From 34d35ae7c0a8e42f94fd02b4b1aa64aec3621a05 Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Mon, 12 Feb 2024 13:09:31 -0800 Subject: Fuzzer: Do not emit huge and possibly non-validating tables (#6288) --- src/tools/fuzzing/fuzzing.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'src/tools/fuzzing/fuzzing.cpp') diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 07464af9d..2b776144d 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -513,6 +513,23 @@ void TranslateToFuzzReader::finalizeTable() { } table->initial = std::max(table->initial, maxOffset); }); + + // The code above raises table->initial to a size large enough to accomodate + // all of its segments, with the intention of avoiding a trap during + // startup. However a single segment of (say) size 4GB would have a table of + // that size, which will use a lot of memory and execute very slowly, so we + // prefer in the fuzzer to trap on such a thing. To achieve that, set a + // reasonable limit for the maximum table size. + // + // This also avoids an issue that arises from table->initial being an + // Address (64 bits) but Table::kMaxSize being an Index (32 bits), as a + // result of which we need to clamp to Table::kMaxSize as well in order for + // the module to validate (but since we are clamping to a smaller value, + // there is no need). + const Address ReasonableMaxTableSize = 10000; + table->initial = std::min(table->initial, ReasonableMaxTableSize); + assert(ReasonableMaxTableSize <= Table::kMaxSize); + table->max = oneIn(2) ? Address(Table::kUnlimitedSize) : table->initial; // Avoid an imported table (which the fuzz harness would need to handle). table->module = table->base = Name(); -- cgit v1.2.3