Codec2Fuzzer: Updated BufferSource parsing logic
Test: mmm frameworks/av/media/codec2/fuzzer
Bug: 178467473
Change-Id: I73a90ba7a733a3b87e730ac3df4e571a1a7f3eca
diff --git a/media/codec2/fuzzer/C2Fuzzer.h b/media/codec2/fuzzer/C2Fuzzer.h
index 2efad50..d5ac81a 100644
--- a/media/codec2/fuzzer/C2Fuzzer.h
+++ b/media/codec2/fuzzer/C2Fuzzer.h
@@ -59,8 +59,9 @@
private:
class BufferSource {
public:
- BufferSource(const uint8_t* data, size_t size)
- : mData(data), mSize(size), mReadIndex(size - kMarkerSize) {}
+ BufferSource(const uint8_t* data, size_t size) : mData(data), mSize(size) {
+ mReadIndex = (size <= kMarkerSize) ? 0 : (size - kMarkerSize);
+ }
~BufferSource() {
mData = nullptr;
mSize = 0;
@@ -72,10 +73,20 @@
FrameData getFrame();
private:
- bool isMarker() { return (memcmp(&mData[mReadIndex], kMarker, kMarkerSize) == 0); }
+ bool isMarker() {
+ if ((kMarkerSize < mSize) && (mReadIndex < mSize - kMarkerSize)) {
+ return (memcmp(&mData[mReadIndex], kMarker, kMarkerSize) == 0);
+ } else {
+ return false;
+ }
+ }
bool isCSDMarker(size_t position) {
- return (memcmp(&mData[position], kCsdMarkerSuffix, kMarkerSuffixSize) == 0);
+ if ((kMarkerSuffixSize < mSize) && (position < mSize - kMarkerSuffixSize)) {
+ return (memcmp(&mData[position], kCsdMarkerSuffix, kMarkerSuffixSize) == 0);
+ } else {
+ return false;
+ }
}
bool searchForMarker();