tools/target_dec_fuzzer: Adjust threshold for PIXLET

Fixes: Timeout Fixes: 425754611/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-4778526102585344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/ffv1enc: Consider variation in slice sizes
2025-10-19 02:07:03 +02:00 · 2025-10-19 01:37:26 +02:00 · 2025-10-19 01:37:17 +02:00 · 2025-10-19 01:37:14 +02:00 · 2025-10-19 01:37:10 +02:00 · 2025-10-19 01:37:06 +02:00
4 changed files with 11 additions and 4 deletions
--- a/2
+++ b/2
@ -211,7 +211,7 @@ Codecs:
  libkvazaar.c                          Arttu Ylä-Outinen
  libopenh264enc.c                      Martin Storsjo, Linjie Fu
  libopenjpegenc.c                      Michael Bradshaw
-  libtheoraenc.c                        David Conrad
+  libtheoraenc.c                    [0]
  libvorbis.c                           David Conrad
  libvpx*                               James Zern
  libxavs.c                             Stefan Gehrer
--- a/libavcodec/cbs_apv_syntax_template.c
+++ b/libavcodec/cbs_apv_syntax_template.c
@ -263,7 +263,7 @@ static int FUNC(frame)(CodedBitstreamContext *ctx, RWContext *rw,
    CHECK(FUNC(frame_header)(ctx, rw, &current->frame_header));
    for (int t = 0; t < priv->num_tiles; t++) {
-        us(32, tile_size[t], 10, MAX_UINT_BITS(32), 1, t);
+        us(32, tile_size[t], 10, MAX_INT_BITS(32), 1, t);
        CHECK(FUNC(tile)(ctx, rw, &current->tile[t],
                         t, current->tile_size[t]));
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@ -1684,9 +1684,11 @@ size_t ff_ffv1_encode_buffer_size(AVCodecContext *avctx)
 {
    FFV1Context *f = avctx->priv_data;
-    size_t maxsize = avctx->width*avctx->height * (1 + f->transparency);
+    int w = avctx->width  + f->num_h_slices;
    int h = avctx->height + f->num_v_slices;
    size_t maxsize = w*h * (1 + f->transparency);
    if (f->chroma_planes)
-        maxsize += AV_CEIL_RSHIFT(avctx->width, f->chroma_h_shift) * AV_CEIL_RSHIFT(f->height, f->chroma_v_shift) * 2;
+        maxsize += AV_CEIL_RSHIFT(w, f->chroma_h_shift) * AV_CEIL_RSHIFT(h, f->chroma_v_shift) * 2;
    maxsize += f->slice_count * 800; //for slice header
    if (f->version > 3) {
        maxsize *= f->bits_per_raw_sample + 1;
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@ -225,10 +225,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    case AV_CODEC_ID_BETHSOFTVID: maxpixels  /= 8192;  break;
    case AV_CODEC_ID_BINKVIDEO:   maxpixels  /= 32;    break;
    case AV_CODEC_ID_BONK:        maxsamples /= 1<<20; break;
    case AV_CODEC_ID_CAVS:        maxpixels  /= 1024;  break;
    case AV_CODEC_ID_CDTOONS:     maxpixels  /= 1024;  break;
    case AV_CODEC_ID_CFHD:        maxpixels  /= 16384; break;
    case AV_CODEC_ID_CINEPAK:     maxpixels  /= 128;   break;
    case AV_CODEC_ID_COOK:        maxsamples /= 1<<20; break;
    case AV_CODEC_ID_CRI:         maxpixels  /= 1024;  break;
    case AV_CODEC_ID_CSCD:        maxpixels  /= 1024;  break;
    case AV_CODEC_ID_DFA:         maxpixels  /= 1024;  break;
    case AV_CODEC_ID_DIRAC:       maxpixels  /= 8192;  break;
@ -258,6 +260,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    case AV_CODEC_ID_INDEO4:      maxpixels  /= 128;   break;
    case AV_CODEC_ID_INDEO5:      maxpixels  /= 1024;  break;
    case AV_CODEC_ID_INTERPLAY_ACM: maxsamples /= 16384;  break;
    case AV_CODEC_ID_INTERPLAY_VIDEO: maxpixels /= 256;  break;
    case AV_CODEC_ID_JPEG2000:    maxpixels  /= 16384; break;
    case AV_CODEC_ID_LAGARITH:    maxpixels  /= 1024;  break;
    case AV_CODEC_ID_LOCO:        maxpixels  /= 1024;  break;
@ -283,11 +286,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    case AV_CODEC_ID_MXPEG:       maxpixels  /= 128;   break;
    case AV_CODEC_ID_NUV:         maxpixels  /= 128;   break;
    case AV_CODEC_ID_OPUS:        maxsamples /= 16384; break;
    case AV_CODEC_ID_PIXLET:      maxpixels  /= 1024;  break;
    case AV_CODEC_ID_PNG:         maxpixels  /= 128;   break;
    case AV_CODEC_ID_APNG:        maxpixels  /= 128;   break;
    case AV_CODEC_ID_QTRLE:       maxpixels  /= 16;    break;
    case AV_CODEC_ID_PAF_VIDEO:   maxpixels  /= 16;    break;
    case AV_CODEC_ID_PRORES:      maxpixels  /= 256;   break;
    case AV_CODEC_ID_QDRAW:       maxpixels  /= 256;   break;
    case AV_CODEC_ID_QPEG:        maxpixels  /= 256;   break;
    case AV_CODEC_ID_RKA:         maxsamples /= 1<<20; break;
    case AV_CODEC_ID_RSCC:        maxpixels  /= 256;   break;
Author	SHA1	Message	Date
Michael Niedermayer	51d3c4b4b6	tools/target_dec_fuzzer: Adjust threshold for PIXLET Fixes: Timeout Fixes: 425754611/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-4778526102585344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 02:07:03 +02:00
Michael Niedermayer	388e6fb3be	avcodec/ffv1enc: Consider variation in slice sizes When splitting a 5 lines image in 2 slices one will be 3 lines and thus need more space Fixes: Assertion sc->slice_coding_mode == 0 failed at libavcodec/ffv1enc.c:1668 Fixes: 422811239/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4933405139861504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 01:37:26 +02:00
Michael Niedermayer	56ef66d350	tools/target_dec_fuzzer: Adjust threshold for CRI Fixes: Timeout Fixes: 421997576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5335057265131520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 01:37:17 +02:00
Michael Niedermayer	b132c1755a	tools/target_dec_fuzzer: Adjust threshold for qdraw Fixes: Timeout Fixes: 421954735/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4515776981172224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 01:37:14 +02:00
Michael Niedermayer	8988734d09	tools/target_dec_fuzzer: Adjust threshold for CAVS Fixes: Timeout Fixes: 421951267/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-4766360421072896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 01:37:10 +02:00
Michael Niedermayer	51f0f2d2cf	tools/target_dec_fuzzer: Adjust threshold for interplay video Fixes: Timeout Fixes: 421945523/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_VIDEO_fuzzer-4776910965506048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 01:37:06 +02:00
Michael Niedermayer	d43f19064e	MAINTAINERS: libtheoraenc seems unmaintained See: [FFmpeg-devel] libtheora maintainer ? Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 01:37:00 +02:00
Michael Niedermayer	4666c1eed3	libavcodec/cbs_apv_syntax_template: limit tile to 2gb We do not support larger tiles as we use signed int Alternatively we can check this in apv_decode_tile_component() or init_get_bits*() or support bitstreams above 2gb length Fixes: init_get_bits() failure later Fixes: 421817631/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APV_fuzzer-4957386534354944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-10-19 01:32:42 +02:00