Merge changes I9450d6a2,I772c0107,Ia45a955d

    dictionary: "amr_extractor_fuzzer.dict",

}

cc_fuzz {

    name: "mkv_extractor_fuzzer",

    srcs: [

        "mkv_extractor_fuzzer.cpp",

    ],

    include_dirs: [

        "frameworks/av/media/extractors/mkv",

    ],

    static_libs: [

        "liblog",

        "libstagefright_foundation",

        "libmedia",

        "libextractorfuzzerbase",

        "libwebm",

        "libstagefright_flacdec",

        "libstagefright_metadatautils",

        "libmkvextractor",

        "libFLAC",

    ],

    shared_libs: [

        "libutils",

        "libmediandk",

        "libbinder",

    ],

    dictionary: "mkv_extractor_fuzzer.dict",

}

cc_fuzz {

    name: "ogg_extractor_fuzzer",

    srcs: [

        "ogg_extractor_fuzzer.cpp",

    ],

    include_dirs: [

        "frameworks/av/media/extractors/ogg",

    ],

    static_libs: [

        "liblog",

        "libstagefright_foundation",

        "libmedia",

        "libextractorfuzzerbase",

        "libstagefright_metadatautils",

        "libvorbisidec",

        "liboggextractor",

    ],

    shared_libs: [

        "libutils",

        "libmediandk",

        "libbinder",

    ],

    dictionary: "ogg_extractor_fuzzer.dict",

}

cc_fuzz {

    name: "mpeg2ps_extractor_fuzzer",

    srcs: [

        "mpeg2_extractor_fuzzer.cpp",

    ],

    include_dirs: [

        "frameworks/av/media/extractors/mpeg2",

        "frameworks/av/media/libstagefright",

    ],

    static_libs: [

        "liblog",

        "libstagefright_foundation_without_imemory",

        "libmedia",

        "libextractorfuzzerbase",

        "libstagefright_mpeg2support",

        "libstagefright_mpeg2extractor",

        "libstagefright_esds",

        "libmpeg2extractor",

    ],

    cflags: [

        "-DMPEG2PS",

    ],

    shared_libs: [

        "libutils",

        "libmediandk",

        "libbinder",

        "android.hardware.cas@1.0",

        "android.hardware.cas.native@1.0",

        "android.hidl.token@1.0-utils",

        "android.hidl.allocator@1.0",

        "libcrypto",

        "libhidlmemory",

        "libhidlbase",

    ],

    dictionary: "mpeg2ps_extractor_fuzzer.dict",

}

cc_fuzz {

    name: "mpeg2ts_extractor_fuzzer",

    srcs: [

        "mpeg2_extractor_fuzzer.cpp",

    ],

    include_dirs: [

        "frameworks/av/media/extractors/mpeg2",

        "frameworks/av/media/libstagefright",

    ],

    static_libs: [

        "liblog",

        "libstagefright_foundation_without_imemory",

        "libmedia",

        "libextractorfuzzerbase",

        "libstagefright_mpeg2support",

        "libstagefright_mpeg2extractor",

        "libstagefright_esds",

        "libmpeg2extractor",

    ],

    shared_libs: [

        "libutils",

        "libmediandk",

        "libbinder",

        "android.hardware.cas@1.0",

        "android.hardware.cas.native@1.0",

        "android.hidl.token@1.0-utils",

        "android.hidl.allocator@1.0",

        "libcrypto",

        "libhidlmemory",

        "libhidlbase",

    ],

    dictionary: "mpeg2ts_extractor_fuzzer.dict",

}

cc_fuzz {

    name: "mp3_extractor_fuzzer",

+ [libmp4extractor](#mp4ExtractorFuzzer)

+ [libwavextractor](#wavExtractorFuzzer)

+ [libamrextractor](#amrExtractorFuzzer)

+ [libmkvextractor](#mkvExtractorFuzzer)

+ [liboggextractor](#oggExtractorFuzzer)

+ [libmpeg2extractor](#mpeg2ExtractorFuzzer)

+ [libmp3extractor](#mp3ExtractorFuzzer)

+ [libaacextractor](#aacExtractorFuzzer)

+ [libflacextractor](#flacExtractor)

