diff mbox series

[FFmpeg-devel,7/8] tools/target_dem_fuzzer: Limit max blocks

Message ID 20201023183940.31485-7-michael@niedermayer.cc
State Accepted
Headers show
Series [FFmpeg-devel,1/8] avcodec/magicyuv: Check slice size before reading flags and pred
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished

Commit Message

Michael Niedermayer Oct. 23, 2020, 6:39 p.m. UTC
With a IO block size of 1 byte potentially megabytes are quite slow to read, thus
limit the number

Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184
Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696
Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083
Fixes: OOM
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dem_fuzzer.c | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index 992b1a4d89..dbfed6354a 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -88,6 +88,7 @@  static int64_t io_seek(void *opaque, int64_t offset, int whence)
 
 // Ensure we don't loop forever
 const uint32_t maxiteration = 8096;
+const int maxblocks= 100000;
 
 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
 
@@ -160,6 +161,10 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             av_strlcatf(filename, sizeof(filename), ".%s", extension);
         }
     }
+
+    if (!io_buffer_size || size / io_buffer_size > maxblocks)
+        io_buffer_size = size;
+
     io_buffer = av_malloc(io_buffer_size);
     if (!io_buffer)
         error("Failed to allocate io_buffer");