Merge bitcoin/bitcoin#21909: fuzz: Limit max insertions in timedata f…

…uzz test fa95555 fuzz: Limit max insertions in timedata fuzz test (MarcoFalke) Pull request description: It is debatable whether a size of the median filter other than `200` (the only size used in production) should be fuzzed. For now add a minimal patch to cap the max insertions. Otherwise the complexity is N^2 log(N), where N is the size of the fuzz input. Hopefully fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34167 ACKs for top commit: practicalswift: cr ACK fa95555: patch looks correct Tree-SHA512: be7737e9f4c906053e355641de84dde31fed37ed6be4c5e92e602ca7675dffdaf06b7063b9235ef541b05d3d5fd689c99479317473bb15cb5271b8baabffd0f2
ElementsProject · May 11, 2021 · 88dc09d · 88dc09d
2 parents e175a20 + fa95555
commit 88dc09d
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/test/fuzz/timedata.cpp b/src/test/fuzz/timedata.cpp
@@ -15,10 +15,12 @@ FUZZ_TARGET(timedata)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     const unsigned int max_size = fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(0, 1000);
+    // A max_size of 0 implies no limit, so cap the max number of insertions to avoid timeouts
+    auto max_to_insert = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 4000);
     // Divide by 2 to avoid signed integer overflow in .median()
     const int64_t initial_value = fuzzed_data_provider.ConsumeIntegral<int64_t>() / 2;
     CMedianFilter<int64_t> median_filter{max_size, initial_value};
-    while (fuzzed_data_provider.remaining_bytes() > 0) {
+    while (fuzzed_data_provider.remaining_bytes() > 0 && --max_to_insert >= 0) {
         (void)median_filter.median();
         assert(median_filter.size() > 0);
         assert(static_cast<size_t>(median_filter.size()) == median_filter.sorted().size());