walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[set fuzzer] limit the total number of set members in a fuzzing input. 

Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.
This commit is contained in:
Garret Rieger 2021-01-25 15:57:42 -08:00 committed by Behdad Esfahbod
parent b198d94489
commit f94bf9f06f
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/fuzzing/hb-set-fuzzer.cc
View File

@ -7,6 +7,12 @@
#include "hb.h" #include "hb.h"
// Only allow ~5,000 set values between the two input sets.
// Arbitarily long input sets do not trigger any meaningful
// differences in behaviour so there's no benefit from allowing
// the fuzzer to create super large sets.
#define MAX_INPUT_SIZE 20000
enum set_operation_t : uint8_t enum set_operation_t : uint8_t
{ {
INTERSECT = 0, INTERSECT = 0,
@ -37,6 +43,9 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
if (size < sizeof (instructions_t)) if (size < sizeof (instructions_t))
return 0; return 0;
if (size > MAX_INPUT_SIZE)
return 0;
#pragma GCC diagnostic push #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wstrict-aliasing" #pragma GCC diagnostic ignored "-Wstrict-aliasing"
const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data); const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);