The fuzzer plugin for MPEG4/H263 is designed based on the understanding of the codec and tries to achieve the following:
Dict files (dictionary files) are created for MPEG4 and H263 to ensure that the required start bytes are present in every input file that goes to the fuzzer. This ensures that decoder does not reject any input file in the first check
The plugin feeds the entire input data to the codec using a loop.
This ensures that the plugin tolerates any kind of input (empty, huge, malformed, etc) and doesnt exit()
on any input and thereby increasing the chance of identifying vulnerabilities.
This describes steps to build mpeg4_dec_fuzzer and h263_dec_fuzzer binary.
Build the fuzzer
$ mm -j$(nproc) mpeg4_dec_fuzzer $ mm -j$(nproc) h263_dec_fuzzer
Create a directory CORPUS_DIR and copy some MPEG4 or H263 files to that folder Push this directory to device.
To run on device
$ adb sync data $ adb shell /data/fuzz/arm64/mpeg4_dec_fuzzer/mpeg4_dec_fuzzer CORPUS_DIR $ adb shell /data/fuzz/arm64/h263_dec_fuzzer/h263_dec_fuzzer CORPUS_DIR
To run on host
$ $ANDROID_HOST_OUT/fuzz/x86_64/mpeg4_dec_fuzzer/mpeg4_dec_fuzzer CORPUS_DIR $ $ANDROID_HOST_OUT/fuzz/x86_64/h263_dec_fuzzer/h263_dec_fuzzer CORPUS_DIR