  $ adb shell /data/fuzz/arm64/amr_extractor_fuzzer/amr_extractor_fuzzer CORPUS_DIR

```

# <a name="mkvExtractorFuzzer"></a> Fuzzer for libmkvextractor

## Plugin Design Considerations

The fuzzer plugin for MKV extractor uses the `ExtractorFuzzerBase` class and

implements only the `createExtractor` to create the MKV extractor class.

##### Maximize code coverage

Dict file (dictionary file) is created for MKV to ensure that the required element

ID's are present in every input file that goes to the fuzzer.

This ensures that larger code gets covered.

## Build

This describes steps to build mkv_extractor_fuzzer binary.

### Android

#### Steps to build

Build the fuzzer

```

  $ mm -j$(nproc) mkv_extractor_fuzzer

```

#### Steps to run

Create a directory CORPUS_DIR and copy some mkv files to that folder.

Push this directory to device.

To run on device

```

  $ adb sync data

  $ adb shell /data/fuzz/arm64/mkv_extractor_fuzzer/mkv_extractor_fuzzer CORPUS_DIR

```

# <a name="oggExtractorFuzzer"></a> Fuzzer for liboggextractor

## Plugin Design Considerations

The fuzzer plugin for OGG extractor uses the `ExtractorFuzzerBase` class and

implements only the `createExtractor` to create the OGG extractor object.

##### Maximize code coverage

Dict file (dictionary file) is created for OGG to ensure that the required start

bytes are present in every input file that goes to the fuzzer.

This ensures that larger code gets covered.

## Build

This describes steps to build ogg_extractor_fuzzer binary.

### Android

#### Steps to build

Build the fuzzer

```

  $ mm -j$(nproc) ogg_extractor_fuzzer

```

#### Steps to run

Create a directory CORPUS_DIR and copy some ogg files to that folder.

Push this directory to device.

To run on device

```

  $ adb sync data

  $ adb shell /data/fuzz/arm64/ogg_extractor_fuzzer/ogg_extractor_fuzzer CORPUS_DIR

```

# <a name="mpeg2ExtractorFuzzer"></a> Fuzzer for libmpeg2extractor

## Plugin Design Considerations

The fuzzer plugins for MPEG2-PS and MPEG2-TS extractor use the `ExtractorFuzzerBase` class and

implement only the `createExtractor` to create the MPEG2-PS or MPEG2-TS extractor

object respectively.

##### Maximize code coverage

Dict files (dictionary files) are created for MPEG2-PS and MPEG2-TS to ensure that the

required start bytes are present in every input file that goes to the fuzzer.

This ensures that larger code gets covered.

##### Other considerations

Two fuzzer binaries - mpeg2ps_extractor_fuzzer and mpeg2ts_extractor_fuzzer are

generated based on the presence of a flag - `MPEG2PS`

## Build

This describes steps to build mpeg2ps_extractor_fuzzer and mpeg2ts_extractor_fuzzer binary.

### Android

#### Steps to build

Build the fuzzer

```

  $ mm -j$(nproc) mpeg2ps_extractor_fuzzer

  $ mm -j$(nproc) mpeg2ts_extractor_fuzzer

```

#### Steps to run

Create a directory CORPUS_DIR and copy some mpeg2 files to that folder

Push this directory to device.

To run on device

```

  $ adb sync data

  $ adb shell /data/fuzz/arm64/mpeg2ps_extractor_fuzzer/mpeg2ps_extractor_fuzzer CORPUS_DIR

