Update dr_wav3 and dr_mp3.

Add dr_mp3 decoding fuzzer.
2026-01-18 01:11:17 +01:00 · 2022-09-26 18:29:11 +09:00
parent 1f0130903c
commit 7244336585
5 changed files with 3720 additions and 1113 deletions
--- a/src/external/dr_mp3.h
+++ b/src/external/dr_mp3.h
--- a/src/external/dr_wav.h
+++ b/src/external/dr_wav.h
--- a/tests/fuzzer/README.md
+++ b/tests/fuzzer/README.md
@@ -38,11 +38,11 @@ $ ./fuzz_tinyusdz -max_len=128m
 for fuzzing `fuzz_intcoding_decompress`, capping max memory is required(otherwise oom happens).
 (Currently `fuzz_intcoding_decompress` does HARD limit of compressed data up to 2GB)

-Use `-rss_limit_mb=4000`(or more if you have enough memory) to limit memory usage.
+Use `-rss_limit_mb=8192`(or more if you encounter oom and have enough memory) to limit memory usage.


 ```
-$ ./fuzz_intcoding_decompress -rss_limit_mb=4000 -jobs 4
+$ ./fuzz_intcoding_decompress -rss_limit_mb=8192 -jobs 4
 ```

 ## PoC and regressesions
--- a/tests/fuzzer/dr_mp3_decoding_fuzzmain.cc
+++ b/tests/fuzzer/dr_mp3_decoding_fuzzmain.cc
@@ -0,0 +1,68 @@
+#include <cstdint>
+
+#define DR_MP3_IMPLEMENTATION
+#include "external/dr_mp3.h"
+
+#if 0
+static void data_callback(ma_device* pDevice, void* pFramesOut, const void* pFramesIn, ma_uint32 frameCount)
+{
+    drmp3* pMP3;
+
+    pMP3 = (drmp3*)pDevice->pUserData;
+    DRMP3_ASSERT(pMP3 != NULL);
+
+    if (pDevice->playback.format == ma_format_f32) {
+        drmp3_read_pcm_frames_f32(pMP3, frameCount, pFramesOut);
+    } else if (pDevice->playback.format == ma_format_s16) {
+        drmp3_read_pcm_frames_s16(pMP3, frameCount, pFramesOut);
+    } else {
+        DRMP3_ASSERT(DRMP3_FALSE);  /* Should never get here. */
+    }
+
+    (void)pFramesIn;
+}
+#endif
+
+static int parse_wav(const uint8_t* data, size_t size) {
+  if (size > 1024 * 1024 * 128 * 4) {
+    return -1;
+  }
+
+  drmp3 mp3Mem;
+
+  if (!drmp3_init_memory(&mp3Mem, data, size, nullptr)) {
+    return -1;  // do not add to copus
+  }
+
+  uint32_t max_frames = 1024 * 1024 * 128;
+
+  for (size_t i = 0; i < max_frames; i++) {
+    // drmp3_uint64 iSample;
+    drmp3_uint64 pcmFrameCountMemory;
+    drmp3_int16 pcmFramesMemory[4096];
+
+    pcmFrameCountMemory = drmp3_read_pcm_frames_s16(
+        &mp3Mem, DRMP3_COUNTOF(pcmFramesMemory) / mp3Mem.channels,
+        pcmFramesMemory);
+
+#if 0
+        /* Check individual frames. */
+        for (iSample = 0; iSample < pcmFrameCountMemory * mp3Memory.channels; iSample += 1) {
+        }
+#endif
+
+    /* We've reached the end if we didn't return any PCM frames. */
+    if (pcmFrameCountMemory == 0) {
+      break;
+    }
+  }
+
+  drmp3_uninit(&mp3Mem);
+
+  return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(std::uint8_t const* data,
+                                      std::size_t size) {
+  return parse_wav(data, size);
+}
--- a/tests/fuzzer/meson.build
+++ b/tests/fuzzer/meson.build
@@ -95,3 +95,9 @@ executable('fuzz_usdcparser',
  cpp_args : ['-fsanitize=address,fuzzer', '-DTINYUSDZ_FUZZER_BUILD=1'],
  link_args : '-fsanitize=address,fuzzer' )

+executable('fuzz_dr_mp3_decoding',
+  'dr_mp3_decoding_fuzzmain.cc',
+  install: true,
+  include_directories : incdirs,
+  cpp_args : ['-fsanitize=address,fuzzer', '-DTINYUSDZ_FUZZER_BUILD=1'],
+  link_args : '-fsanitize=address,fuzzer' )