← All libraries
Audio/Video · C
How to fuzz libtheora
Theora video codec reference implementation — older format, still embedded in many tools
libtheora is still used by GStreamer, libavcodec fallbacks, and Ogg-aware media players. The codec hasn't received the OSS-Fuzz attention libvpx has — the parser surface is overdue for coverage.
Common bug classes
- •Heap overflows in DCT block decoding
- •Out-of-bounds reads in macroblock superblock walks
- •Integer overflow in width / height arithmetic
Recommended setup
Fuzzers
- → libFuzzer
- → AFL++
Sanitizers
- → ASan
- → UBSan
Harness scaffold
#include <theora/theoradec.h>
#include <ogg/ogg.h>
#include <stddef.h>
#include <stdint.h>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
th_info ti;
th_comment tc;
th_setup_info *setup = nullptr;
th_info_init(&ti);
th_comment_init(&tc);
ogg_packet pkt;
memset(&pkt, 0, sizeof pkt);
pkt.packet = (unsigned char *)data;
pkt.bytes = (long)size;
pkt.b_o_s = 1;
th_decode_headerin(&ti, &tc, &setup, &pkt);
th_setup_free(setup);
th_info_clear(&ti);
th_comment_clear(&tc);
return 0;
}Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.
Push the harness above + a Dockerfile. First month 50% off.