[FFmpeg-devel] [PATCH 1/8] tools/target_dem_fuzzer: Limit max blocks

[Michael Niedermayer]

With a IO block size of 1 byte potentially megabytes are quite slow to read, thus
limit the number

Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184
Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696
Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083
Fixes: 26525/clusterfuzz-testcase-minimized-ffmpeg_dem_MSNWC_TCP_fuzzer-5121987011411968
Fixes: 26538/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5441800598454272
Fixes: OOM
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 tools/target_dem_fuzzer.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index 8c9e373367..6f4f062f13 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -86,6 +86,7 @@ static int64_t io_seek(void *opaque, int64_t offset, int whence)
 
 // Ensure we don't loop forever
 const uint32_t maxiteration = 8096;
+const int maxblocks= 100000;
 
 static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL;
 
@@ -158,6 +159,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             av_strlcatf(filename, sizeof(filename), ".%s", extension);
         }
     }
+
+    if (!io_buffer_size || size / io_buffer_size > maxblocks)
+        io_buffer_size = size;
+
     io_buffer = av_malloc(io_buffer_size);
     if (!io_buffer)
         error("Failed to allocate io_buffer");
-- 
2.17.1