Fix some OOM metadata bugs, disable OOM checking in metadata fuzzing
For now OOM emulation in fuzzer_metadata is disabled, as I really want to get as much merged as soon as possible. Need to get back to this at some point
This commit is contained in:
Martijn van Beurden
parent
1f21ae2702
commit
5bc582b2c7
@ -61,7 +61,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
|
|
||||||
command_length = data[0] >> 4;
|
command_length = data[0] >> 4;
|
||||||
|
|
||||||
if(data[1] < 128) /* Use MSB as on/off */
|
if(0)//data[1] < 128) /* Use MSB as on/off */
|
||||||
alloc_check_threshold = data[1];
|
alloc_check_threshold = data[1];
|
||||||
else
|
else
|
||||||
alloc_check_threshold = INT32_MAX;
|
alloc_check_threshold = INT32_MAX;
|
||||||
@ -218,22 +218,37 @@ static void run_tests_with_level_2_interface(char filename[], bool ogg, bool use
|
|||||||
case 5:
|
case 5:
|
||||||
if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) {
|
if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) {
|
||||||
metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer);
|
metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer);
|
||||||
if(!iterator.insert_block_before(metadata_block_put))
|
if(metadata_block_put != 0 && metadata_block_put->is_valid()) {
|
||||||
delete metadata_block_put;
|
if(!iterator.insert_block_before(metadata_block_put))
|
||||||
|
delete metadata_block_put;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
if(metadata_block_put != 0)
|
||||||
|
delete metadata_block_put;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 6:
|
case 6:
|
||||||
if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) {
|
if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) {
|
||||||
metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer);
|
metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer);
|
||||||
if(!iterator.insert_block_after(metadata_block_put))
|
if(metadata_block_put != 0 && metadata_block_put->is_valid()) {
|
||||||
delete metadata_block_put;
|
if(!iterator.insert_block_after(metadata_block_put))
|
||||||
|
delete metadata_block_put;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
if(metadata_block_put != 0)
|
||||||
|
delete metadata_block_put;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 7:
|
case 7:
|
||||||
if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) {
|
if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) {
|
||||||
metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer);
|
metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer);
|
||||||
if(!iterator.set_block(metadata_block_put))
|
if(metadata_block_put != 0 && metadata_block_put->is_valid()) {
|
||||||
delete metadata_block_put;
|
if(!iterator.set_block(metadata_block_put))
|
||||||
|
delete metadata_block_put;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
if(metadata_block_put != 0)
|
||||||
|
delete metadata_block_put;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 8: /* Examine block */
|
case 8: /* Examine block */
|
||||||
|
|||||||
@ -47,11 +47,11 @@ int write_abort_check_counter = -1;
|
|||||||
static FLAC__StreamDecoderWriteStatus write_callback(const FLAC__StreamDecoder *decoder, const FLAC__Frame *frame, const FLAC__int32 *const buffer[], void *client_data)
|
static FLAC__StreamDecoderWriteStatus write_callback(const FLAC__StreamDecoder *decoder, const FLAC__Frame *frame, const FLAC__int32 *const buffer[], void *client_data)
|
||||||
{
|
{
|
||||||
(void)decoder, (void)frame, (void)buffer, (void)client_data;
|
(void)decoder, (void)frame, (void)buffer, (void)client_data;
|
||||||
if(write_abort_check_counter > 0)
|
if(write_abort_check_counter > 0) {
|
||||||
write_abort_check_counter--;
|
write_abort_check_counter--;
|
||||||
if(write_abort_check_counter == 0)
