aom: Improve fuzzer coverage

From 8db7d7893078a12e89cfdae35b25da97a933ab0b Mon Sep 17 00:00:00 2001
From: Philippe Antoine <[EMAIL REDACTED]>
Date: Tue, 9 Jan 2024 15:50:27 +0100
Subject: [PATCH] Improve fuzzer coverage

- Use four boolean codec controls :
  - AV1_SET_TILE_MODE
  - AV1D_EXT_TILE_DEBUG
  - AV1D_SET_IS_ANNEXB
  - AV1D_SET_OUTPUT_ALL_LAYERS
- Use AV1D_SET_OPERATING_POINT codec control

Change-Id: I23b79a58ae4ec01ffa7f8ea4b536fc5b0a46b55e
---
 examples/av1_dec_fuzzer.cc | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/examples/av1_dec_fuzzer.cc b/examples/av1_dec_fuzzer.cc
index 9b9a0b9cb6..e9388b7062 100644
--- a/examples/av1_dec_fuzzer.cc
+++ b/examples/av1_dec_fuzzer.cc
@@ -34,6 +34,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     return 0;
   }
 
+  // Abusing the four unused bytes at the end of the IVF file header as a source
+  // of random bits.
+  unsigned int tile_mode = (data[IVF_FILE_HDR_SZ - 1] & 2) != 0;
+  unsigned int ext_tile_debug = (data[IVF_FILE_HDR_SZ - 1] & 4) != 0;
+  unsigned int is_annexb = (data[IVF_FILE_HDR_SZ - 1] & 8) != 0;
+  int output_all_layers = (data[IVF_FILE_HDR_SZ - 1] & 0x10) != 0;
+  int operating_point = data[IVF_FILE_HDR_SZ - 2] & 0x1F;
+
   aom_codec_iface_t *codec_interface = aom_codec_av1_dx();
   aom_codec_ctx_t codec;
   // Set thread count in the range [1, 64].
@@ -42,6 +50,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   if (aom_codec_dec_init(&codec, codec_interface, &cfg, 0)) {
     return 0;
   }
+  AOM_CODEC_CONTROL_TYPECHECKED(&codec, AV1_SET_TILE_MODE, tile_mode);
+  AOM_CODEC_CONTROL_TYPECHECKED(&codec, AV1D_EXT_TILE_DEBUG, ext_tile_debug);
+  AOM_CODEC_CONTROL_TYPECHECKED(&codec, AV1D_SET_IS_ANNEXB, is_annexb);
+  AOM_CODEC_CONTROL_TYPECHECKED(&codec, AV1D_SET_OUTPUT_ALL_LAYERS,
+                                output_all_layers);
+  AOM_CODEC_CONTROL_TYPECHECKED(&codec, AV1D_SET_OPERATING_POINT,
+                                operating_point);
 
   data += IVF_FILE_HDR_SZ;
   size -= IVF_FILE_HDR_SZ;