Speed up undefined behavior fuzzing of decoder (#753)

xiph · Oct 9, 2024 · 155e206 · 155e206
1 parent 2a23a2a
commit 155e206
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/src/libFLAC/md5.c b/src/libFLAC/md5.c
@@ -52,6 +52,11 @@
  * reflect the addition of 16 longwords of new data.  MD5Update blocks
  * the data and converts bytes into longwords for this routine.
  */
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+/* This tremendously speeds up undefined behaviour fuzzing */
+__attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
 static void FLAC__MD5Transform(FLAC__uint32 buf[4], FLAC__uint32 const in[16])
 {
 	register FLAC__uint32 a, b, c, d;

diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
@@ -2281,11 +2281,13 @@ FLAC__bool read_frame_(FLAC__StreamDecoder *decoder, FLAC__bool *got_a_frame, FL
 			undo_channel_coding(decoder);
 			/* Check whether decoded data actually fits bps */
 			for(channel = 0; channel < decoder->private_->frame.header.channels; channel++) {
+				int shift_bits = 32 - decoder->private_->frame.header.bits_per_sample;
+				int lower_limit = INT32_MIN >> shift_bits;
+				int upper_limit = INT32_MAX >> shift_bits;
 				for(i = 0; i < decoder->private_->frame.header.blocksize; i++) {
-					int shift_bits = 32 - decoder->private_->frame.header.bits_per_sample;
 					/* Check whether shift_bits MSBs are 'empty' by shifting up and down */
-					if((decoder->private_->output[channel][i] < (INT32_MIN >> shift_bits)) ||
-					   (decoder->private_->output[channel][i] > (INT32_MAX >> shift_bits))) {
+					if((decoder->private_->output[channel][i] < lower_limit) ||
+					   (decoder->private_->output[channel][i] > upper_limit)) {
 						/* Bad frame, emit error */
 						send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_OUT_OF_BOUNDS);
 						decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;