Commit d680a391 authored by Janne Grunau's avatar Janne Grunau Committed by Jean-Baptiste Kempf

oss-fuzz: exit dav1d_fuzzer after ~22 seconds

oss-fuzz uses a timeout of 25 seconds during fuzzing. It sometimes hits
this timeout with memory sanitizer. Instead of modifying the resolution
limit stop processing a sample ~22 seconds. The decoder should have
processed enough data in that time.
parent bfc9f72a
Pipeline #9166 passed with stages
in 6 minutes and 6 seconds
......@@ -26,6 +26,7 @@
*/
#include "config.h"
#include "fuzz_config.h"
#include <errno.h>
#include <stddef.h>
......@@ -36,6 +37,10 @@
#include "src/cpu.h"
#include "dav1d_fuzzer.h"
#if DAV1D_FUZZ_MAX_TIME && defined(HAVE_CLOCK_GETTIME)
#include <time.h>
#endif
#ifdef DAV1D_ALLOC_FAIL
#include <stdlib.h>
......@@ -67,6 +72,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
int have_seq_hdr = 0;
int err;
#if DAV1D_FUZZ_MAX_TIME && defined(HAVE_CLOCK_GETTIME)
struct timespec start;
if (clock_gettime(CLOCK_MONOTONIC, &start)) {
start.tv_sec = start.tv_nsec = 0;
}
#endif
dav1d_version();
// memory sanitizer is inherently incompatible with asm
......@@ -110,6 +122,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Dav1dData buf;
uint8_t *p;
#if DAV1D_FUZZ_MAX_TIME && defined(HAVE_CLOCK_GETTIME)
// try to avoid timeouts in oss-fuzz
struct timespec cur;
if (!clock_gettime(CLOCK_MONOTONIC, &cur)) {
if (cur.tv_sec - start.tv_sec >= DAV1D_FUZZ_MAX_TIME) {
dav1d_flush(ctx);
break;
}
}
#endif
size_t frame_size = r32le(ptr);
ptr += 12;
......
......@@ -102,6 +102,11 @@ if get_option('fuzzer_ldflags') != ''
fuzzer_ldflags += [get_option('fuzzer_ldflags')]
endif
# Configuratin data for fuzz_config.h
fuzz_cdata = configuration_data()
fuzz_max_time = 0
if fuzzing_engine == 'none'
dav1d_fuzzer_sources += files('libfuzzer/main.c')
elif fuzzing_engine == 'libfuzzer'
......@@ -109,10 +114,21 @@ elif fuzzing_engine == 'libfuzzer'
elif fuzzing_engine == 'oss-fuzz'
# libFuzzingEngine needs libc++
fuzzer_ldflags += ['-lc++']
fuzz_max_time = 22
endif
fuzz_cdata.set('DAV1D_FUZZ_MAX_TIME', fuzz_max_time)
if host_machine.system() != 'windows' and fuzz_max_time > 0
if cc.has_function('clock_gettime', prefix : '#include <time.h>', args : test_args)
fuzz_cdata.set('HAVE_CLOCK_GETTIME', 1)
endif
endif
fuzz_config_h_target = configure_file(output: 'fuzz_config.h', configuration: fuzz_cdata)
dav1d_fuzzer = executable('dav1d_fuzzer',
dav1d_fuzzer_sources,
dav1d_fuzzer_sources, fuzz_config_h_target,
include_directories: dav1d_inc_dirs,
c_args: [stackalign_flag, stackrealign_flag],
link_args: fuzzer_ldflags,
......@@ -122,7 +138,7 @@ dav1d_fuzzer = executable('dav1d_fuzzer',
)
dav1d_fuzzer_mt = executable('dav1d_fuzzer_mt',
dav1d_fuzzer_sources,
dav1d_fuzzer_sources, fuzz_config_h_target,
include_directories: dav1d_inc_dirs,
c_args: [stackalign_flag, stackrealign_flag, '-DDAV1D_MT_FUZZING'],
link_args: fuzzer_ldflags,
......@@ -152,6 +168,7 @@ if (objcopy.found() and
dav1d_fuzzer_mem = executable('dav1d_fuzzer_mem',
dav1d_fuzzer_sources + ['libfuzzer/alloc_fail.c'],
fuzz_config_h_target,
include_directories: dav1d_inc_dirs,
c_args: [stackalign_flag, stackrealign_flag, '-DDAV1D_ALLOC_FAIL'],
link_args: fuzzer_ldflags + [join_paths(libdav1d_af.full_path())],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment