Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Stop fuzzing once output size limit is reached (#6958) 

As with most other compressors, brotli input could be a "bomb".
Limiting output size defuses such inputs (to avoid timeouts).
This commit is contained in:
Eugene Kliuchnikov 2021-12-03 13:32:00 +03:00 committed by GitHub
parent bc4aed352b
commit 5e9a6f2184
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
projects/brotli-java/FuzzDecode.java
View File

@ -22,7 +22,12 @@ import org.brotli.dec.BrotliInputStream;
public class FuzzDecode {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
byte[] buffer = new byte[65536];
ByteArrayInputStream input = new ByteArrayInputStream(data.consumeBytes(65536));
byte[] inputBytes = data.consumeBytes(65536);
// Brotli allows 0-bit prefix codes - thus even small input could produce large output.
long totalOutputCap = Math.min(4096L * inputBytes.length, 3L << 24);
totalOutputCap = Math.max(totalOutputCap, 1L << 20);
long totalOutput = 0;
ByteArrayInputStream input = new ByteArrayInputStream(inputBytes);
try {
BrotliInputStream brotliInput = new BrotliInputStream(input);
while (true) {
@ -30,6 +35,8 @@ public class FuzzDecode {
if (len <= 0) {
break;
}
totalOutput += len;
if (totalOutput >= totalOutputCap) break;
}
} catch (IOException expected) {}
}