  $ adb shell /data/fuzz/arm64/mpeg2ts_extractor_fuzzer/mpeg2ts_extractor_fuzzer CORPUS_DIR

```

# <a name="mp3ExtractorFuzzer"></a> Fuzzer for libmp3extractor

## Plugin Design Considerations

/******************************************************************************

 *

 * Copyright (C) 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at:

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 *

 *****************************************************************************

 * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore

 */

#include "ExtractorFuzzerBase.h"

#include "MatroskaExtractor.h"

using namespace android;

class MKVExtractor : public ExtractorFuzzerBase {

 public:

  MKVExtractor() = default;

  ~MKVExtractor() = default;

  bool createExtractor();

};

bool MKVExtractor::createExtractor() {

  mExtractor = new MatroskaExtractor(new DataSourceHelper(mDataSource->wrap()));

  if (!mExtractor) {

    return false;

  }

  mExtractor->name();

  return true;

}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  if ((!data) || (size == 0)) {

    return 0;

  }

  MKVExtractor* extractor = new MKVExtractor();

  if (!extractor) {

    return 0;

  }

  if (extractor->setDataSource(data, size)) {

    if (extractor->createExtractor()) {

      extractor->getExtractorDef();

      extractor->getMetadata();

      extractor->extractTracks();

      extractor->getTracksMetadata();

    }

  }

  delete extractor;

  return 0;

}

# Elements ID's

kw1="\x42\x86"

kw2="\x42\xF7"

kw3="\x42\xF2"

kw4="\x42\xF3"

kw5="\x42\x87"

kw6="\x42\x85"

kw7="\x18\x53\x80\x67"

kw8="\x11\x4D\x9B\x74"

kw9="\x4D\xBB"

kw10="\x53\xAB"

kw11="\x53\xAC"

kw12="\x15\x49\xA9\x66"

kw13="\x73\xA4"

kw14="\x73\x84"

kw15="\x3C\xB9\x23"

kw16="\x3C\x83\xAB"

kw17="\x3C\xB9\x23"

kw18="\x3E\x83\xBB"

kw19="\x44\x44"

kw20="\x69\x24"

kw21="\x69\xFC"

kw22="\x69\xBF"

kw23="\x69\xA5"

kw24="\x2A\xD7\xB1"

kw25="\x44\x89"

kw26="\x44\x61"

kw27="\x7B\xA9"

kw28="\x4D\x80"

kw29="\x57\x41"

kw30="\x1F\x43\xB6\x75"

kw31="\xE7"

kw32="\x58\x54"

kw33="\x58\xD7"

kw34="\xA7"

kw35="\xAB"

kw36="\xA3"

kw37="\xA0"

kw38="\xA1"

kw39="\xA2"

kw40="\x75\xA1"

kw41="\x2A\xD7\xB1"

kw42="\xA6"

kw43="\xEE"

kw44="\xA5"

kw45="\x9A"

kw46="\xFA"

kw47="\xFB"

kw48="\xFD"

kw49="\xA4"

kw50="\x75\xA2"

kw51="\x8E"

kw52="\xE8"

kw53="\xCC"

kw54="\xCD"

kw55="\xCB"

kw56="\xCE"

kw57="\xCF"

kw58="\xC8"

kw59="\xC9"

kw60="\xCA"

kw61="\xAF"

kw62="\x16\x54\xAE\x6B"

kw63="\xAE"

kw64="\xD7"

kw65="\x73\xC5"

kw66="\x83"

kw67="\xB9"

kw68="\x88"

kw69="\x55\xAA"

kw70="\x9C"

kw71="\x6D\xE7"

kw72="\x6D\xF8"

kw73="\x23\xE3\x83"

kw74="\x23\x4E\x7A"

kw75="\x23\x31\x4F"

kw76="\x53\x7F"

kw77="\x55\xEE"

kw78="\x53\x6E"

kw79="\x22\xB5\x9C"

kw80="\x22\xB5\x9D"

kw81="\x86"

kw82="\x63\xA2"

kw83="\x25\x86\x88"

kw84="\x26\xB2\x40"

kw85="\xAA"

kw86="\x6F\xAB"

kw87="\x56\xAA"

kw88="\x56\xBB"

kw89="\x66\x24"

kw90="\x66\xFC"

kw91="\x66\xBF"

kw92="\xE0"

kw93="\x9A"

kw94="\x9D"

kw95="\x53\xB8"

kw96="\x53\xC0"

kw97="\x53\xB9"

kw98="\xB0"

kw99="\xBA"

kw100="\x54\xAA"

kw101="\x54\xBB"

kw102="\x54\xCC"

kw103="\x54\xDD"

kw104="\x54\xB0"

kw105="\x54\xBA"

kw106="\x54\xB2"

kw107="\x54\xB3"

kw108="\x2E\xB5\x24"

kw109="\x2F\xB5\x23"

kw110="\x23\x83\xE3"

kw111="\x55\xB0"

kw112="\x55\xB1"

kw113="\x55\xB2"

kw114="\x55\xB3"

kw115="\x55\xB4"

kw116="\x55\xB5"

kw117="\x55\xB6"

kw118="\x55\xB7"

kw119="\x55\xB8"

kw120="\x55\xB9"

kw121="\x55\xBA"

kw122="\x55\xBB"

