Loading media/libstagefright/tests/fuzzers/Android.bp 0 → 100644 +53 −0 Original line number Diff line number Diff line cc_defaults { name: "libstagefright_fuzzer_defaults", cflags: [ "-Wno-multichar", "-Werror", "-Wno-error=deprecated-declarations", "-Wall", ], shared_libs: [ "libstagefright", "libstagefright_codecbase", "libutils", "libstagefright_foundation", "libmedia", "libaudioclient", "libmedia_omx", "libgui", "libbinder", "libcutils", ], } cc_fuzz { name: "libstagefright_mediaclock_fuzzer", srcs: [ "MediaClockFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], } cc_fuzz { name: "libstagefright_mediascanner_fuzzer", srcs: [ "StagefrightMediaScannerFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], } cc_fuzz { name: "libstagefright_skipcutbuffer_fuzzer", srcs: [ "SkipCutBufferFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], } cc_fuzz { name: "libstagefright_mediamuxer_fuzzer", srcs: [ "MediaMuxerFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], } media/libstagefright/tests/fuzzers/MediaClockFuzzer.cpp 0 → 100644 +68 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/MediaClock.h> #include <media/stagefright/foundation/AMessage.h> namespace android { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fdp = FuzzedDataProvider(data, size); sp<MediaClock> mClock(new MediaClock); bool registered = false; while (fdp.remaining_bytes() > 0) { switch (fdp.ConsumeIntegralInRange<uint8_t>(0, 5)) { case 0: { if (registered == false) { mClock->init(); registered = true; } break; } case 1: { int64_t startingTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); mClock->setStartingTimeMedia(startingTimeMediaUs); break; } case 2: { mClock->clearAnchor(); break; } case 3: { int64_t anchorTimeRealUs = fdp.ConsumeIntegral<int64_t>(); int64_t anchorTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); int64_t maxTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); mClock->updateAnchor(anchorTimeMediaUs, anchorTimeRealUs, maxTimeMediaUs); break; } case 4: { int64_t maxTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); mClock->updateMaxTimeMedia(maxTimeMediaUs); break; } case 5: { wp<AMessage> msg(new AMessage); mClock->setNotificationMessage(msg.promote()); } } } return 0; } } // namespace android media/libstagefright/tests/fuzzers/MediaMuxerFuzzer.cpp 0 → 100644 +103 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #include <MediaMuxerFuzzer.h> #include <cutils/ashmem.h> #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/MediaMuxer.h> #include <media/stagefright/foundation/ABuffer.h> #include <media/stagefright/foundation/AMessage.h> namespace android { // Can't seem to get setBuffer or setString working. It always segfaults on a // null pointer read or memleaks. So that functionality is missing. void createMessage(AMessage *msg, FuzzedDataProvider *fdp) { size_t count = fdp->ConsumeIntegralInRange<size_t>(0, 32); while (fdp->remaining_bytes() > 0 && count > 0) { uint8_t function_id = fdp->ConsumeIntegralInRange<uint8_t>(0, amessage_setvals.size() - 1); amessage_setvals[function_id](msg, fdp); count--; } } extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fdp = FuzzedDataProvider(data, size); size_t data_size = fdp.ConsumeIntegralInRange<size_t>(0, size); int fd = ashmem_create_region("mediamuxer_fuzz_region", data_size); if (fd < 0) return 0; uint8_t *sh_data = static_cast<uint8_t *>( mmap(NULL, data_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0)); if (sh_data == MAP_FAILED) return 