From b280366c6e4f81d9483aed7c38c957257ac3396b Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Mon, 13 Mar 2023 10:37:54 -0700 Subject: Fuzzer: Limit array sizes (#5569) Even with a 1% chance of a huge array, there is a second problem aside from hitting an allocation failure, which is DoS - building such a huge array of Literals takes noticeable time in the fuzzer. Instead, just limit array max sizes, which is consistent with what we do for struct sizes etc. --- src/tools/fuzzing/fuzzing.cpp | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'src/tools/fuzzing/fuzzing.cpp') diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 37f596b54..acc760f6b 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -2213,16 +2213,7 @@ Expression* TranslateToFuzzReader::makeConstCompoundRef(Type type) { // TODO: when in a function context, we don't need to be trivial. init = makeTrivial(element.type); } - Expression* count; - if (oneIn(100)) { - // With low probability pick a totally random count. This can easily be a - // super-high number that immediately causes a host limit error on running - // out of memory. - count = makeConst(Type::i32); - } else { - // Otherwise, most of the time pick a reasonable/realistic number. - count = builder.makeConst(int32_t(upTo(100))); - } + auto* count = builder.makeConst(int32_t(upTo(MAX_ARRAY_SIZE))); return builder.makeArrayNew(type.getHeapType(), count, init); } else { WASM_UNREACHABLE("bad user-defined ref type"); -- cgit v1.2.3