From c3de4f04db55ec873d2c5cbfd9bd320a6db334dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= Date: Sat, 22 Jun 2024 18:42:47 +0200 Subject: [PATCH] fuzzer_load: disallow include option in config files It produces undeterministic results, especially if it do `include=fd://N` which starts loading external data. --- fuzzers/fuzzer_load.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/fuzzers/fuzzer_load.c b/fuzzers/fuzzer_load.c index 1bfd950211..02d96722e1 100644 --- a/fuzzers/fuzzer_load.c +++ b/fuzzers/fuzzer_load.c @@ -28,6 +28,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { +#if defined(MPV_LOAD_CONFIG_FILE) || defined(MPV_LOAD_INPUT_CONF) + if (memmem(data, size, "include", sizeof("include") - 1)) + return 0; +#endif + // fmemopen doesn't have associated file descriptor, so we do copy. int fd = memfd_create("fuzz_mpv_load", 0); if (fd == -1)