diff options
| author | Alon Zakai <azakai@google.com> | 2023-03-01 14:23:57 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-01 14:23:57 -0800 |
| commit | 50279271a0561614b41e73ed0b463181ce7c4ba2 (patch) | |
| tree | bbd64799cf038eff0e449989ebfd9b88181fc8e0 /src | |
| parent | 4eb39ce8e3702da04a0ebfda7742486f34db5752 (diff) | |
| download | binaryen-50279271a0561614b41e73ed0b463181ce7c4ba2.tar.gz binaryen-50279271a0561614b41e73ed0b463181ce7c4ba2.tar.bz2 binaryen-50279271a0561614b41e73ed0b463181ce7c4ba2.zip | |
Fuzzer: Be careful with ArrayNew sizes (#5537)
Only very rarely ask to create a huge array, as that can easily hit a host
size limit and cause a run to be ignored.
Diffstat (limited to 'src')
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index d3539a51b..1159dcb0c 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -2168,7 +2168,17 @@ Expression* TranslateToFuzzReader::makeConstCompoundRef(Type type) { // TODO: when in a function context, we don't need to be trivial. init = makeTrivial(element.type); } - return builder.makeArrayNew(type.getHeapType(), makeConst(Type::i32), init); + Expression* count; + if (oneIn(100)) { + // With low probability pick a totally random count. This can easily be a + // super-high number that immediately causes a host limit error on running + // out of memory. + count = makeConst(Type::i32); + } else { + // Otherwise, most of the time pick a reasonable/realistic number. + count = builder.makeConst(int32_t(upTo(100))); + } + return builder.makeArrayNew(type.getHeapType(), count, init); } else { WASM_UNREACHABLE("bad user-defined ref type"); } |