From 800a10309d59ab27668e76000fad51735ba1569f Mon Sep 17 00:00:00 2001
From: Elad Alon <eladalon@webrtc.org>
Date: Sun, 7 Apr 2019 23:50:08 +0200
Subject: [PATCH] Fix timeout in rtcp_receiver_fuzzer - limit input length

rtcp_receiver_fuzzer was running over inputs of unreasonable
length, leading to timeouts. RTCP typically runs over UDP.
This CL limits the inputs to a bit over the max UDP payload length.

Bug: chromium:948469
Change-Id: I669a5b24c265bb3b6da2503da109efed32c25182
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/131393
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Commit-Queue: Elad Alon <eladalon@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27482}
---
 test/fuzzers/rtcp_receiver_fuzzer.cc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/test/fuzzers/rtcp_receiver_fuzzer.cc b/test/fuzzers/rtcp_receiver_fuzzer.cc
index 80086944fd..f729e55f13 100644
--- a/test/fuzzers/rtcp_receiver_fuzzer.cc
+++ b/test/fuzzers/rtcp_receiver_fuzzer.cc
@@ -17,6 +17,10 @@ namespace {
 
 constexpr int kRtcpIntervalMs = 1000;
 
+// RTCP is typically sent over UDP, which has a maximum payload length
+// of 65535 bytes. We err on the side of caution and check a bit above that.
+constexpr size_t kMaxInputLenBytes = 66000;
+
 class NullModuleRtpRtcp : public RTCPReceiver::ModuleRtpRtcp {
  public:
   void SetTmmbn(std::vector<rtcp::TmmbItem>) override {}
@@ -28,6 +32,10 @@ class NullModuleRtpRtcp : public RTCPReceiver::ModuleRtpRtcp {
 }  // namespace
 
 void FuzzOneInput(const uint8_t* data, size_t size) {
+  if (size > kMaxInputLenBytes) {
+    return;
+  }
+
   NullModuleRtpRtcp rtp_rtcp_module;
   SimulatedClock clock(1234);