From 8fabab15097a2e4b913e05a3b04722b457896fa1 Mon Sep 17 00:00:00 2001
From: Henrik Lundin <henrik.lundin@webrtc.org>
Date: Fri, 9 Mar 2018 10:25:39 +0100
Subject: [PATCH] CNG fuzzer: avoid long fuzzer runs by limiting generator
 calls

The number of calls to ComfortNoiseDecoder::Generate() was determined
by the fuzzer input, and was chosen between 0 and 255. This would
sometimes lead to very long runs, with questionable merit. With this
change, the number of call to Generate() is limited to 17 (an
arbitrary small integer).

Bug: chromium:820078
Change-Id: I27b5c7f0b72d53370d002a6b157d4451079a0ba9
Reviewed-on: https://webrtc-review.googlesource.com/60941
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Commit-Queue: Henrik Lundin <henrik.lundin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22360}
---
 test/fuzzers/comfort_noise_decoder_fuzzer.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/test/fuzzers/comfort_noise_decoder_fuzzer.cc b/test/fuzzers/comfort_noise_decoder_fuzzer.cc
index 217f5b16c0..a7eeb71889 100644
--- a/test/fuzzers/comfort_noise_decoder_fuzzer.cc
+++ b/test/fuzzers/comfort_noise_decoder_fuzzer.cc
@@ -8,6 +8,8 @@
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
+#include <algorithm>
+
 #include "api/array_view.h"
 #include "modules/audio_coding/codecs/cng/webrtc_cng.h"
 #include "rtc_base/buffer.h"
@@ -35,7 +37,8 @@ void FuzzOneInputTest(rtc::ArrayView<const uint8_t> data) {
     const bool new_period = fuzz_data.SelectOneOf(kTrueOrFalse);
     constexpr size_t kOutputSizes[] = {80, 160, 320, 480};
     const size_t output_size = fuzz_data.SelectOneOf(kOutputSizes);
-    const size_t num_generate_calls = fuzz_data.Read<uint8_t>();
+    const size_t num_generate_calls =
+        std::min(fuzz_data.Read<uint8_t>(), static_cast<uint8_t>(17));
     rtc::BufferT<int16_t> output(output_size);
     for (size_t i = 0; i < num_generate_calls; ++i) {
       cng_decoder.Generate(output, new_period);