Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(559)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: gpu/command_buffer/tests/fuzzer_main.cc

Issue 2272903002: gpu_fuzzer: gracefully handle over-the-limit input (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: gpu/command_buffer/tests/fuzzer_main.cc
diff --git a/gpu/command_buffer/tests/fuzzer_main.cc b/gpu/command_buffer/tests/fuzzer_main.cc
index 8e838302f224feff5bcf6cb59b803c813b00a6f6..64ff2eee7f9ccdba26fc335d1f2d23b5310382f7 100644
--- a/gpu/command_buffer/tests/fuzzer_main.cc
+++ b/gpu/command_buffer/tests/fuzzer_main.cc
@@ -138,10 +138,15 @@ class CommandBufferSetup {
}
void RunCommandBuffer(const uint8_t* data, size_t size) {
- InitDecoder();
// The commands are flushed at a uint32_t granularity. If the data is not
// a full command, we zero-pad it.
size_t padded_size = (size + 3) & ~3;
+ // crbug.com/638836 The -max_len argument is sometimes not respected, so the
+ // fuzzer may give us too much data. Bail ASAP in that case.
+ if (padded_size > kCommandBufferSize)
+ return;
+
+ InitDecoder();
size_t buffer_size = buffer_->size();
CHECK_LE(padded_size, buffer_size);
command_buffer_->SetGetBuffer(buffer_id_);
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698