RepoMirrors
/
mpv
mirror of https://github.com/mpv-player/mpv
1
0
Fork 0
Code Issues Releases Wiki Activity

fuzzer_load_{config_file,input_conf}: take into account file size limit 

We are strict about load command errors, so we have to clamp the size.
This commit is contained in:
Kacper Michajłow 2024-06-23 22:34:38 +02:00
parent 103cae2591
commit a5f2816278
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fuzzers/fuzzer_load.c
View File

@ -28,6 +28,18 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{ {
#ifdef MPV_LOAD_CONFIG_FILE
// config file size limit, see m_config_parse_config_file()
if (size > 1000000000)
return 0;
#endif
#ifdef MPV_LOAD_INPUT_CONF
// input config file size limit, see parse_config_file() in input.c
if (size > 1000000)
return 0;
#endif
// fmemopen doesn't have associated file descriptor, so we do copy. // fmemopen doesn't have associated file descriptor, so we do copy.
int fd = memfd_create("fuzz_mpv_load", 0); int fd = memfd_create("fuzz_mpv_load", 0);
if (fd == -1) if (fd == -1)