mp4ff/mp4/fuzz_test.go at master · Eyevinn/mp4ff · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
//go:build go1.18
// +build go1.18

package mp4_test

import (
	"bytes"
	"context"
	"errors"
	"io"
	"os"
	"path/filepath"
	"runtime"
	"testing"
	"time"

	"github.com/Eyevinn/mp4ff/bits"
	"github.com/Eyevinn/mp4ff/mp4"
)

func monitorMemory(ctx context.Context, t *testing.T, memoryLimit int) {
	go func() {
		timer := time.NewTicker(500 * time.Millisecond)
		defer timer.Stop()
		var m runtime.MemStats

		for {
			select {
			case <-ctx.Done():
				return
			case <-timer.C:
				runtime.ReadMemStats(&m)
				if m.Alloc > uint64(memoryLimit) {
					t.Logf("memory limit exceeded: %d > %d", m.Alloc, memoryLimit)
					t.Fail()
					return
				}
			}
		}
	}()
}

// FuzzDecodeBox tests box decoding with malformed input.
// The corpus in testdata/fuzz/FuzzDecodeBox/ includes entries for specific fixes:
//
//	7e07cf8cc85e7f41 - co64 memory overflow on 32-bit size (2330aaa)
//	dc68c3d7e3180551 - invalid subs box memory usage (5fb4e82)
//	6041c517bf46e9ee - ssix box too small to read (cfc0783)
//	77cf6e30648805ea - mime box too small to read (fa56081)
//	0881196294cc083f - senc parsing robustness (38ff9db)
//	(remaining 39 entries from initial fuzzing session 9409e9b)
func FuzzDecodeBox(f *testing.F) {
	entries, err := os.ReadDir("testdata")
	if err != nil {
		f.Fatal(err)
	}

	validExts := map[string]bool{
		".mp4":  true,
		".m4s":  true,
		".cmfv": true,
	}

	for _, entry := range entries {
		if entry.IsDir() {
			continue
		}

		if validExts[filepath.Ext(entry.Name())] {
			testData, err := os.ReadFile("testdata/" + entry.Name())
			if err != nil {
				f.Fatal(err)
			}
			f.Add(testData)
		}
	}

	f.Fuzz(func(t *testing.T, b []byte) {
		ctx, cancel := context.WithCancel(context.Background())
		defer cancel()
		monitorMemory(ctx, t, 500*1024*1024) // 500MB

		r := bytes.NewReader(b)
		var pos uint64 = 0
		for {
			box, err := mp4.DecodeBox(pos, r)
			if err != nil {
				if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
					break
				}
			}
			if box == nil {
				break
			}
			pos += box.Size()
		}

		pos = 0
		sr := bits.NewFixedSliceReader(b)
		for {
			box, err := mp4.DecodeBoxSR(pos, sr)
			if err != nil {
				if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
					break
				}
			}
			if box == nil {
				break
			}
			pos += box.Size()
		}
	})
}