kw123="\x55\xBC"

kw124="\x55\xBD"

kw125="\x55\xD0"

kw126="\x55\xD1"

kw127="\x55\xD2"

kw128="\x55\xD3"

kw129="\x55\xD4"

kw130="\x55\xD5"

kw131="\x55\xD6"

kw132="\x55\xD7"

kw133="\x55\xD8"

kw134="\x55\xD9"

kw135="\x55\xDA"

kw136="\x76\x70"

kw137="\x76\x71"

kw138="\x76\x72"

kw139="\x76\x73"

kw140="\x76\x74"

kw141="\x76\x75"

kw142="\xE1"

kw143="\xB5"

kw144="\x78\xB5"

kw145="\x9F"

kw146="\x7D\x7B"

kw147="\x62\x64"

kw148="\xE2"

kw149="\xE3"

kw150="\xE4"

kw151="\xE5"

kw152="\xE6"

kw153="\xE9"

kw154="\xED"

kw155="\xC0"

kw156="\xC1"

kw157="\xC6"

kw158="\xC7"

kw159="\xC4"

kw160="\x6D\x80"

kw161="\x62\x40"

kw162="\x50\x31"

kw163="\x50\x32"

kw164="\x50\x33"

kw165="\x50\x34"

kw166="\x50\x35"

kw167="\x42\x54"

kw168="\x42\x55"

kw169="\x47\xE1"

kw170="\x47\xE2"

kw171="\x47\xE7"

kw172="\x47\xE8"

kw173="\x47\xE3"

kw174="\x47\xE4"

kw175="\x47\xE5"

kw176="\x47\xE6"

kw177="\x1C\x53\xBB\x6B"

kw178="\xBB"

kw179="\xB3"

kw180="\xB7"

kw181="\xF7"

kw182="\xF1"

kw183="\xF0"

kw184="\xB2"

kw185="\x53\x78"

kw186="\xEA"

kw187="\xDB"

kw188="\x96"

kw189="\x97"

kw190="\x53\x5F"

kw191="\xEB"

kw192="\x19\x41\xA4\x69"

kw193="\x46\x7E"

kw194="\x46\x6E"

kw195="\x46\x60"

kw196="\x46\x5C"

kw197="\x46\xAE"

kw198="\x46\x75"

kw199="\x46\x61"

kw200="\x46\x62"

kw201="\x10\x43\xA7\x70"

kw202="\x45\xB9"

kw203="\x45\xBC"

kw204="\x45\xBD"

kw205="\x45\xDB"

kw206="\x45\xDD"

kw207="\xB6"

kw208="\x73\xC4"

kw209="\x56\x54"

kw210="\x91"

kw211="\x92"

kw212="\x98"

kw213="\x45\x98"

kw214="\x6E\x67"

kw215="\x6E\xBC"

kw216="\x63\xC3"

kw217="\x8F"

kw218="\x89"

kw219="\x80"

kw220="\x85"

kw221="\x43\x7C"

kw222="\x43\x7D"

kw223="\x43\x7E"

kw224="\x69\x44"

kw225="\x69\x55"

kw226="\x45\x0D"

kw227="\x69\x11"

kw228="\x69\x22"

kw229="\x69\x33"

kw230="\x12\x54\xC3\x67"

kw231="\x73\x73"

kw232="\x63\xC0"

kw233="\x68\xCA"

kw234="\x63\xCA"

kw235="\x63\xC5"

kw236="\x63\xC9"

kw237="\x67\xC8"

kw238="\x45\xA3"

kw239="\x44\x7A"

kw240="\x44\x7B"

kw241="\x44\x84"

kw242="\x44\x87"

kw243="\x44\x85"

/******************************************************************************

 *

 * Copyright (C) 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at:

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 *

 *****************************************************************************

 * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore

 */

#include "ExtractorFuzzerBase.h"

#ifdef MPEG2PS

#include "MPEG2PSExtractor.h"

#else

#include "MPEG2TSExtractor.h"

#endif

using namespace android;

class MPEG2Extractor : public ExtractorFuzzerBase {

 public:

  MPEG2Extractor() = default;

  ~MPEG2Extractor() = default;

  bool createExtractor();

};

bool MPEG2Extractor::createExtractor() {

#ifdef MPEG2PS

  mExtractor = new MPEG2PSExtractor(new DataSourceHelper(mDataSource->wrap()));

#else

  mExtractor = new MPEG2TSExtractor(new DataSourceHelper(mDataSource->wrap()));

#endif

  if (!mExtractor) {

    return false;

  }

  mExtractor->name();

  return true;

}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  if ((!data) || (size == 0)) {

    return 0;

  }

  MPEG2Extractor* extractor = new MPEG2Extractor();

  if (!extractor) {

    return 0;

  }

  if (extractor->setDataSource(data, size)) {

    if (extractor->createExtractor()) {

      extractor->getExtractorDef();

      extractor->extractTracks();

      extractor->extractTracks();

      extractor->getTracksMetadata();

    }

  }

  delete extractor;

  return 0;

}