From 6b38c6d8006476e956b01047d1010ca8e21f7d02 Mon Sep 17 00:00:00 2001 From: Antonio Sartori Date: Fri, 30 Apr 2021 15:46:59 +0000 Subject: [PATCH] CSP: Limit origin length in fuzzer This limits the length of the url used as input for the origin in the content security policy conversion_util_fuzzer.cc. An domain name is limited to 253 characters anyway. Cf. also https://crrev.com/c/2659117 Note: this is a fix for a previously committed CL https://crrev.com/c/2854743, where by mistake I ended up deleting a line. Bug: 1203443 Change-Id: I1e349e3ee597c779db80fba4eae7cb0a96c7a1b2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2859859 Commit-Queue: Arthur Sonzogni Reviewed-by: Arthur Sonzogni Cr-Commit-Position: refs/heads/master@{#877939} NOKEYCHECK=True GitOrigin-RevId: 5dcb9c70a8a27dd8e97521b01d3957c9a7dd0b7b --- blink/renderer/core/frame/csp/conversion_util_fuzzer.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/blink/renderer/core/frame/csp/conversion_util_fuzzer.cc b/blink/renderer/core/frame/csp/conversion_util_fuzzer.cc index eba92aee7069..596997b645ea 100644 --- a/blink/renderer/core/frame/csp/conversion_util_fuzzer.cc +++ b/blink/renderer/core/frame/csp/conversion_util_fuzzer.cc @@ -33,6 +33,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Due to this quadratic behavior, we must limit the size of the origin to // prevent the fuzzer from triggering OOM crash. Note that real domain names // are limited to 253 characters. + return EXIT_SUCCESS; } String url = String(data, it - 1 - data);