From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 2 Oct 2023 01:42:58 +0000 (+0900)
Subject: fuzz: limit size for fuzz-manager-serialize
X-Git-Tag: v255-rc1~365
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7233c679d49371443a339d7c13d9175ab235e41a;p=thirdparty%2Fsystemd.git

fuzz: limit size for fuzz-manager-serialize

Fixes #29357 and oss-fuzz#62756
(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62756).
---

diff --git a/src/core/fuzz-manager-serialize.c b/src/core/fuzz-manager-serialize.c
index 2f0c0c30298..cbc89f57373 100644
--- a/src/core/fuzz-manager-serialize.c
+++ b/src/core/fuzz-manager-serialize.c
@@ -14,6 +14,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_fclose_ FILE *f = NULL, *null = NULL;
         _cleanup_fdset_free_ FDSet *fdset = NULL;
 
+        if (outside_size_range(size, 0, 65536))
+                return 0;
+
         /* We don't want to fill the logs with messages about parse errors.
          * Disable most logging if not running standalone. */
         if (!getenv("SYSTEMD_LOG_LEVEL")) {
diff --git a/src/core/fuzz-manager-serialize.options b/src/core/fuzz-manager-serialize.options
new file mode 100644
index 00000000000..678d526b1ea
--- /dev/null
+++ b/src/core/fuzz-manager-serialize.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65536