From c466f080dd195e2361f1f6c493c2db552d6855aa Mon Sep 17 00:00:00 2001
From: Kuang-che Wu <kcwu@google.com>
Date: Thu, 10 Oct 2019 20:25:10 +0800
Subject: [PATCH] Cap vp9 fuzzer frame size to prevent OOM

Bug: chromium:1009073
Change-Id: I3583e6751249e42decb1f5d48afe10f0d8bd0a1a
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/156360
Reviewed-by: Ilya Nikolaevskiy <ilnik@webrtc.org>
Commit-Queue: Kuang-che Wu <kcwu@google.com>
Cr-Commit-Position: refs/heads/master@{#29433}
---
 modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc b/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc
index fe9a974925..372a813760 100644
--- a/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc
+++ b/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc
@@ -108,6 +108,14 @@ int32_t Vp9FrameBufferPool::VpxGetFrameBuffer(void* user_priv,
                                               vpx_codec_frame_buffer* fb) {
   RTC_DCHECK(user_priv);
   RTC_DCHECK(fb);
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+  // Limit size of 8k YUV highdef frame
+  size_t size_limit = 7680 * 4320 * 3 / 2 * 2;
+  if (min_size > size_limit)
+    return -1;
+#endif
+
   Vp9FrameBufferPool* pool = static_cast<Vp9FrameBufferPool*>(user_priv);
 
   rtc::scoped_refptr<Vp9FrameBuffer> buffer = pool->GetFrameBuffer(min_size);