mirror of
https://github.com/mpv-player/mpv.git
synced 2025-12-22 10:57:08 +00:00
5f927c6333
While testing larger inputs can be useful for uncovering bugs related to processing large data or inefficiencies in memory allocation, it also makes the fuzzing process slower and more fragile. Beyond the obvious slowdown, there are OOM issues and even in libFuzzer. Specifically, in fuzzer::InputCorpus::AddToCorpus, after a few hours of fuzzing, we accumulate so many inputs that memory usage exceeds our quota. This could be mitigated in other ways, such as dumping data early or shortening the fuzzing run duration. However, in practice, these huge inputs are often not very useful. This change will also encourage the fuzzer to mutate existing data rather than continually adding more bytes to input, because it give higher coverage. Which in turn will produce higher quality corpus. The 100 KiB limit could be reduced further. It's still quite large, let's see how it performs. I believe even 10 KiB might be sufficient or less. This issue is especially noticeable in the Matroska fuzzer, because we add input data there, which is bigger and sets max_len high in fuzzer itself. In a perfect world, we wouldn't need to impose such limits, but in reality, we face constraints in both memory and compute resources. I'll monitor coverage and fuzzing results after this change and adjust as needed. Unfortunately, this will discard all existing corpus entries larger than the limit, but that's expected.
48 lines
1.3 KiB
C
48 lines
1.3 KiB
C
/*
|
|
* This file is part of mpv.
|
|
*
|
|
* mpv is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* mpv is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with mpv. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "common.h"
|
|
|
|
#include "misc/json.h"
|
|
#include "mpv_talloc.h"
|
|
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|
{
|
|
if (size > MAX_FUZZ_SIZE)
|
|
return 0;
|
|
|
|
void *tmp = talloc_new(NULL);
|
|
char *s = talloc_array_ptrtype(tmp, s, size + 1);
|
|
memcpy(s, data, size);
|
|
s[size] = '\0';
|
|
|
|
json_skip_whitespace(&s);
|
|
|
|
struct mpv_node res;
|
|
if (!json_parse(tmp, &res, &s, MAX_JSON_DEPTH)) {
|
|
char *d = talloc_strdup(tmp, "");
|
|
json_write(&d, &res);
|
|
|
|
d[0] = '\0';
|
|
json_write_pretty(&d, &res);
|
|
}
|
|
|
|
talloc_free(tmp);
|
|
|
|
return 0;
|
|
}
|