diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-12-30 20:30:43 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-05-12 13:31:11 +0200 |
| commit | 7593691aadc7e1e9c5f17fd26424abe337d56302 (patch) | |
| tree | 679f27ca634c56508788eee6d3809c71c1c48005 /src/nspawn/fuzz-nspawn-oci.c | |
| parent | fuzz-dhcp-server: remove limit on input size (diff) | |
| download | systemd-7593691aadc7e1e9c5f17fd26424abe337d56302.tar.xz systemd-7593691aadc7e1e9c5f17fd26424abe337d56302.zip | |
fuzzers: add input size limits, always configure limits in two ways
Without the size limits, oss-fuzz creates huge samples that time out. Usually
this is because some of our code has bad algorithmic complexity. For data like
configuration samples we don't need to care about this: non-rogue configs are
rarely more than a few items, and a bit of a slowdown with a few hundred items
is acceptable. This wouldn't be OK for processing of untrusted data though.
We need to set the limit in two ways: through .options and in the code. The
first because it nicely allows libFuzzer to avoid wasting time, and the second
because fuzzers like hongfuzz and afl don't support .options.
While at it, let's fix an off-by-one (65535 is the largest offset for a
power-of-two size, but we're checking the size here).
Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Diffstat (limited to 'src/nspawn/fuzz-nspawn-oci.c')
| -rw-r--r-- | src/nspawn/fuzz-nspawn-oci.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/nspawn/fuzz-nspawn-oci.c b/src/nspawn/fuzz-nspawn-oci.c index 91f2a81dfc..7110a66187 100644 --- a/src/nspawn/fuzz-nspawn-oci.c +++ b/src/nspawn/fuzz-nspawn-oci.c @@ -9,6 +9,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_(settings_freep) Settings *s = NULL; + if (size > 65536) + return 0; + f = data_to_file(data, size); assert_se(f); |