0; MediaMuxer::OutputFormat format = (MediaMuxer::OutputFormat)fdp.ConsumeIntegralInRange<int32_t>(0, 4); sp<MediaMuxer> mMuxer(new MediaMuxer(fd, format)); while (fdp.remaining_bytes() > 1) { switch (fdp.ConsumeIntegralInRange<uint8_t>(0, 4)) { case 0: { // For some reason it only likes mp4s here... if (format == 1 || format == 4) break; sp<AMessage> a_format(new AMessage); createMessage(a_format.get(), &fdp); mMuxer->addTrack(a_format); break; } case 1: { mMuxer->start(); break; } case 2: { int degrees = fdp.ConsumeIntegral<int>(); mMuxer->setOrientationHint(degrees); break; } case 3: { int latitude = fdp.ConsumeIntegral<int>(); int longitude = fdp.ConsumeIntegral<int>(); mMuxer->setLocation(latitude, longitude); break; } case 4: { size_t buf_size = fdp.ConsumeIntegralInRange<size_t>(0, data_size); sp<ABuffer> a_buffer(new ABuffer(buf_size)); size_t trackIndex = fdp.ConsumeIntegral<size_t>(); int64_t timeUs = fdp.ConsumeIntegral<int64_t>(); uint32_t flags = fdp.ConsumeIntegral<uint32_t>(); mMuxer->writeSampleData(a_buffer, trackIndex, timeUs, flags); } } } if (fdp.ConsumeBool()) mMuxer->stop(); munmap(sh_data, data_size); close(fd); return 0; } } // namespace android media/libstagefright/tests/fuzzers/MediaMuxerFuzzer.h 0 → 100644 +109 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #pragma once #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/foundation/AMessage.h> namespace android { // Mappings vectors are the list of attributes that the MediaMuxer // class looks for in the message. static std::vector<const char *> floatMappings{ "capture-rate", "time-lapse-fps", "frame-rate", }; static std::vector<const char *> int64Mappings{ "exif-offset", "exif-size", "target-time", "thumbnail-time", "timeUs", "durationUs", }; static std::vector<const char *> int32Mappings{"loop", "time-scale", "crypto-mode", "crypto-default-iv-size", "crypto-encrypted-byte-block", "crypto-skip-byte-block", "frame-count", "max-bitrate", "pcm-big-endian", "temporal-layer-count", "temporal-layer-id", "thumbnail-width", "thumbnail-height", "track-id", "valid-samples", "color-format", "ca-system-id", "is-sync-frame", "bitrate", "max-bitrate", "width", "height", "sar-width", "sar-height", "display-width", "display-height", "is-default", "tile-width", "tile-height", "grid-rows", "grid-cols", "rotation-degrees", "channel-count", "sample-rate", "bits-per-sample", "channel-mask", "encoder-delay", "encoder-padding", "is-adts", "frame-rate", "max-height", "max-width", "max-input-size", "haptic-channel-count", "pcm-encoding", "aac-profile"}; static const std::vector<std::function<void(AMessage *, FuzzedDataProvider *)>> amessage_setvals = { [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setRect("crop", fdp->ConsumeIntegral<int32_t>(), fdp->ConsumeIntegral<int32_t>(), fdp->ConsumeIntegral<int32_t>(), fdp->ConsumeIntegral<int32_t>()); }, [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setFloat(floatMappings[fdp->ConsumeIntegralInRange<size_t>( 0, floatMappings.size() - 1)], fdp->ConsumeFloatingPoint<float>()); }, [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setInt64(int64Mappings[fdp->ConsumeIntegralInRange<size_t>( 0, int64Mappings.size() - 1)], fdp->ConsumeIntegral<int64_t>()); }, [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setInt32(int32Mappings[fdp->ConsumeIntegralInRange<size_t>( 0, int32Mappings.size() - 1)], fdp->ConsumeIntegral<int32_t>()); }}; } // namespace android media/libstagefright/tests/fuzzers/SkipCutBufferFuzzer.cpp 0 → 