diff options
| author |  Craig Tiller <ctiller@google.com> | 2016-04-15 15:22:09 -0700 |
|---|---|---|
| committer | Craig Tiller <ctiller@google.com> | 2016-04-15 15:22:09 -0700 |
| commit | f582305ebec5af69ca43bef1c69c96c9b508dd3a (patch) | |
| tree | 3a8a864781205658844be292cc92ec884532c2a7 | |
| parent | 79310abb126e5082a4fcc8d70ffc928925761e89 (diff) | |
Limit message length
| -rw-r--r-- | test/core/end2end/fuzzers/api_fuzzer.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/test/core/end2end/fuzzers/api_fuzzer.c b/test/core/end2end/fuzzers/api_fuzzer.c index 557fd5febd..6f9be8ecd6 100644 --- a/test/core/end2end/fuzzers/api_fuzzer.c +++ b/test/core/end2end/fuzzers/api_fuzzer.c @@ -90,6 +90,21 @@ static void read_buffer(input_stream *inp, char **buffer, size_t *length) { } } +static uint32_t read_uint22(input_stream *inp) { + uint8_t b = next_byte(inp); + uint32_t x = b & 0x7f; + if (b & 0x80) { + x <<= 7; + b = next_byte(inp); + x |= b & 0x7f; + if (b & 0x80) { + x <<= 8; + x |= next_byte(inp); + } + } + return x; +} + static uint32_t read_uint32(input_stream *inp) { uint8_t b = next_byte(inp); uint32_t x = b & 0x7f; @@ -115,7 +130,7 @@ static uint32_t read_uint32(input_stream *inp) { } static grpc_byte_buffer *read_message(input_stream *inp) { - gpr_slice slice = gpr_slice_malloc(read_uint32(inp)); + gpr_slice slice = gpr_slice_malloc(read_uint22(inp)); memset(GPR_SLICE_START_PTR(slice), 0, GPR_SLICE_LENGTH(slice)); return grpc_raw_byte_buffer_create(&slice, 1); } |