mirror of
https://github.com/prometheus/prometheus
synced 2024-12-23 15:04:13 +00:00
Fuzz: limit input size (#7317)
We know that fuzzParseExpr and fuzzParseMetricSelector make use of heavy things like regexes, which take a fairly big amount of memory. OSS-Fuzz does not offer a proper way to increase the memory [1], therefore we limit the input size [2]. [1] https://google.github.io/oss-fuzz/faq/#how-do-you-handle-timeouts-and-ooms [2] https://google.github.io/oss-fuzz/getting-started/new-project-guide/#input-size Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
This commit is contained in:
parent
fdc49fae5b
commit
58c445e6ef
@ -48,6 +48,11 @@ const (
|
||||
fuzzInteresting = 1
|
||||
fuzzMeh = 0
|
||||
fuzzDiscard = -1
|
||||
|
||||
// Input size above which we know that Prometheus would consume too much
|
||||
// memory. The recommended way to deal with it is check input size.
|
||||
// https://google.github.io/oss-fuzz/getting-started/new-project-guide/#input-size
|
||||
maxInputSize = 10240
|
||||
)
|
||||
|
||||
func fuzzParseMetricWithContentType(in []byte, contentType string) int {
|
||||
@ -84,6 +89,9 @@ func FuzzParseOpenMetric(in []byte) int {
|
||||
|
||||
// Fuzz the metric selector parser.
|
||||
func FuzzParseMetricSelector(in []byte) int {
|
||||
if len(in) > maxInputSize {
|
||||
return fuzzMeh
|
||||
}
|
||||
_, err := parser.ParseMetricSelector(string(in))
|
||||
if err == nil {
|
||||
return fuzzInteresting
|
||||
@ -94,6 +102,9 @@ func FuzzParseMetricSelector(in []byte) int {
|
||||
|
||||
// Fuzz the expression parser.
|
||||
func FuzzParseExpr(in []byte) int {
|
||||
if len(in) > maxInputSize {
|
||||
return fuzzMeh
|
||||
}
|
||||
_, err := parser.ParseExpr(string(in))
|
||||
if err == nil {
|
||||
return fuzzInteresting
|
||||
|
Loading…
Reference in New Issue
Block a user