From 92bd9020afa45194f6d02dd9deba527a08cef21e Mon Sep 17 00:00:00 2001
From: Victor Boivie <boivie@webrtc.org>
Date: Mon, 17 May 2021 19:22:25 +0200
Subject: [PATCH] dcsctp: Restrict fuzzing input length

Restricting the fizzing input length according to the instructions at
https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/getting_started.md#common-tricks

Without this limit, it finds inputs that are unreasonably large (160kB+)
that just make the ASAN built fuzzer hit the default timeout of 60s.

Bug: webrtc:12614
Change-Id: I1417f22698fba8d9bd2c56f8c3d51850b8f00f54
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/219161
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Commit-Queue: Victor Boivie <boivie@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#34034}
---
 net/dcsctp/fuzzers/dcsctp_fuzzers.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/dcsctp/fuzzers/dcsctp_fuzzers.cc b/net/dcsctp/fuzzers/dcsctp_fuzzers.cc
index 940f990ae7..b4b6224ec4 100644
--- a/net/dcsctp/fuzzers/dcsctp_fuzzers.cc
+++ b/net/dcsctp/fuzzers/dcsctp_fuzzers.cc
@@ -35,6 +35,8 @@ namespace dcsctp {
 namespace dcsctp_fuzzers {
 namespace {
 static constexpr int kRandomValue = FuzzerCallbacks::kRandomValue;
+static constexpr size_t kMinInputLength = 5;
+static constexpr size_t kMaxInputLength = 1024;
 
 // A starting state for the socket, when fuzzing.
 enum class StartingState : int {
@@ -396,7 +398,7 @@ std::vector<uint8_t> GeneratePacket(FuzzState& state) {
 void FuzzSocket(DcSctpSocketInterface& socket,
                 FuzzerCallbacks& cb,
                 rtc::ArrayView<const uint8_t> data) {
-  if (data.size() < 5) {
+  if (data.size() < kMinInputLength || data.size() > kMaxInputLength) {
     return;
   }
   if (data[0] >= static_cast<int>(StartingState::kNumberOfStates)) {