forked from R00tkitSMM/CVE-2024-27804
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvtdecode.m
87 lines (70 loc) · 2.46 KB
/
vtdecode.m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#include <dlfcn.h>
#include <stdio.h>
#import <AVFoundation/AVFoundation.h>
typedef void (*t_VTApplyRestrictions)(int arg);
t_VTApplyRestrictions VTApplyRestrictions;
#if defined(WIN32) || defined(_WIN32) || defined(__WIN32)
#define FUZZ_TARGET_MODIFIERS __declspec(dllexport)
#else
#define FUZZ_TARGET_MODIFIERS __attribute__((noinline))
#endif
int FUZZ_TARGET_MODIFIERS fuzz(const char *filename) {
@autoreleasepool {
NSError *error = nil;
NSURL *fileURL = [NSURL
fileURLWithPath:[NSString stringWithCString:filename
encoding:NSASCIIStringEncoding]];
AVAsset *asset = [AVAsset assetWithURL:fileURL];
if (asset == nil)
return 0;
AVAssetReader *reader = [[AVAssetReader alloc] initWithAsset:asset
error:&error];
if (reader == nil)
return 0;
NSArray *tracks = [asset tracksWithMediaType:AVMediaTypeVideo];
if (tracks == nil || ([tracks count] == 0))
return 0;
AVAssetTrack *track = tracks[0];
NSDictionary *outputSettings = [NSDictionary
dictionaryWithObject:[NSNumber numberWithInt:kCMPixelFormat_32BGRA]
forKey:(id)kCVPixelBufferPixelFormatTypeKey];
AVAssetReaderTrackOutput *output = [AVAssetReaderTrackOutput
assetReaderTrackOutputWithTrack:track
outputSettings:outputSettings];
[reader addOutput:output];
[reader startReading];
for (int frame = 0; frame < 2; frame++) {
// printf("Frame %d\n", frame);
CMSampleBufferRef sampleBuffer = [output copyNextSampleBuffer];
if (sampleBuffer == nil)
break;
CMSampleBufferInvalidate(sampleBuffer);
CFRelease(sampleBuffer);
sampleBuffer = NULL;
}
}
return 1;
}
int main(int argc, const char *argv[]) {
if (argc < 2) {
printf("Usage: %s <filename>\n", argv[0]);
return 0;
}
// make decoding run in the current process instead of VTDecoderXPCService
void *toolbox = dlopen("/System/Library/Frameworks/VideoToolbox.framework/"
"Versions/A/VideoToolbox",
RTLD_NOW);
if (!toolbox) {
printf("Error loading library\n");
return 0;
}
VTApplyRestrictions =
(t_VTApplyRestrictions)dlsym(toolbox, "VTApplyRestrictions");
if (!VTApplyRestrictions) {
printf("Error finding VTApplyRestrictions symbol\n");
return 0;
}
VTApplyRestrictions(1);
fuzz(argv[1]);
return 0;
}