From b2bebe1217cea83046897e28cf1366b72c3ff329 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 4 Mar 2021 16:03:50 +0100
Subject: prog: detect copyout overflow

Detect the case when a program requires more copyout than executor can handle.
Curretnly these result in: "SYZFAIL: command refers to bad result" failures.
Now syz-fuzzer should ignore them.
---
 prog/encodingexec.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'prog/encodingexec.go')

diff --git a/prog/encodingexec.go b/prog/encodingexec.go
index c15eb25bc..e0c7ec59d 100644
--- a/prog/encodingexec.go
+++ b/prog/encodingexec.go
@@ -52,6 +52,8 @@ const (
 const (
 	ExecBufferSize = 4 << 20 // keep in sync with kMaxInput in executor.cc
 	ExecNoCopyout  = ^uint64(0)
+
+	execMaxCommands = 1000 // executor knows about this constant (kMaxCommands)
 )
 
 var ErrExecBufferTooSmall = errors.New("encodingexec: provided buffer is too small")
@@ -72,7 +74,7 @@ func (p *Prog) SerializeForExec(buffer []byte) (int, error) {
 		w.serializeCall(c)
 	}
 	w.write(execInstrEOF)
-	if w.eof {
+	if w.eof || w.copyoutSeq > execMaxCommands {
 		return 0, ErrExecBufferTooSmall
 	}
 	return len(buffer) - len(w.buf), nil
-- 
cgit mrf-deployment