dcsctp: Restrict fuzzing input length
Restricting the fizzing input length according to the instructions at https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/getting_started.md#common-tricks Without this limit, it finds inputs that are unreasonably large (160kB+) that just make the ASAN built fuzzer hit the default timeout of 60s. Bug: webrtc:12614 Change-Id: I1417f22698fba8d9bd2c56f8c3d51850b8f00f54 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/219161 Reviewed-by: Florent Castelli <orphis@webrtc.org> Commit-Queue: Victor Boivie <boivie@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34034}
This commit is contained in:
Victor Boivie
committed by
WebRTC LUCI CQ
WebRTC LUCI CQ
parent
718acf6c1d
commit
92bd9020af
@ -35,6 +35,8 @@ namespace dcsctp {
|
|||||||
namespace dcsctp_fuzzers {
|
namespace dcsctp_fuzzers {
|
||||||
namespace {
|
namespace {
|
||||||
static constexpr int kRandomValue = FuzzerCallbacks::kRandomValue;
|
static constexpr int kRandomValue = FuzzerCallbacks::kRandomValue;
|
||||||
|
static constexpr size_t kMinInputLength = 5;
|
||||||
|
static constexpr size_t kMaxInputLength = 1024;
|
||||||
|
|
||||||
// A starting state for the socket, when fuzzing.
|
// A starting state for the socket, when fuzzing.
|
||||||
enum class StartingState : int {
|
enum class StartingState : int {
|
||||||
@ -396,7 +398,7 @@ std::vector<uint8_t> GeneratePacket(FuzzState& state) {
|
|||||||
void FuzzSocket(DcSctpSocketInterface& socket,
|
void FuzzSocket(DcSctpSocketInterface& socket,
|
||||||
FuzzerCallbacks& cb,
|
FuzzerCallbacks& cb,
|
||||||
rtc::ArrayView<const uint8_t> data) {
|
rtc::ArrayView<const uint8_t> data) {
|
||||||
if (data.size() < 5) {
|
if (data.size() < kMinInputLength || data.size() > kMaxInputLength) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (data[0] >= static_cast<int>(StartingState::kNumberOfStates)) {
|
if (data[0] >= static_cast<int>(StartingState::kNumberOfStates)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user