Prevent fuzzer timeouts on compression-bomb samples (#522)

* Prevent fuzzer timeouts on compression-bomb samples.

* Fix fuzzer lanucher

2 files changed, 10 insertions, 2 deletions

diff --git a/fuzz/decode_fuzzer.cc b/fuzz/decode_fuzzer.cc
index 36ae937..60c6f8e 100644
--- a/fuzz/decode_fuzzer.cc
+++ b/fuzz/decode_fuzzer.cc
@@ -16,6 +16,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   const int kBufferSize = 1024;
   uint8_t* buffer = new uint8_t[kBufferSize];
+  /* The biggest "magic number" in brotli is 16MiB - 16, so no need to check
+     the cases with much longer output. */
+  const size_t total_out_limit = (addend == 0) ? (1 << 26) : (1 << 24);
+  size_t total_out = 0;
+
   BrotliDecoderState* state = BrotliDecoderCreateInstance(0, 0, 0);
 
   if (addend == 0)
@@ -31,10 +36,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     while (result == BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT) {
       size_t avail_out = kBufferSize;
       uint8_t* next_out = buffer;
-      size_t total_out;
       result = BrotliDecoderDecompressStream(
           state, &avail_in, &next_in, &avail_out, &next_out, &total_out);
+      if (total_out > total_out_limit)
+        break;
     }
+    if (total_out > total_out_limit)
+      break;
     if (result != BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT)
       break;
   }
diff --git a/fuzz/test_fuzzer.sh b/fuzz/test_fuzzer.sh
index 393482b..8266fde 100755
--- a/fuzz/test_fuzzer.sh
+++ b/fuzz/test_fuzzer.sh
@@ -17,7 +17,7 @@ ar rvs decode_fuzzer.a decode_fuzzer.o
 c++ ../fuzz/run_decode_fuzzer.cc -o run_decode_fuzzer -lasan decode_fuzzer.a ./libbrotlidec.a ./libbrotlicommon.a
 
 mkdir decode_corpora
-unzip ../java/integration/fuzz_data.zip -d decode_corpora
+unzip ../java/org/brotli/integration/fuzz_data.zip -d decode_corpora
 
 for f in `ls decode_corpora`
 do