[DawnLPM] Fail when reaching ObjectHandle limits

blendin · Dawn LUCI CQ · commit 93a8ee29e831 · 2023-09-25T10:21:36.000Z
This fixes a bug in DawnLPM serialization that causes the fuzzer to continue serializing after creating an invalid ObjectHandle that fils immediately when deserializing. Change-Id: I5c44973bfcb1fa972bbf2120481106171951b6d1 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/152581 Commit-Queue: Brendon Tiszka <tiszka@chromium.org> Kokoro: Kokoro <noreply+kokoro@google.com> Reviewed-by: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Loko Kung <lokokung@google.com>
diff --git a/generator/templates/dawn/fuzzers/lpmfuzz/DawnLPMSerializer.cpp b/generator/templates/dawn/fuzzers/lpmfuzz/DawnLPMSerializer.cpp
@@ -91,7 +91,9 @@ namespace dawn::wire {
     if (objectStores[ObjectType::{{ member.handle_type.name.CamelCase() }}].Size() < DawnLPMFuzzer::k{{ member.handle_type.name.CamelCase() }}Limit) {
         {{ out }} = objectStores[ObjectType::{{ member.handle_type.name.CamelCase() }}].ReserveHandle();
     } else {
-        {{ out }} = {0, 0};
+        // Return failure in this case to guide the fuzzer away from generating too many
+        // objects of this type
+        return WireResult::FatalError;
     }
 {%- endmacro %}
 
