Fix opt fuzzer test harness (#4670)

The test harness for the opt fuzzer was failing to consider that the
input might use a very large id bound, despite no id approaching this
bound actually being used.

This change modifies the test harness to use the module's id bound,
rather than looking through the module for large ids.

Fixes: oss-fuzz:42386
This commit is contained in:
Alastair Donaldson 2022-01-07 15:03:29 +00:00 committed by GitHub
parent 75e53b9f68
commit c5ee1bc7bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 13 deletions

View File

@ -22,7 +22,7 @@ namespace fuzzers {
int OptFuzzerTestOneInput(
const uint8_t* data, size_t size,
std::function<void(spvtools::Optimizer&)> register_passes) {
const std::function<void(spvtools::Optimizer&)>& register_passes) {
if (size < 1) {
return 0;
}
@ -60,17 +60,9 @@ int OptFuzzerTestOneInput(
// It was not possible to build a valid module; that's OK - skip this input.
return 0;
}
bool found_excessively_large_id = false;
ir_context->module()->ForEachInst(
[&found_excessively_large_id](spvtools::opt::Instruction* inst) -> void {
if (inst->result_id() && inst->result_id() > kInitialIdLimit) {
found_excessively_large_id = true;
}
},
true);
if (found_excessively_large_id) {
// The input contains a very large id. The input is thus abandoned, to avoid
// the possibility of ending up hitting the id bound limit.
if (ir_context->module()->id_bound() >= kInitialIdLimit) {
// The input already has a very large id bound. The input is thus abandoned,
// to avoid the possibility of ending up hitting the id bound limit.
return 0;
}

View File

@ -27,7 +27,7 @@ namespace fuzzers {
// Helper function capturing the common logic for the various optimizer fuzzers.
int OptFuzzerTestOneInput(
const uint8_t* data, size_t size,
std::function<void(spvtools::Optimizer&)> register_passes);
const std::function<void(spvtools::Optimizer&)>& register_passes);
} // namespace fuzzers
} // namespace spvtools