Limit binutils fuzzing input size

amodra · amodra · commit de0fc02fc659 · 2026-02-18T09:50:50.000+10:30
Limit all the binutils fuzzing inputs to 16384 bytes, and fuzz_as
to 1024 which is plenty large enough to wreak havok.  This will fix at
least some of the timeouts due to producing large amounts of output
from large files.
diff --git a/projects/binutils/fuzz_addr2line.c b/projects/binutils/fuzz_addr2line.c
@@ -21,6 +21,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_as.c b/projects/binutils/fuzz_as.c
@@ -32,6 +32,8 @@ xatexit (void (*fn) (void) ATTRIBUTE_UNUSED)
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  if (size > 1024)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer-%d.s", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_bfd.c b/projects/binutils/fuzz_bfd.c
@@ -39,6 +39,8 @@ static int bufferToFile(char * name, const uint8_t *Data, size_t Size) {
 char *target = NULL;
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 16384)
+    return 0;
     char tmpfilename[32];
 
     if (bfd_init() != BFD_INIT_MAGIC)
diff --git a/projects/binutils/fuzz_bfd_ext.c b/projects/binutils/fuzz_bfd_ext.c
@@ -42,6 +42,8 @@ static int bufferToFile(char *name, const uint8_t *Data, size_t Size) {
 }
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size > 16384)
+    return 0;
   char tmpfilename[32];
 
   if (bfd_init() != BFD_INIT_MAGIC)
diff --git a/projects/binutils/fuzz_dlltool.c b/projects/binutils/fuzz_dlltool.c
@@ -60,9 +60,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-  if (size < 512) {
+  if (size < 512 || size > 16384)
     return 0;
-  }
 
   /* def file */
   char filename[256];
diff --git a/projects/binutils/fuzz_dwarf.c b/projects/binutils/fuzz_dwarf.c
@@ -20,6 +20,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_nm.c b/projects/binutils/fuzz_nm.c
@@ -21,6 +21,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_objcopy.c b/projects/binutils/fuzz_objcopy.c
@@ -94,6 +94,8 @@ init_objcopy_global_state() {
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_objdump.c b/projects/binutils/fuzz_objdump.c
@@ -39,6 +39,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_ranlib_simulation.c b/projects/binutils/fuzz_ranlib_simulation.c
@@ -31,6 +31,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_readelf.c b/projects/binutils/fuzz_readelf.c
@@ -63,6 +63,8 @@ int check_architecture(char *tmpfilename, char *arch_string) {
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
 
diff --git a/projects/binutils/fuzz_strings.c b/projects/binutils/fuzz_strings.c
@@ -21,6 +21,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   char filename[256];
   sprintf(filename, "/tmp/libfuzzer.%d", getpid());
   FILE *fp = fopen(filename, "wb");
diff --git a/projects/binutils/fuzz_windres.c b/projects/binutils/fuzz_windres.c
@@ -88,6 +88,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+  if (size > 16384)
+    return 0;
   enum res_format input_format;
    input_format = fuzz_format_check_from_mem(data, size);;
 	if (input_format != RES_FORMAT_COFF) {

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);`
`21`	`21`	`int`
`22`	`22`	`LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)`
`23`	`23`	`{`
	`24`	`+ if (size > 16384)`
	`25`	`+ return 0;`
`24`	`26`	`char filename[256];`
`25`	`27`	`sprintf(filename, "/tmp/libfuzzer.%d", getpid());`
`26`	`28`	`FILE *fp = fopen(filename, "wb");`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,8 @@ static int bufferToFile(char name, const uint8_t Data, size_t Size) {`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {`
	`45`	`+ if (Size > 16384)`
	`46`	`+ return 0;`
`45`	`47`	`char tmpfilename[32];`
`46`	`48`
`47`	`49`	`if (bfd_init() != BFD_INIT_MAGIC)`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);`
`20`	`20`	`int`
`21`	`21`	`LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)`
`22`	`22`	`{`
	`23`	`+ if (size > 16384)`
	`24`	`+ return 0;`
`23`	`25`	`char filename[256];`
`24`	`26`	`sprintf(filename, "/tmp/libfuzzer.%d", getpid());`
`25`	`27`	`FILE *fp = fopen(filename, "wb");`
Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,8 @@ init_objcopy_global_state() {`
`94`	`94`	`int`
`95`	`95`	`LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)`
`96`	`96`	`{`
	`97`	`+ if (size > 16384)`
	`98`	`+ return 0;`
`97`	`99`	`char filename[256];`
`98`	`100`	`sprintf(filename, "/tmp/libfuzzer.%d", getpid());`
`99`	`101`	`FILE *fp = fopen(filename, "wb");`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);`
`39`	`39`	`int`
`40`	`40`	`LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)`
`41`	`41`	`{`
	`42`	`+ if (size > 16384)`
	`43`	`+ return 0;`
`42`	`44`	`char filename[256];`
`43`	`45`	`sprintf(filename, "/tmp/libfuzzer.%d", getpid());`
`44`	`46`	`FILE *fp = fopen(filename, "wb");`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);`
`31`	`31`	`int`
`32`	`32`	`LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)`
`33`	`33`	`{`
	`34`	`+ if (size > 16384)`
	`35`	`+ return 0;`
`34`	`36`	`char filename[256];`
`35`	`37`	`sprintf(filename, "/tmp/libfuzzer.%d", getpid());`
`36`	`38`	`FILE *fp = fopen(filename, "wb");`