[inspector_protocol] Limit the size of fuzzy inputs in the correct way.

Bug: None TBR: alph Change-Id: I01d1abdc44cde63278512651372a05a6c2778749 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1611726 Commit-Queue: Chris Palmer <palmer@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#660038}

[inspector_protocol] Limit the size of fuzzy inputs in the correct way.
Bug: None TBR: alph Change-Id: I01d1abdc44cde63278512651372a05a6c2778749 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1611726 Commit-Queue: Chris Palmer <palmer@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#660038}
5f8825b1 · Chris Palmer · Commit Bot · 5428bd4c · 5f8825b1 · 5f8825b1
Commit 5f8825b1 authored May 15, 2019 by Chris Palmer Committed by Commit Bot May 15, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

content/browser/devtools/inspector_fuzzer.cc content/browser/devtools/inspector_fuzzer.cc +4 -0

content/test/fuzzer/BUILD.gn content/test/fuzzer/BUILD.gn +0 -1

No files found.
--- a/content/browser/devtools/inspector_fuzzer.cc
+++ b/content/browser/devtools/inspector_fuzzer.cc
@@ -14,6 +14,10 @@
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  using namespace inspector_protocol_encoding;

+  if (size > 64 * 1024) {
+    return 0;
+  }
+
  span<uint8_t> fuzz{data, size};

  // We need to handle whatever the parser parses. So, we handle the parsed

--- a/content/test/fuzzer/BUILD.gn
+++ b/content/test/fuzzer/BUILD.gn
@@ -147,7 +147,6 @@ fuzzer_test("inspector_fuzzer") {
    "//third_party/inspector_protocol:encoding",
  ]
  seed_corpus = "//components/cbor/reader_fuzzer_corpus/"
-  libfuzzer_options = [ "max_len=65535" ]
 }

 fuzzer_test("http_structured_header_fuzzer") {