diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2020-01-30 08:53:10 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2020-02-27 01:02:32 +0000 |
| commit | 2ba2ce40f9cf00e3fd898c6dddf84d571028a00f (patch) | |
| tree | 9adf1b5fd102a1dccd5d16e6f5dfdf227cb75b74 /lib/fuzzing | |
| parent | 2f8c3b62266b729b47d5ba25f1966786c1af0e5f (diff) | |
| download | samba-2ba2ce40f9cf00e3fd898c6dddf84d571028a00f.tar.gz | |
fuzzing: ndr set global_max_recursion.
Set global_max_recursion to 128, to ensure the fuzzer does not trip the
ASAN maximum stack depth which seems to be about 256?
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/fuzzing')
| -rw-r--r-- | lib/fuzzing/fuzz_ndr_X.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/fuzzing/fuzz_ndr_X.c b/lib/fuzzing/fuzz_ndr_X.c index e8c3bb4cf76..fc940f3011b 100644 --- a/lib/fuzzing/fuzz_ndr_X.c +++ b/lib/fuzzing/fuzz_ndr_X.c @@ -262,6 +262,7 @@ int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { memset(st, '\0', sizeof(st)); ndr_pull->flags |= LIBNDR_FLAG_REF_ALLOC; + ndr_pull->global_max_recursion = 128; if (type == TYPE_OUT) { status = pull_chunks(ndr_pull, |