fuzzer_load_{config_file,input_conf}: take into account file size limit

We are strict about load command errors, so we have to clamp the size.
2024-06-23 22:34:38 +02:00 · 2024-06-23 22:34:38 +02:00 · a5f2816278
parent 103cae2591
commit a5f2816278
1 changed files with 12 additions and 0 deletions
--- a/fuzzers/fuzzer_load.c
+++ b/fuzzers/fuzzer_load.c
@ -28,6 +28,18 @@

 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+#ifdef MPV_LOAD_CONFIG_FILE
+    // config file size limit, see m_config_parse_config_file()
+    if (size > 1000000000)
+        return 0;
+#endif
+
+#ifdef MPV_LOAD_INPUT_CONF
+    // input config file size limit, see parse_config_file() in input.c
+    if (size > 1000000)
+        return 0;
+#endif
+
    // fmemopen doesn't have associated file descriptor, so we do copy.
    int fd = memfd_create("fuzz_mpv_load", 0);
    if (fd == -1)