From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 26 Sep 2019 08:45:47 +0000 (+0200)
Subject: Limit max length for parser fuzzer
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7e295da81c83e0e059684567889cf1ff09b3693e;p=php

Limit max length for parser fuzzer

We're getting some very large inputs (~500KB) on OSS-Fuzz, which
slot down performance a lot. Let's try limiting this, starting
with a still fairly large value of 64KB.

Also remove the max_execution_time limit, so that slow test cases
cause a genuine libfuzzer timeout and we may investigate them.
---

diff --git a/sapi/fuzzer/fuzzer-parser.c b/sapi/fuzzer/fuzzer-parser.c
index 70039d5085..155bd991cc 100644
--- a/sapi/fuzzer/fuzzer-parser.c
+++ b/sapi/fuzzer/fuzzer-parser.c
@@ -26,7 +26,14 @@
 #include "fuzzer-sapi.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-	char *s = malloc(Size+1);
+	char *s;
+	if (Size > 64 * 1024) {
+		/* Large inputs have a large impact on fuzzer performance,
+		 * but are unlikely to be necessary to reach new codepaths. */
+		return 0;
+	}
+
+	s = malloc(Size+1);
 	memcpy(s, Data, Size);
 	s[Size] = '\0';
 
diff --git a/sapi/fuzzer/fuzzer-sapi.c b/sapi/fuzzer/fuzzer-sapi.c
index 0889d7b27c..679c16c356 100644
--- a/sapi/fuzzer/fuzzer-sapi.c
+++ b/sapi/fuzzer/fuzzer-sapi.c
@@ -32,7 +32,6 @@
 const char HARDCODED_INI[] =
 	"html_errors=0\n"
 	"implicit_flush=1\n"
-	"max_execution_time=20\n"
 	"output_buffering=0\n"
 	"error_reporting=0";