1 /******************************************************************************
2  *
3  * Copyright (C) 2020 The Android Open Source Project
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  *****************************************************************************
18  * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
19  */
20 #include "mp4dec_api.h"
21 #define MPEG4_MAX_WIDTH 1920
22 #define MPEG4_MAX_HEIGHT 1080
23 #define H263_MAX_WIDTH 352
24 #define H263_MAX_HEIGHT 288
25 #define DEFAULT_WIDTH 352
26 #define DEFAULT_HEIGHT 288
27 
28 constexpr size_t kMaxNumDecodeCalls = 100;
29 constexpr uint8_t kNumOutputBuffers = 2;
30 constexpr int kLayer = 1;
31 
32 struct tagvideoDecControls;
33 
34 /* == ceil(num / den) * den. T must be integer type, alignment must be positive power of 2 */
35 template <class T, class U>
align(const T & num,const U & den)36 inline static const T align(const T &num, const U &den) {
37   return (num + (T)(den - 1)) & (T) ~(den - 1);
38 }
39 
40 class Codec {
41  public:
42   Codec() = default;
~Codec()43   ~Codec() { deInitDecoder(); }
44   bool initDecoder();
45   bool allocOutputBuffer(size_t outputBufferSize);
46   void freeOutputBuffer();
47   void handleResolutionChange();
48   void decodeFrames(const uint8_t *data, size_t size);
49   void deInitDecoder();
50 
51  private:
52   tagvideoDecControls *mDecHandle = nullptr;
53   uint8_t *mOutputBuffer[kNumOutputBuffers];
54   bool mInitialized = false;
55   bool mFramesConfigured = false;
56 #ifdef MPEG4
57   MP4DecodingMode mInputMode = MPEG4_MODE;
58   size_t mMaxWidth = MPEG4_MAX_WIDTH;
59   size_t mMaxHeight = MPEG4_MAX_HEIGHT;
60 #else
61   MP4DecodingMode mInputMode = H263_MODE;
62   size_t mMaxWidth = H263_MAX_WIDTH;
63   size_t mMaxHeight = H263_MAX_HEIGHT;
64 #endif
65   uint32_t mNumSamplesOutput = 0;
66   uint32_t mWidth = DEFAULT_WIDTH;
67   uint32_t mHeight = DEFAULT_HEIGHT;
68 };
69 
initDecoder()70 bool Codec::initDecoder() {
71   mDecHandle = new tagvideoDecControls;
72   if (!mDecHandle) {
73     return false;
74   }
75   memset(mDecHandle, 0, sizeof(tagvideoDecControls));
76   return true;
77 }
78 
allocOutputBuffer(size_t outputBufferSize)79 bool Codec::allocOutputBuffer(size_t outputBufferSize) {
80   for (uint8_t i = 0; i < kNumOutputBuffers; ++i) {
81     if (!mOutputBuffer[i]) {
82       mOutputBuffer[i] = static_cast<uint8_t *>(malloc(outputBufferSize));
83       if (!mOutputBuffer[i]) {
84         return false;
85       }
86     }
87   }
88   return true;
89 }
90 
freeOutputBuffer()91 void Codec::freeOutputBuffer() {
92   for (uint8_t i = 0; i < kNumOutputBuffers; ++i) {
93     if (mOutputBuffer[i]) {
94       free(mOutputBuffer[i]);
95       mOutputBuffer[i] = nullptr;
96     }
97   }
98 }
99 
handleResolutionChange()100 void Codec::handleResolutionChange() {
101   int32_t dispWidth, dispHeight;
102   PVGetVideoDimensions(mDecHandle, &dispWidth, &dispHeight);
103 
104   int32_t bufWidth, bufHeight;
105   PVGetBufferDimensions(mDecHandle, &bufWidth, &bufHeight);
106 
107   if (dispWidth != mWidth || dispHeight != mHeight) {
108     mWidth = dispWidth;
109     mHeight = dispHeight;
110   }
111 }
112 
decodeFrames(const uint8_t * data,size_t size)113 void Codec::decodeFrames(const uint8_t *data, size_t size) {
114   size_t outputBufferSize = align(mMaxWidth, 16) * align(mMaxHeight, 16) * 3 / 2;
115   uint8_t *start_code = const_cast<uint8_t *>(data);
116   static const uint8_t volInfo[] = {0x00, 0x00, 0x01, 0xB0};
117   bool volHeader = memcmp(start_code, volInfo, 4) == 0;
118   if (volHeader) {
119     PVCleanUpVideoDecoder(mDecHandle);
120     mInitialized = false;
121   }
122 
123   if (!mInitialized) {
124     uint8_t *volData[1]{};
125     int32_t volSize = 0;
126 
127     if (volHeader) { /* removed some codec config part */
128       volData[0] = const_cast<uint8_t *>(data);
129       volSize = size;
130     }
131 
132     if (!PVInitVideoDecoder(mDecHandle, volData, &volSize, kLayer, mMaxWidth, mMaxHeight,
133                             mInputMode)) {
134       return;
135     }
136     mInitialized = true;
137     MP4DecodingMode actualMode = PVGetDecBitstreamMode(mDecHandle);
138     if (mInputMode != actualMode) {
139       return;
140     }
141 
142     PVSetPostProcType(mDecHandle, 0);
143   }
144   size_t yFrameSize = sizeof(uint8) * mDecHandle->size;
145   if (outputBufferSize < yFrameSize * 3 / 2) {
146     return;
147   }
148   if (!allocOutputBuffer(outputBufferSize)) {
149     return;
150   }
151   size_t numDecodeCalls = 0;
152   while ((size > 0) && (numDecodeCalls < kMaxNumDecodeCalls)) {
153     if (!mFramesConfigured) {
154       PVSetReferenceYUV(mDecHandle, mOutputBuffer[1]);
155       mFramesConfigured = true;
156     }
157 
158     // Need to check if header contains new info, e.g., width/height, etc.
159     VopHeaderInfo header_info;
160     uint32_t useExtTimestamp = (numDecodeCalls == 0);
161     int32_t tempSize = (int32_t)size;
162     uint8_t *bitstreamTmp = const_cast<uint8_t *>(data);
163     uint32_t timestamp = 0;
164     if (PVDecodeVopHeader(mDecHandle, &bitstreamTmp, &timestamp, &tempSize, &header_info,
165                           &useExtTimestamp, mOutputBuffer[mNumSamplesOutput & 1]) != PV_TRUE) {
166       return;
167     }
168 
169     handleResolutionChange();
170 
171     PVDecodeVopBody(mDecHandle, &tempSize);
172     uint32_t bytesConsumed = 1;
173     if (size > tempSize) {
174       bytesConsumed = size - tempSize;
175     }
176     data += bytesConsumed;
177     size -= bytesConsumed;
178     ++mNumSamplesOutput;
179     ++numDecodeCalls;
180   }
181   freeOutputBuffer();
182 }
183 
deInitDecoder()184 void Codec::deInitDecoder() {
185   PVCleanUpVideoDecoder(mDecHandle);
186   delete mDecHandle;
187   mDecHandle = nullptr;
188   mInitialized = false;
189   freeOutputBuffer();
190 }
191 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)192 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
193   if (size < 4) {
194     return 0;
195   }
196   Codec *codec = new Codec();
197   if (!codec) {
198     return 0;
199   }
200   if (codec->initDecoder()) {
201     codec->decodeFrames(data, size);
202   }
203   delete codec;
204   return 0;
205 }
206