prog: detect copyout overflow

Detect the case when a program requires more copyout than executor can handle. Curretnly these result in: "SYZFAIL: command refers to bad result" failures. Now syz-fuzzer should ignore them.
author: Dmitry Vyukov <dvyukov@google.com> 2021-03-04 16:03:50 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2021-03-04 19:44:53 +0100
commit: b2bebe1217cea83046897e28cf1366b72c3ff329 (patch)
tree: c38c78e25e5eb162c0900a075e3ed42d8ac54069 /prog/encodingexec.go
parent: c28569d10158d746caf5eb46e6000cc686af96c7 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/prog/encodingexec.go b/prog/encodingexec.go
index c15eb25bc..e0c7ec59d 100644
--- a/prog/encodingexec.go
+++ b/prog/encodingexec.go
@@ -52,6 +52,8 @@ const (
 const (
 	ExecBufferSize = 4 << 20 // keep in sync with kMaxInput in executor.cc
 	ExecNoCopyout  = ^uint64(0)
+
+	execMaxCommands = 1000 // executor knows about this constant (kMaxCommands)
 )
 
 var ErrExecBufferTooSmall = errors.New("encodingexec: provided buffer is too small")
@@ -72,7 +74,7 @@ func (p *Prog) SerializeForExec(buffer []byte) (int, error) {
 		w.serializeCall(c)
 	}
 	w.write(execInstrEOF)
-	if w.eof {
+	if w.eof || w.copyoutSeq > execMaxCommands {
 		return 0, ErrExecBufferTooSmall
 	}
 	return len(buffer) - len(w.buf), nil
author	Dmitry Vyukov <dvyukov@google.com>	2021-03-04 16:03:50 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2021-03-04 19:44:53 +0100
commit	b2bebe1217cea83046897e28cf1366b72c3ff329 (patch)
tree	c38c78e25e5eb162c0900a075e3ed42d8ac54069 /prog/encodingexec.go
parent	c28569d10158d746caf5eb46e6000cc686af96c7 (diff)