Limit script length in fuzzing.

rhaiscript · Nov 29, 2023 · 4b345d3 · 4b345d3
1 parent a03a539
commit 4b345d3
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 14 deletions.
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -10,10 +10,7 @@ cargo-fuzz = true
 [dependencies]
 arbitrary = { version = "1.3.2", features = ["derive"] }
 libfuzzer-sys = "0.4"
-
-[dependencies.rhai]
-path = ".."
-features = ["arbitrary"]
+rhai = { path = "..", features = ["arbitrary"] }
 
 # Prevent this from interfering with workspaces
 [workspace]

diff --git a/fuzz/fuzz_targets/scripting.rs b/fuzz/fuzz_targets/scripting.rs
@@ -3,7 +3,7 @@ use rhai::{Dynamic, Engine, OptimizationLevel};
 
 use arbitrary::Arbitrary;
 use libfuzzer_sys::fuzz_target;
-use std::time::{Duration, Instant};
+use std::time::Instant;
 
 #[derive(Debug, Clone, Arbitrary)]
 struct Ctx<'a> {
@@ -13,6 +13,7 @@ struct Ctx<'a> {
 
 fuzz_target!(|ctx: Ctx| {
     let mut engine = Engine::new();
+
     engine.set_max_string_size(1000);
     engine.set_max_array_size(500);
     engine.set_max_map_size(500);
@@ -21,16 +22,15 @@ fuzz_target!(|ctx: Ctx| {
     engine.set_max_call_levels(10);
     engine.set_max_expr_depths(50, 5);
     engine.set_optimization_level(ctx.optimization_level);
+
+    // Limit the length of scripts.
+    let script = &ctx.script[..(ctx.script.len().min(32 * 1020))];
+
+    // We need fuzzing to be fast, so we'll stop executing after 1s.
     let start = Instant::now();
-    engine.on_progress(move |_| {
-        // We need fuzzing to be fast, so we'll stop executing after 1s.
-        if start.elapsed() > Duration::from_secs(1) {
-            Some(Dynamic::UNIT)
-        } else {
-            None
-        }
-    });
+    engine.on_progress(move |_| (start.elapsed().as_millis() > 1000).then_some(Dynamic::UNIT));
+
     let engine = engine;
 
-    _ = engine.run(ctx.script);
+    _ = engine.run(script);
 });