From 7593691aadc7e1e9c5f17fd26424abe337d56302 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 31 Dec 2021 04:30:43 +0900 Subject: fuzzers: add input size limits, always configure limits in two ways MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Without the size limits, oss-fuzz creates huge samples that time out. Usually this is because some of our code has bad algorithmic complexity. For data like configuration samples we don't need to care about this: non-rogue configs are rarely more than a few items, and a bit of a slowdown with a few hundred items is acceptable. This wouldn't be OK for processing of untrusted data though. We need to set the limit in two ways: through .options and in the code. The first because it nicely allows libFuzzer to avoid wasting time, and the second because fuzzers like hongfuzz and afl don't support .options. While at it, let's fix an off-by-one (65535 is the largest offset for a power-of-two size, but we're checking the size here). Co-authored-by: Zbigniew Jędrzejewski-Szmek --- src/journal-remote/fuzz-journal-remote.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/journal-remote') diff --git a/src/journal-remote/fuzz-journal-remote.c b/src/journal-remote/fuzz-journal-remote.c index a8e56e21b2..dd7884ee9a 100644 --- a/src/journal-remote/fuzz-journal-remote.c +++ b/src/journal-remote/fuzz-journal-remote.c @@ -24,7 +24,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; int r; - if (size <= 2) + if (size <= 2 || size > 65536) return 0; if (!getenv("SYSTEMD_LOG_LEVEL")) -- cgit v1.2.1