Merge bitcoin/bitcoin#22649: fuzz: Avoid OOM in system fuzz target

MarcoFalke · MarcoFalke · commit 42b00a37580a · 2021-08-16T10:47:58.000+02:00
fa77183 fuzz: Avoid OOM in system fuzz target (MarcoFalke) Pull request description: If the inputs size is unlimited, the target may consume unlimited memory, because the argsmanager stores the argument names. Limiting the size should fix this issue. Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36906 ACKs for top commit: practicalswift: cr ACK fa77183 Tree-SHA512: 6edfcf324ee9d94e511038ee01340f02db50bcb233af3f1a1717c3602164c88528d9d987e971ec32f1a4593b868019bea0102c53c9b02bfefec3dfde959483cf
diff --git a/src/test/fuzz/fuzz.h b/src/test/fuzz/fuzz.h
@@ -11,6 +11,9 @@
 #include <functional>
 #include <string_view>
 
+#define LIMITED_WHILE(condition, limit) \
+    for (unsigned _count{limit}; (condition) && _count; --_count)
+
 using FuzzBufferType = Span<const uint8_t>;
 
 using TypeTestOneInput = std::function<void(FuzzBufferType)>;
diff --git a/src/test/fuzz/system.cpp b/src/test/fuzz/system.cpp
@@ -31,7 +31,8 @@ FUZZ_TARGET(system)
         SetupHelpOptions(args_manager);
     }
 
-    while (fuzzed_data_provider.ConsumeBool()) {
+    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 3000)
+    {
         CallOneOf(
             fuzzed_data_provider,
             [&] {

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,8 @@ FUZZ_TARGET(system)`
`31`	`31`	`SetupHelpOptions(args_manager);`
`32`	`32`	`}`
`33`	`33`
`34`		`- while (fuzzed_data_provider.ConsumeBool()) {`
	`34`	`+ LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 3000)`
	`35`	`+ {`
`35`	`36`	`CallOneOf(`
`36`	`37`	`fuzzed_data_provider,`
`37`	`38`	`[&] {`