Merge bitcoin/bitcoin#22649: fuzz: Avoid OOM in system fuzz target

fa7718344d fuzz: Avoid OOM in system fuzz target (MarcoFalke) Pull request description: If the inputs size is unlimited, the target may consume unlimited memory, because the argsmanager stores the argument names. Limiting the size should fix this issue. Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36906 ACKs for top commit: practicalswift: cr ACK fa7718344d Tree-SHA512: 6edfcf324ee9d94e511038ee01340f02db50bcb233af3f1a1717c3602164c88528d9d987e971ec32f1a4593b868019bea0102c53c9b02bfefec3dfde959483cf
2025-11-13 07:28:59 +01:00 · 2021-08-16 10:47:55 +02:00
parent 3facf0a8ae fa7718344d
commit 42b00a3758
2 changed files with 5 additions and 1 deletions
--- a/src/test/fuzz/fuzz.h
+++ b/src/test/fuzz/fuzz.h
@@ -11,6 +11,9 @@
 #include <functional>
 #include <string_view>

+#define LIMITED_WHILE(condition, limit) \
+    for (unsigned _count{limit}; (condition) && _count; --_count)
+
 using FuzzBufferType = Span<const uint8_t>;

 using TypeTestOneInput = std::function<void(FuzzBufferType)>;
--- a/src/test/fuzz/system.cpp
+++ b/src/test/fuzz/system.cpp
@@ -31,7 +31,8 @@ FUZZ_TARGET(system)
        SetupHelpOptions(args_manager);
    }

-    while (fuzzed_data_provider.ConsumeBool()) {
+    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 3000)
+    {
        CallOneOf(
            fuzzed_data_provider,
            [&] {