100644 +73 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/MediaBuffer.h> #include <media/stagefright/SkipCutBuffer.h> #include <media/stagefright/foundation/ABuffer.h> #include <media/stagefright/foundation/AMessage.h> namespace android { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fdp = FuzzedDataProvider(data, size); size_t skip = fdp.ConsumeIntegral<size_t>(); size_t cut = fdp.ConsumeIntegral<size_t>(); size_t num16Channels = fdp.ConsumeIntegral<size_t>(); sp<SkipCutBuffer> sBuffer(new SkipCutBuffer(skip, cut, num16Channels)); while (fdp.remaining_bytes() > 0) { // Cap size to 1024 to limit max amount allocated. size_t buf_size = fdp.ConsumeIntegralInRange<size_t>(0, 1024); size_t range = fdp.ConsumeIntegralInRange<size_t>(0, buf_size); size_t length = fdp.ConsumeIntegralInRange<size_t>(0, buf_size - range); switch (fdp.ConsumeIntegralInRange<uint8_t>(0, 4)) { case 0: { sp<ABuffer> a_buffer(new ABuffer(buf_size)); sp<AMessage> format(new AMessage); sp<MediaCodecBuffer> s_buffer(new MediaCodecBuffer(format, a_buffer)); s_buffer->setRange(range, length); sBuffer->submit(s_buffer); break; } case 1: { std::unique_ptr<MediaBufferBase> m_buffer(new MediaBuffer(buf_size)); m_buffer->set_range(range, length); sBuffer->submit(reinterpret_cast<MediaBuffer *>(m_buffer.get())); break; } case 2: { sp<ABuffer> a_buffer(new ABuffer(buf_size)); sp<AMessage> format(new AMessage); sp<MediaCodecBuffer> s_buffer(new MediaCodecBuffer(format, a_buffer)); a_buffer->setRange(range, length); sBuffer->submit(a_buffer); break; } case 3: { sBuffer->clear(); break; } case 4: { sBuffer->size(); } } } return 0; } } // namespace android Loading
media/libstagefright/tests/fuzzers/Android.bp 0 → 100644 +53 −0 Original line number Diff line number Diff line cc_defaults { name: "libstagefright_fuzzer_defaults", cflags: [ "-Wno-multichar", "-Werror", "-Wno-error=deprecated-declarations", "-Wall", ], shared_libs: [ "libstagefright", "libstagefright_codecbase", "libutils", "libstagefright_foundation", "libmedia", "libaudioclient", "libmedia_omx", "libgui", "libbinder", "libcutils", ], } cc_fuzz { name: "libstagefright_mediaclock_fuzzer", srcs: [ "MediaClockFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], } cc_fuzz { name: "libstagefright_mediascanner_fuzzer", srcs: [ "StagefrightMediaScannerFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], } cc_fuzz { name: "libstagefright_skipcutbuffer_fuzzer", srcs: [ "SkipCutBufferFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], } cc_fuzz { name: "libstagefright_mediamuxer_fuzzer", srcs: [ "MediaMuxerFuzzer.cpp", ], defaults: ["libstagefright_fuzzer_defaults"], }
media/libstagefright/tests/fuzzers/MediaClockFuzzer.cpp 0 → 100644 +68 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/MediaClock.h> #include <media/stagefright/foundation/AMessage.h> namespace android { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fdp = FuzzedDataProvider(data, size); sp<MediaClock> mClock(new MediaClock); bool registered = false; while (fdp.remaining_bytes() > 0) { switch (fdp.ConsumeIntegralInRange<uint8_t>(0, 5)) { case 0: { if (registered == false) { mClock->init(); registered = true; } break; } case 1: { int64_t startingTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); mClock->setStartingTimeMedia(startingTimeMediaUs); break; } case 2: { mClock->clearAnchor(); break; } case 3: { int64_t anchorTimeRealUs = fdp.ConsumeIntegral<int64_t>(); int64_t anchorTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); int64_t maxTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); mClock->updateAnchor(anchorTimeMediaUs, anchorTimeRealUs, maxTimeMediaUs); break; } case 4: { int64_t maxTimeMediaUs = fdp.ConsumeIntegral<int64_t>(); mClock->updateMaxTimeMedia(maxTimeMediaUs); break; } case 5: { wp<AMessage> msg(new AMessage); mClock->setNotificationMessage(msg.promote()); } } } return 0; } } // namespace android
