Add fuzzer for FEC image parser

Issue: #160 Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
2026-06-02 06:23:34 +02:00 · 2023-09-28 18:31:24 -04:00
parent cd779e62cb
commit 2a57343094
2 changed files with 39 additions and 0 deletions
@@ -0,0 +1,36 @@
+#[cfg(not(windows))]
+mod fuzz {
+    use std::{io::Cursor, sync::atomic::AtomicBool};
+
+    use avbroot::{
+        format::fec::FecImage,
+        stream::{FromReader, SharedCursor, WriteZerosExt},
+    };
+    use honggfuzz::fuzz;
+
+    pub fn main() {
+        loop {
+            fuzz!(|data: &[u8]| {
+                let cancel_signal = AtomicBool::new(false);
+
+                let reader = Cursor::new(data);
+                if let Ok(fec) = FecImage::from_reader(reader) {
+                    let mut input = SharedCursor::new();
+
+                    // Allow verify() to get further, but don't blow up the host
+                    // with excessive memory usage.
+                    if fec.data_size < 64 * 1024 * 1024 {
+                        input.write_zeros_exact(fec.data_size).unwrap();
+                    }
+
+                    let _ = fec.verify(|| Ok(Box::new(input.reopen())), &cancel_signal);
+                }
+            });
+        }
+    }
+}
+
+fn main() {
+    #[cfg(not(windows))]
+    fuzz::main();
+}