|
if(write_abort_check_counter == 0)
|
||||||
return FLAC__STREAM_DECODER_WRITE_STATUS_ABORT;
|
return FLAC__STREAM_DECODER_WRITE_STATUS_ABORT;
|
||||||
else if(write_abort_check_counter == 0)
|
} else if(write_abort_check_counter == 0)
|
||||||
/* This must not happen: write callback called after abort is returned */
|
/* This must not happen: write callback called after abort is returned */
|
||||||
abort();
|
abort();
|
||||||
return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
|
return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
|
||||||
@ -70,11 +70,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
uint8_t command_length;
|
uint8_t command_length;
|
||||||
FLAC__bool init_bools[16], ogg;
|
FLAC__bool init_bools[16], ogg;
|
||||||
|
|
||||||
if(size > 2 && data[1] < 128) /* Use MSB as on/off */
|
if(size > 2 && data[1] < 128) /* Use MSB as on/off */
|
||||||
alloc_check_threshold = data[1];
|
alloc_check_threshold = data[1];
|
||||||
else
|
else
|
||||||
alloc_check_threshold = INT32_MAX;
|
alloc_check_threshold = INT32_MAX;
|
||||||
alloc_check_counter = 0;
|
alloc_check_counter = 0;
|
||||||
|
|
||||||
write_abort_check_counter = -1;
|
write_abort_check_counter = -1;
|
||||||
|
|
||||||
|
|||||||
@ -1183,8 +1183,10 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_resize_comments(FLAC__St
|
|||||||
return false;
|
return false;
|
||||||
for (uint32_t i = 0; i < new_num_comments; i++) {
|
for (uint32_t i = 0; i < new_num_comments; i++) {
|
||||||
object->data.vorbis_comment.comments[i].length = 0;
|
object->data.vorbis_comment.comments[i].length = 0;
|
||||||
if ((object->data.vorbis_comment.comments[i].entry = safe_malloc_(1)) == NULL)
|
if ((object->data.vorbis_comment.comments[i].entry = safe_malloc_(1)) == NULL) {
|
||||||
|
object->data.vorbis_comment.num_comments = i+1;
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
object->data.vorbis_comment.comments[i].entry[0] = '\0';
|
object->data.vorbis_comment.comments[i].entry[0] = '\0';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1223,8 +1225,10 @@ FLAC_API FLAC__bool FLAC__metadata_object_vorbiscomment_resize_comments(FLAC__St
|
|||||||
if (new_size > old_size) {
|
if (new_size > old_size) {
|
||||||
for (uint32_t i = object->data.vorbis_comment.num_comments; i < new_num_comments; i++) {
|
for (uint32_t i = object->data.vorbis_comment.num_comments; i < new_num_comments; i++) {
|
||||||
object->data.vorbis_comment.comments[i].length = 0;
|
object->data.vorbis_comment.comments[i].length = 0;
|
||||||
if ((object->data.vorbis_comment.comments[i].entry = safe_malloc_(1)) == NULL)
|
if ((object->data.vorbis_comment.comments[i].entry = safe_malloc_(1)) == NULL) {
|
||||||
|
object->data.vorbis_comment.num_comments = i+1;
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
object->data.vorbis_comment.comments[i].entry[0] = '\0';
|
object->data.vorbis_comment.comments[i].entry[0] = '\0';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1525,7 +1525,7 @@ FLAC__bool read_metadata_(FLAC__StreamDecoder *decoder)
|
|||||||
free(block.data.vorbis_comment.comments);
|
free(block.data.vorbis_comment.comments);
|
||||||
break;
|
break;
|
||||||
case FLAC__METADATA_TYPE_CUESHEET:
|
case FLAC__METADATA_TYPE_CUESHEET:
|
||||||
if(block.data.cue_sheet.num_tracks > 0)
|
if(block.data.cue_sheet.num_tracks > 0 && 0 != block.data.cue_sheet.tracks)
|
||||||
for(i = 0; i < block.data.cue_sheet.num_tracks; i++)
|
for(i = 0; i < block.data.cue_sheet.num_tracks; i++)
|
||||||
if(0 != block.data.cue_sheet.tracks[i].indices)
|
if(0 != block.data.cue_sheet.tracks[i].indices)
|
||||||
free(block.data.cue_sheet.tracks[i].indices);
|
free(block.data.cue_sheet.tracks[i].indices);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user