Commit 7a71abf6 authored by Sebastian Brzezinka's avatar Sebastian Brzezinka Committed by Tomasz Zawadzki
Browse files

fuzz/llvm_vfio_fuzz: limit length of generated data to `bytes_per_cmd` 



Change-Id: I716de9e11ccb417ab493880c5a75467373117ad7
Signed-off-by: default avatarSebastian Brzezinka <sebastian.brzezinka@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/22715


Reviewed-by: default avatarTomasz Zawadzki <tomasz.zawadzki@intel.com>
Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
parent fe11fef3

test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c

+2 −3
Original line number Diff line number Diff line
@@ -222,6 +222,7 @@ TestOneInput(const uint8_t *data, size_t size) 
	char ctrlr_path[PATH_MAX];

	int ret = 0;



	/* Reject any input of insufficient length */

	if (size < g_fuzzer->bytes_per_cmd) {

		return -1;

	}
@@ -289,13 +290,11 @@ start_fuzzer(void *ctx) 
	char len_str[128];

	char **argv = _argv;

	int argc = SPDK_COUNTOF(_argv);

	uint32_t len = 0;



	spdk_unaffinitize_thread();

	snprintf(prefix, sizeof(prefix), "-artifact_prefix=%s", g_artifact_prefix);

	argv[argc - 4] = prefix;

	len = 10 * g_fuzzer->bytes_per_cmd;

	snprintf(len_str, sizeof(len_str), "-max_len=%d", len);

	snprintf(len_str, sizeof(len_str), "-max_len=%d", g_fuzzer->bytes_per_cmd);

	argv[argc - 3] = len_str;

	snprintf(time_str, sizeof(time_str), "-max_total_time=%d", g_time_in_sec);

	argv[argc - 2] = time_str;