Cap the number of fuzzed decoder packets to 200

The fuzzer figured out that 3 bytes is enough to fuzz a package. 2 bytes for packet length, and 1 byte of actual packet. A 20K test case can generate > 6000 packets. It does not seem like efficient fuzzing. This CL simply stops execution when 200 packets have been generated. That corresponds to 4 seconds of 20 ms packets. Bug: chromium:840115 Change-Id: Id2742a6f8021134bacd8a6e8c71b32f20c7f1086 Reviewed-on: https://webrtc-review.googlesource.com/88566 Reviewed-by: Alex Loiko <aleloi@webrtc.org> Commit-Queue: Sam Zackrisson <saza@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24000}
2018-07-13 16:00:31 +02:00
parent 684b401016
commit 35c773dad6
1 changed files with 7 additions and 2 deletions
--- a/test/fuzzers/audio_decoder_fuzzer.cc
+++ b/test/fuzzers/audio_decoder_fuzzer.cc
@ -51,8 +51,13 @@ void FuzzAudioDecoder(DecoderFunctionType decode_type,
  const uint8_t* data_ptr = data;
  size_t remaining_size = size;
  size_t packet_len;
-  while (ParseInt<size_t, 2>(&data_ptr, &remaining_size, &packet_len) &&
+  constexpr size_t kMaxNumFuzzedPackets = 200;
-         packet_len <= remaining_size) {
+  for (size_t num_packets = 0; num_packets < kMaxNumFuzzedPackets;
       ++num_packets) {
    if (!(ParseInt<size_t, 2>(&data_ptr, &remaining_size, &packet_len) &&
          packet_len <= remaining_size)) {
      break;
    }
    AudioDecoder::SpeechType speech_type;
    switch (decode_type) {
      case DecoderFunctionType::kNormalDecode: