Limit max length for parser fuzzer

We're getting some very large inputs (~500KB) on OSS-Fuzz, which
slot down performance a lot. Let's try limiting this, starting
with a still fairly large value of 64KB.

Also remove the max_execution_time limit, so that slow test cases
cause a genuine libfuzzer timeout and we may investigate them.

diff --git a/sapi/fuzzer/fuzzer-parser.c b/sapi/fuzzer/fuzzer-parser.c
index 70039d5085cba17846800fb1af11ea38a2e84756..155bd991cc97183a3d7e982afbf629ed32597926 100644 (file)
--- a/sapi/fuzzer/fuzzer-parser.c
+++ b/sapi/fuzzer/fuzzer-parser.c
@@ -26,7 +26,14 @@
 #include "fuzzer-sapi.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-       char *s = malloc(Size+1);
+       char *s;
+       if (Size > 64 * 1024) {
+               /* Large inputs have a large impact on fuzzer performance,
+                * but are unlikely to be necessary to reach new codepaths. */
+               return 0;
+       }
+
+       s = malloc(Size+1);
        memcpy(s, Data, Size);
        s[Size] = '\0';
 

diff --git a/sapi/fuzzer/fuzzer-sapi.c b/sapi/fuzzer/fuzzer-sapi.c
index 0889d7b27c18df48b1cd640e928495ad3110c19d..679c16c356ffc97d42e41de4a48b50eaddd6bb33 100644 (file)
--- a/sapi/fuzzer/fuzzer-sapi.c
+++ b/sapi/fuzzer/fuzzer-sapi.c
@@ -32,7 +32,6 @@
 const char HARDCODED_INI[] =
        "html_errors=0\n"
        "implicit_flush=1\n"
-       "max_execution_time=20\n"
        "output_buffering=0\n"
        "error_reporting=0";