media/libstagefright/tests/fuzzers/MediaMuxerFuzzer.cpp 0 → 100644 +103 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #include <MediaMuxerFuzzer.h> #include <cutils/ashmem.h> #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/MediaMuxer.h> #include <media/stagefright/foundation/ABuffer.h> #include <media/stagefright/foundation/AMessage.h> namespace android { // Can't seem to get setBuffer or setString working. It always segfaults on a // null pointer read or memleaks. So that functionality is missing. void createMessage(AMessage *msg, FuzzedDataProvider *fdp) { size_t count = fdp->ConsumeIntegralInRange<size_t>(0, 32); while (fdp->remaining_bytes() > 0 && count > 0) { uint8_t function_id = fdp->ConsumeIntegralInRange<uint8_t>(0, amessage_setvals.size() - 1); amessage_setvals[function_id](msg, fdp); count--; } } extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fdp = FuzzedDataProvider(data, size); size_t data_size = fdp.ConsumeIntegralInRange<size_t>(0, size); int fd = ashmem_create_region("mediamuxer_fuzz_region", data_size); if (fd < 0) return 0; uint8_t *sh_data = static_cast<uint8_t *>( mmap(NULL, data_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0)); if (sh_data == MAP_FAILED) return 0; MediaMuxer::OutputFormat format = (MediaMuxer::OutputFormat)fdp.ConsumeIntegralInRange<int32_t>(0, 4); sp<MediaMuxer> mMuxer(new MediaMuxer(fd, format)); while (fdp.remaining_bytes() > 1) { switch (fdp.ConsumeIntegralInRange<uint8_t>(0, 4)) { case 0: { // For some reason it only likes mp4s here... if (format == 1 || format == 4) break; sp<AMessage> a_format(new AMessage); createMessage(a_format.get(), &fdp); mMuxer->addTrack(a_format); break; } case 1: { mMuxer->start(); break; } case 2: { int degrees = fdp.ConsumeIntegral<int>(); mMuxer->setOrientationHint(degrees); break; } case 3: { int latitude = fdp.ConsumeIntegral<int>(); int longitude = fdp.ConsumeIntegral<int>(); mMuxer->setLocation(latitude, longitude); break; } case 4: { size_t buf_size = fdp.ConsumeIntegralInRange<size_t>(0, data_size); sp<ABuffer> a_buffer(new ABuffer(buf_size)); size_t trackIndex = fdp.ConsumeIntegral<size_t>(); int64_t timeUs = fdp.ConsumeIntegral<int64_t>(); uint32_t flags = fdp.ConsumeIntegral<uint32_t>(); mMuxer->writeSampleData(a_buffer, trackIndex, timeUs, flags); } } } if (fdp.ConsumeBool()) mMuxer->stop(); munmap(sh_data, data_size); close(fd); return 0; } } // namespace android
media/libstagefright/tests/fuzzers/MediaMuxerFuzzer.h 0 → 100644 +109 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #pragma once #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/foundation/AMessage.h> namespace android { // Mappings vectors are the list of attributes that the MediaMuxer // class looks for in the message. static std::vector<const char *> floatMappings{ "capture-rate", "time-lapse-fps", "frame-rate", }; static std::vector<const char *> int64Mappings{ "exif-offset", "exif-size", "target-time", "thumbnail-time", "timeUs", "durationUs", }; static std::vector<const char *> int32Mappings{"loop", "time-scale", "crypto-mode", "crypto-default-iv-size", "crypto-encrypted-byte-block", "crypto-skip-byte-block", "frame-count", "max-bitrate", "pcm-big-endian", "temporal-layer-count", "temporal-layer-id", "thumbnail-width", "thumbnail-height", "track-id", "valid-samples", "color-format", "ca-system-id", "is-sync-frame", "bitrate", "max-bitrate", "width", "height", "sar-width", "sar-height", "display-width", "display-height", "is-default", "tile-width", "tile-height", "grid-rows", "grid-cols", "rotation-degrees", "channel-count", "sample-rate", "bits-per-sample", "channel-mask", "encoder-delay", "encoder-padding", "is-adts", "frame-rate", "max-height", "max-width", "max-input-size", "haptic-channel-count", "pcm-encoding", "aac-profile"}; static const std::vector<std::function<void(AMessage *, FuzzedDataProvider *)>> amessage_setvals = { [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setRect("crop", fdp->ConsumeIntegral<int32_t>(), fdp->ConsumeIntegral<int32_t>(), fdp->ConsumeIntegral<int32_t>(), fdp->ConsumeIntegral<int32_t>()); }, [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setFloat(floatMappings[fdp->ConsumeIntegralInRange<size_t>( 0, floatMappings.size() - 1)], fdp->ConsumeFloatingPoint<float>()); }, [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setInt64(int64Mappings[fdp->ConsumeIntegralInRange<size_t>( 0, int64Mappings.size() - 1)], fdp->ConsumeIntegral<int64_t>()); }, [](AMessage *msg, FuzzedDataProvider *fdp) -> void { msg->setInt32(int32Mappings[fdp->ConsumeIntegralInRange<size_t>( 0, int32Mappings.size() - 1)], fdp->ConsumeIntegral<int32_t>()); }}; } // namespace android
media/libstagefright/tests/fuzzers/SkipCutBufferFuzzer.cpp 0 → 100644 +73 −0 Original line number Diff line number Diff line /* * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Authors: corbin.souffrant@leviathansecurity.com // dylan.katz@leviathansecurity.com #include <fuzzer/FuzzedDataProvider.h> #include <media/stagefright/MediaBuffer.h> #include <media/stagefright/SkipCutBuffer.h> #include <media/stagefright/foundation/ABuffer.h> #include <media/stagefright/foundation/AMessage.h> namespace android { extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fdp = FuzzedDataProvider(data, size); size_t skip = fdp.ConsumeIntegral<size_t>(); size_t cut = fdp.ConsumeIntegral<size_t>(); size_t num16Channels = fdp.ConsumeIntegral<size_t>(); sp<SkipCutBuffer> sBuffer(new SkipCutBuffer(skip, cut, num16Channels)); while (fdp.remaining_bytes() > 0) { // Cap size to 1024 to limit max amount allocated. size_t buf_size = fdp.ConsumeIntegralInRange<size_t>(0, 1024); size_t range = fdp.ConsumeIntegralInRange<size_t>(0, buf_size); size_t length = fdp.ConsumeIntegralInRange<size_t>(0, buf_size - range); switch (fdp.ConsumeIntegralInRange<uint8_t>(0, 4)) { case 0: { sp<ABuffer> a_buffer(new ABuffer(buf_size)); sp<AMessage> format(new AMessage); sp<MediaCodecBuffer> s_buffer(new MediaCodecBuffer(format, a_buffer)); s_buffer->setRange(range, length); sBuffer->submit(s_buffer); break; } case 1: { std::unique_ptr<MediaBufferBase> m_buffer(new MediaBuffer(buf_size)); m_buffer->set_range(range, length); sBuffer->submit(reinterpret_cast<MediaBuffer *>(m_buffer.get())); break; } case 2: { sp<ABuffer> a_buffer(new ABuffer(buf_size)); sp<AMessage> format(new AMessage); sp<MediaCodecBuffer> s_buffer(new MediaCodecBuffer(format, a_buffer)); a_buffer->setRange(range, length); sBuffer->submit(a_buffer); break; } case 3: { sBuffer->clear(); break; } case 4: { sBuffer->size(); } } } return 0; } } // namespace android
