| Message ID | 20201024222312.5806-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [FFmpeg-devel,1/8] tools/target_dem_fuzzer: Limit max blocks | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
On Sun, Oct 25, 2020 at 12:23:05AM +0200, Michael Niedermayer wrote: > With a IO block size of 1 byte potentially megabytes are quite slow to read, thus > limit the number > > Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184 > Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696 > Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083 > Fixes: 26525/clusterfuzz-testcase-minimized-ffmpeg_dem_MSNWC_TCP_fuzzer-5121987011411968 > Fixes: 26538/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5441800598454272 > Fixes: OOM > Fixes: Timeout This affects a growing number of cases ... will apply [...]
diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c index 8c9e373367..6f4f062f13 100644 --- a/tools/target_dem_fuzzer.c +++ b/tools/target_dem_fuzzer.c @@ -86,6 +86,7 @@ static int64_t io_seek(void *opaque, int64_t offset, int whence) // Ensure we don't loop forever const uint32_t maxiteration = 8096; +const int maxblocks= 100000; static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL; @@ -158,6 +159,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { av_strlcatf(filename, sizeof(filename), ".%s", extension); } } + + if (!io_buffer_size || size / io_buffer_size > maxblocks) + io_buffer_size = size; + io_buffer = av_malloc(io_buffer_size); if (!io_buffer) error("Failed to allocate io_buffer");
With a IO block size of 1 byte potentially megabytes are quite slow to read, thus limit the number Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184 Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696 Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083 Fixes: 26525/clusterfuzz-testcase-minimized-ffmpeg_dem_MSNWC_TCP_fuzzer-5121987011411968 Fixes: 26538/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5441800598454272 Fixes: OOM Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- tools/target_dem_fuzzer.c | 5 +++++ 1 file changed, 5 insertions(+)