diff --git a/include/share/alloc.h b/include/share/alloc.h index 6c857b4c..eedd9769 100644 --- a/include/share/alloc.h +++ b/include/share/alloc.h @@ -64,15 +64,19 @@ #endif #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -extern int alloc_check_threshold, alloc_check_counter; + +extern int alloc_check_threshold, alloc_check_counter, alloc_check_keep_failing; static inline int alloc_check(void) { if(alloc_check_threshold == INT32_MAX) return 0; else if(alloc_check_counter++ == alloc_check_threshold) return 1; - else + else if(alloc_check_keep_failing && (alloc_check_counter > alloc_check_threshold)) + return 1; + else { return 0; + } } #endif diff --git a/oss-fuzz/common.h b/oss-fuzz/common.h index 9545f95e..f264a590 100644 --- a/oss-fuzz/common.h +++ b/oss-fuzz/common.h @@ -1,2 +1,2 @@ -extern int alloc_check_threshold, alloc_check_counter; -int alloc_check_threshold = INT32_MAX, alloc_check_counter = 0; +extern int alloc_check_threshold, alloc_check_counter, alloc_check_keep_failing; +int alloc_check_threshold = INT32_MAX, alloc_check_counter = 0, alloc_check_keep_failing = 0; diff --git a/oss-fuzz/encoder_v2.cc b/oss-fuzz/encoder_v2.cc index 1b12ff6b..3dc02549 100644 --- a/oss-fuzz/encoder_v2.cc +++ b/oss-fuzz/encoder_v2.cc @@ -229,21 +229,27 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if(!vorbiscomment_valid) { FLAC__metadata_object_delete(metadata[num_metadata]); metadata[num_metadata] = 0; + encoder_valid = false; } else num_metadata++; } + else { + encoder_valid = false; + } } if(encoder_valid && (metadata_mask & 32)){ if((metadata[num_metadata] = FLAC__metadata_object_new(FLAC__METADATA_TYPE_CUESHEET)) != NULL) { if(!FLAC__metadata_object_cuesheet_insert_blank_track(metadata[num_metadata],0)) { FLAC__metadata_object_delete(metadata[num_metadata]); metadata[num_metadata] = 0; + encoder_valid = false; } else { if(!FLAC__metadata_object_cuesheet_track_insert_blank_index(metadata[num_metadata],0,0)) { FLAC__metadata_object_delete(metadata[num_metadata]); metadata[num_metadata] = 0; + encoder_valid = false; } else { metadata[num_metadata]->data.cue_sheet.tracks[0].number = 1; @@ -251,11 +257,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } } } + else { + encoder_valid = false; + } } if(encoder_valid && (metadata_mask & 64)){ if((metadata[num_metadata] = FLAC__metadata_object_new(FLAC__METADATA_TYPE_PICTURE)) != NULL) { num_metadata++; } + else { + encoder_valid = false; + } } if(encoder_valid && (metadata_mask & 128)){ if((metadata[num_metadata] = FLAC__metadata_object_new(FLAC__METADATA_TYPE_UNDEFINED)) != NULL) { @@ -263,10 +275,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) metadata[num_metadata]->data.unknown.data = (FLAC__byte *)calloc(24, 1); num_metadata++; } + else { + encoder_valid = false; + } } if(num_metadata && encoder_valid) - encoder_valid = FLAC__stream_encoder_set_metadata(encoder, metadata, num_metadata); + encoder_valid = FLAC__stream_encoder_set_metadata(encoder, metadata, num_metadata); /* initialize encoder */ if(encoder_valid) { diff --git a/oss-fuzz/tool_flac.c b/oss-fuzz/tool_flac.c index 5c6a5f6b..4c2dc9bb 100644 --- a/oss-fuzz/tool_flac.c +++ b/oss-fuzz/tool_flac.c @@ -57,13 +57,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) share__opterr = 0; share__optind = 0; - if(size < 2) + if(size < 3) return 0; maxarg = data[0] & 63; use_stdin = data[0] & 64; size_left--; + alloc_check_counter = 0; + if(data[0] & 128) { + alloc_check_keep_failing = data[1] & 1; + alloc_check_threshold = data[1] >> 1; + size_left--; + } + else + alloc_check_threshold = INT32_MAX; + argv[0] = exename; numarg++;