[Python-checkins] gh-73691: Increase size limits in _xxtestfuzz (#99070)

gpshead webhook-mailer at python.org
Thu Nov 3 17:41:25 EDT 2022 

https://github.com/python/cpython/commit/bee107028922adc55421611b4bf7da14b8a64010
commit: bee107028922adc55421611b4bf7da14b8a64010
branch: main
author: Gregory P. Smith <greg at krypto.org>
committer: gpshead <greg at krypto.org>
date: 2022-11-03T14:41:20-07:00
summary:

gh-73691:  Increase size limits in _xxtestfuzz (#99070)

Now that our int<->str conversions are size limited and we have the
_pylong module handling larger integers, we don't need to limit
everything just to avoid wasting time in the quadratic time DoS-like
case while fuzzing.

We can tweak these further after seeing how this goes.

files:
M Modules/_xxtestfuzz/fuzzer.c

diff --git a/Modules/_xxtestfuzz/fuzzer.c b/Modules/_xxtestfuzz/fuzzer.c
index 366e81a54519..fb0c191d2c49 100644
--- a/Modules/_xxtestfuzz/fuzzer.c
+++ b/Modules/_xxtestfuzz/fuzzer.c
@@ -142,7 +142,7 @@ static int fuzz_struct_unpack(const char* data, size_t size) {
 }
 
 
-#define MAX_JSON_TEST_SIZE 0x10000
+#define MAX_JSON_TEST_SIZE 0x100000
 
 PyObject* json_loads_method = NULL;
 /* Called by LLVMFuzzerTestOneInput for initialization */
@@ -335,7 +335,7 @@ static int fuzz_sre_match(const char* data, size_t size) {
     return 0;
 }
 
-#define MAX_CSV_TEST_SIZE 0x10000
+#define MAX_CSV_TEST_SIZE 0x100000
 PyObject* csv_module = NULL;
 PyObject* csv_error = NULL;
 /* Called by LLVMFuzzerTestOneInput for initialization */
@@ -393,7 +393,7 @@ static int fuzz_csv_reader(const char* data, size_t size) {
     return 0;
 }
 
-#define MAX_AST_LITERAL_EVAL_TEST_SIZE 0x10000
+#define MAX_AST_LITERAL_EVAL_TEST_SIZE 0x100000
 PyObject* ast_literal_eval_method = NULL;
 /* Called by LLVMFuzzerTestOneInput for initialization */
 static int init_ast_literal_eval(void) {
@@ -459,6 +459,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) {
     PyConfig config;
     PyConfig_InitPythonConfig(&config);
     config.install_signal_handlers = 0;
+    /* Raise the limit above the default allows exercising larger things
+     * now that we fall back to the _pylong module for large values. */
+    config.int_max_str_digits = 8086;
     PyStatus status;
     status = PyConfig_SetBytesString(&config, &config.program_name, *argv[0]);
     if (PyStatus_Exception(status)) {

More information about the Python-checkins mailing list