Chiebot-Mirror
/
harfbuzz
mirror of https://github.com/harfbuzz/harfbuzz.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[set fuzzer] limit the total number of set members in a fuzzing input.

Browse Source 
Currently the fuzzer can create arbitarily long inputs which once big enough will trigger a timeout.
pull/2836/head
Garret Rieger 4 years ago committed by Behdad Esfahbod
parent b198d94489
commit f94bf9f06f
1 changed files with 9 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      test/fuzzing/hb-set-fuzzer.cc

9
test/fuzzing/hb-set-fuzzer.cc
Unescape View File

@ -7,6 +7,12 @@
#include "hb.h" #include "hb.h"
// Only allow ~5,000 set values between the two input sets.
// Arbitarily long input sets do not trigger any meaningful
// differences in behaviour so there's no benefit from allowing
// the fuzzer to create super large sets.
#define MAX_INPUT_SIZE 20000
enum set_operation_t : uint8_t enum set_operation_t : uint8_t
{ {
INTERSECT = 0, INTERSECT = 0,
@ -37,6 +43,9 @@ extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
if (size < sizeof (instructions_t)) if (size < sizeof (instructions_t))
return 0; return 0;
if (size > MAX_INPUT_SIZE)
return 0;
#pragma GCC diagnostic push #pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wstrict-aliasing" #pragma GCC diagnostic ignored "-Wstrict-aliasing"
const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data); const instructions_t &instructions = reinterpret_cast<const instructions_t &> (data);

Write Preview
Loading…
Cancel
Save