_out = state->buf_len;
strm->next_in = state->cbuf;
......
......@@ -4,6 +4,7 @@
struct test_state {
int (* codec)(struct test_state *state);
int id;
int id_len;
int bytes_per_sample;
unsigned char *ubuf;
......@@ -15,6 +16,7 @@ struct test_state {
long long int xmax;
long long int xmin;
void (*out)(unsigned char *dest, unsigned long long int val, int size);
int dump; /* dump buffer to file for fuzzing corpus */
struct aec_stream *strm;
};
......
......@@ -9,6 +9,7 @@ int check_block_sizes(struct test_state *state, int id, int id_len)
{
int bs, status, rsi, max_rsi;
state->id = id;
for (bs = 8; bs <= 64; bs *= 2) {
state->strm->block_size = bs;
......@@ -282,12 +283,17 @@ int check_byte_orderings(struct test_state *state)
return 0;
}
int main (void)
int main(int argc, char *argv[])
{
int status;
struct aec_stream strm;
struct test_state state;
if (argc > 1 && strncmp(argv[1], "-d", 2) == 0)
state.dump = 1;
else
state.dump = 0;
state.buf_len = state.ibuf_len = BUF_SIZE;
state.cbuf_len = 2 * BUF_SIZE;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment