diff mbox series

[FFmpeg-devel,1/8] tools/target_dem_fuzzer: Limit max blocks

Message ID 20201024222312.5806-1-michael@niedermayer.cc
State Accepted
Headers show
Series [FFmpeg-devel,1/8] tools/target_dem_fuzzer: Limit max blocks
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished

Commit Message

Michael Niedermayer Oct. 24, 2020, 10:23 p.m. UTC
With a IO block size of 1 byte potentially megabytes are quite slow to read, thus
limit the number

Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184
Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696
Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083
Fixes: 26525/clusterfuzz-testcase-minimized-ffmpeg_dem_MSNWC_TCP_fuzzer-5121987011411968
Fixes: 26538/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5441800598454272
Fixes: OOM
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 tools/target_dem_fuzzer.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Michael Niedermayer Oct. 25, 2020, 9:02 a.m. UTC | #1
On Sun, Oct 25, 2020 at 12:23:05AM +0200, Michael Niedermayer wrote:
> With a IO block size of 1 byte potentially megabytes are quite slow to read, thus
> limit the number
> 
> Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184
> Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696
> Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083
> Fixes: 26525/clusterfuzz-testcase-minimized-ffmpeg_dem_MSNWC_TCP_fuzzer-5121987011411968
> Fixes: 26538/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5441800598454272
> Fixes: OOM
> Fixes: Timeout

This affects a growing number of cases ...
will apply

[...]
diff mbox series

Patch

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index 8c9e373367..6f4f062f13 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -86,6 +86,7 @@  static int64_t io_seek(void *opaque, int64_t offset, int whence)
 
 // Ensure we don't loop forever
 const uint32_t maxiteration = 8096;
+const int maxblocks= 100000;
 
 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
 
@@ -158,6 +159,10 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             av_strlcatf(filename, sizeof(filename), ".%s", extension);
         }
     }
+
+    if (!io_buffer_size || size / io_buffer_size > maxblocks)
+        io_buffer_size = size;
+
     io_buffer = av_malloc(io_buffer_size);
     if (!io_buffer)
         error("Failed to allocate io_buffer");