diff options
| -rw-r--r-- | fuzz/pchg_fuzz.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/fuzz/pchg_fuzz.c b/fuzz/pchg_fuzz.c index 301a592617..97dbca74c4 100644 --- a/fuzz/pchg_fuzz.c +++ b/fuzz/pchg_fuzz.c @@ -40,8 +40,9 @@ static pthread_cond_t done_cond; static pthread_mutex_t lock; #define MAX_MESSAGES 8 -static uint8_t input[ - MAX_MESSAGES * 256 * member_size(struct ctn730_msg, length)]; +#define MAX_MESSAGE_SIZE (sizeof(struct ctn730_msg) \ + + member_size(struct ctn730_msg, length) * 256) +static uint8_t input[MAX_MESSAGE_SIZE * MAX_MESSAGES]; static uint8_t *head, *tail; static bool data_available; @@ -102,7 +103,8 @@ void run_test(int argc, char **argv) int test_fuzz_one_input(const uint8_t *data, unsigned int size) { - if (size < sizeof(struct ctn730_msg)) + /* We're not interested in too small or too large input. */ + if (size < sizeof(struct ctn730_msg) || sizeof(input) < size) return 0; pthread_mutex_init(&lock, NULL); |