fuzz-systemctl-parse-argv: refuse commandlines above 1k entries

oss-fuzz reports timeouts which are created by appending to a very long strv.
The code is indeed not very efficient, but it's designed for normal
command-line use, where we don't expect more than a dozen of entries. The fact
that it is slow with ~100k entries is not particularly interesting.

In the future we could rework the code to have better algorithmic complexity.
But let's at least stop oss-fuzz from wasting more time on such examples.

(My first approach was to set max_len in .options, but apparently this doesn't
work for hongfuzz and and AFL.)

oss-fuzz-34527: https://oss-fuzz.com/issue/5722283944574976

diff --git a/src/systemctl/fuzz-systemctl-parse-argv.c b/src/systemctl/fuzz-systemctl-parse-argv.c
index eed8c6714484b08473856853fcb52fab7e1f9f5e..588c8b56c5cebc518e0e45a229e94452d92a694d 100644 (file)
--- a/src/systemctl/fuzz-systemctl-parse-argv.c
+++ b/src/systemctl/fuzz-systemctl-parse-argv.c
@@ -31,6 +31,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
         if (!argv[0])
                 return 0; /* argv[0] should always be present, but may be zero-length. */
+        if (strv_length(argv) > 1024)
+                return 0; /* oss-fuzz reports timeouts which are caused by appending to a very long strv.
+                           * The code is indeed not very efficient, but it's designed for normal command-line
+                           * use, where we don't expect more than a dozen of entries. The fact that it is
+                           * slow with ~100k entries is not particularly interesting. Let's just refuse such
+                           * long command lines. */
 
         if (getenv_bool("SYSTEMD_FUZZ_OUTPUT") <= 0) {
                 orig_stdout_fd = fcntl(fileno(stdout), F_DUPFD_CLOEXEC, 3);