[FFmpeg-devel] [PATCH 1/1][NO NOT APPLY] Allocation NULL check fuzzing tool
Derek Buitenhuis
derek.buitenhuis at gmail.com
Fri Nov 24 21:45:47 EET 2017
Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
---
libavutil/mem.c | 4 ++-
libavutil/posixmemalign.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 89 insertions(+), 1 deletion(-)
create mode 100644 libavutil/posixmemalign.c
diff --git a/libavutil/mem.c b/libavutil/mem.c
index 6ad409daf4..0d9ab3d230 100644
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -43,6 +43,8 @@
#include "intreadwrite.h"
#include "mem.h"
+#include "posixmemalign.c"
+
#ifdef MALLOC_PREFIX
#define malloc AV_JOIN(MALLOC_PREFIX, malloc)
@@ -84,7 +86,7 @@ void *av_malloc(size_t size)
#if HAVE_POSIX_MEMALIGN
if (size) //OS X on SDK 10.6 has a broken posix_memalign implementation
- if (posix_memalign(&ptr, ALIGN, size))
+ if (my_posix_memalign(&ptr, ALIGN, size))
ptr = NULL;
#elif HAVE_ALIGNED_MALLOC
ptr = _aligned_malloc(size, ALIGN);
diff --git a/libavutil/posixmemalign.c b/libavutil/posixmemalign.c
new file mode 100644
index 0000000000..b1970add7b
--- /dev/null
+++ b/libavutil/posixmemalign.c
@@ -0,0 +1,86 @@
+/*
+ * posix_memalign wrapper with random failurres
+ *
+ * Copyright (c) 2013, Derek Buitenhuis
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define _GNU_SOURCE
+
+#include <dlfcn.h>
+#include <inttypes.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <backtrace.h>
+
+static void errprint(void *data, const char *msg, int errnum)
+{
+ fprintf(stderr, "ERROR: %s.\n", msg);
+}
+
+static int stackprint(void *data, uintptr_t pc, const char *filename, int lineno, const char *function)
+{
+ fprintf(stderr, "%s:%d in %s\n", function, lineno, filename);
+ return 0;
+}
+
+static int my_posix_memalign(void **memptr, size_t alignment, size_t size)
+{
+ static time_t seed = 0;
+ static int prob = 0;
+ static uint64_t iteration = 0;
+ int ret;
+
+ struct backtrace_state *state = backtrace_create_state("", 1, errprint, NULL);
+
+ if (state == NULL)
+ abort();
+
+ if (!seed) {
+ char *usertime = getenv("MALLOC_SEED");
+
+ if (!usertime)
+ seed = time(NULL);
+ else
+ seed = atoi(usertime);
+
+ srand(seed);
+ }
+
+ if (!prob) {
+ char *userprob = getenv("MALLOC_FAILPROB");
+
+ if (!userprob)
+ prob = 10000;
+ else
+ prob = atoi(userprob);
+ }
+
+ if (!(rand() % prob)) {
+ fprintf(stderr,
+ "\nFAILED. Iteration = %"PRId64", Seed = %lld.\n\n",
+ iteration, (long long) seed);
+ backtrace_full(state, 0, stackprint, errprint, NULL);
+ ret = 0;
+ } else {
+ ret = posix_memalign(memptr, alignment, size);
+ }
+
+ iteration++;
+
+ return ret;
+}
--
2.15.0
More information about the ffmpeg-devel
mailing list