Crudely limit the use of . when fuzzing.

Change-Id: I16f0512280d02742771cf025a78e018b19279372 Reviewed-on: https://code-review.googlesource.com/33190 Reviewed-by: Paul Wankadia <[email protected]>
google · Sep 19, 2018 · bfe2920 · bfe2920
1 parent 4c916c9
commit bfe2920
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/re2/fuzzing/re2_fuzzer.cc b/re2/fuzzing/re2_fuzzer.cc
@@ -59,14 +59,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   if (size == 0 || size > 999)
     return 0;
 
-  // Crudely limit the use of \p and \P.
+  // Crudely limit the use of ., \p and \P.
   // Otherwise, we will waste time on inputs that have long runs of Unicode
   // character classes. The fuzzer has shown itself to be easily capable of
   // generating such patterns that fall within the other limits, but result
   // in timeouts nonetheless. The marginal cost is high - even more so when
   // counted repetition is involved - whereas the marginal benefit is zero.
+  int dot = 0;
   int backslash_p = 0;
   for (size_t i = 0; i < size; i++) {
+    if (data[i] == '.')
+      dot++;
     if (data[i] != '\\')
       continue;
     i++;
@@ -75,6 +78,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     if (data[i] == 'p' || data[i] == 'P')
       backslash_p++;
   }
+  if (dot > 99)
+    return 0;
   if (backslash_p > 1)
     return 0;