From 2054d872d48f315d4658f0871d914061a35eda2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Sat, 2 Nov 2024 02:04:51 +0100
Subject: [PATCH] m_property: stop expanding strings after 10 properties during
 fuzzing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Some properties, like `${decoder-list}`, are resource-intensive to
expand. Prevent fuzzing from generating strings with excessive
expansions to encourage shorter test cases.

Expanding properties on each playback frame for `osd-msg1` can be
demanding. However, in regular use cases, this typically isn’t an issue,
so implementing a caching solution wouldn’t be practical in real
scenarios.

Fixes timeouts on OSS-Fuzz.
---
 options/m_property.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/options/m_property.c b/options/m_property.c
index eb3f78e847..94e2d18a3b 100644
--- a/options/m_property.c
+++ b/options/m_property.c
@@ -293,6 +293,9 @@ char *m_properties_expand_string(const struct m_property *prop_list,
     bool skip = false;
     int level = 0, skip_level = 0;
     bstr str = bstr0(str0);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    int n = 0;
+#endif
 
     while (str.len) {
         if (level > 0 && bstr_eatstart0(&str, "}")) {
@@ -311,6 +314,10 @@ char *m_properties_expand_string(const struct m_property *prop_list,
             bool have_fallback = bstr_eatstart0(&str, ":");
 
             if (!skip) {
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+                if (n++ > 10)
+                    break;
+#endif
                 skip = expand_property(prop_list, &ret, &ret_len, name,
                                        have_fallback, ctx);
                 if (skip)