[vlc-devel] [PATCH] fuzz: add demux fuzzer

[Shaleen Jain]

---
 test/fuzz/libvlc_demux_fuzzer.cpp | 90 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 test/fuzz/libvlc_demux_fuzzer.cpp

diff --git a/test/fuzz/libvlc_demux_fuzzer.cpp b/test/fuzz/libvlc_demux_fuzzer.cpp
new file mode 100644
index 0000000000..c17f6c46ba
--- /dev/null
+++ b/test/fuzz/libvlc_demux_fuzzer.cpp
@@ -0,0 +1,90 @@
+#include <vlc/libvlc.h>
+
+#include <vlc_common.h>
+#include <vlc_stream.h>
+#include <vlc_demux.h>
+#include <vlc_meta.h>
+#include <assert.h>
+
+#include "../../lib/libvlc_internal.h"
+
+es_out_id_t * pf_add_stub( es_out_t *out, const es_format_t *fmt ) { return NULL; }
+void pf_del_stub( es_out_t *out, es_out_id_t *es ) {}
+
+int pf_send_stub ( es_out_t *out, es_out_id_t *es, block_t *p_block ) {
+    block_Release( p_block );
+    return VLC_SUCCESS;
+}
+
+int pf_control_stub ( es_out_t *out, int i_query, va_list args ) { return VLC_SUCCESS; }
+void pf_destroy_stub ( es_out_t *out ) {}
+
+unsigned demux_TestAndClearFlags( demux_t *p_demux, unsigned flags )
+{
+    unsigned i_update;
+    if ( demux_Control( p_demux, DEMUX_TEST_AND_CLEAR_FLAGS, &i_update ) == VLC_SUCCESS )
+        return i_update;
+    unsigned ret = p_demux->info.i_update & flags;
+    p_demux->info.i_update &= ~flags;
+    return ret;
+}
+
+void demux_GetMeta(demux_t *p_demux) {
+    vlc_meta_t *p_meta = vlc_meta_New();
+    if( unlikely(p_meta == NULL) )
+        return;
+
+    demux_Control( p_demux, DEMUX_GET_META, p_meta );
+
+    input_attachment_t **attachment;
+    int i_attachment;
+
+    demux_Control( p_demux, DEMUX_GET_ATTACHMENTS, &attachment, &i_attachment );
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+
+    // Initialize the libVLC Instance
+    setenv( "VLC_PLUGIN_PATH", "../../modules", 1 );
+    libvlc_instance_t *p_libvlc = libvlc_new(0, NULL);
+    assert(p_libvlc != NULL);
+
+    // Create an input stream
+    stream_t *p_stream = vlc_stream_MemoryNew(p_libvlc->p_libvlc_int,
+            const_cast<uint8_t *>(Data), Size, true);
+    assert(p_stream != NULL);
+
+    es_out_t es_out = {
+            .pf_add = pf_add_stub,
+            .pf_send = pf_send_stub,
+            .pf_del = pf_del_stub,
+            .pf_control = pf_control_stub,
+            .pf_destroy = pf_destroy_stub,
+            .p_sys = NULL
+    };
+
+    // Load an appropriate demuxer
+    demux_t *p_demux = demux_New(VLC_OBJECT(p_libvlc->p_libvlc_int), "","", p_stream, &es_out);
+
+    // Check if we loaded a demuxer
+    if(p_demux != NULL) {
+
+        int i_ret;
+        do {
+            i_ret = demux_Demux( p_demux );
+
+            if( demux_TestAndClearFlags( p_demux, INPUT_UPDATE_TITLE_LIST ) )
+                demux_Control( p_demux, DEMUX_GET_TITLE_INFO );
+
+            if( demux_TestAndClearFlags( p_demux, INPUT_UPDATE_META ) )
+                demux_GetMeta( p_demux );
+        } while( i_ret == VLC_DEMUXER_SUCCESS );
+
+        demux_Delete( p_demux );
+    } else {
+        vlc_stream_Delete(p_stream);
+    }
+
+    libvlc_release(p_libvlc);
+    return 0;
+}
-- 
2.13.1