From 58c445e6efdf24ceec0e77da9042c85cb500aa87 Mon Sep 17 00:00:00 2001
From: Julien Pivotto <roidelapluie@inuits.eu>
Date: Sun, 31 May 2020 09:42:56 +0200
Subject: [PATCH] Fuzz: limit input size (#7317)

We know that fuzzParseExpr and fuzzParseMetricSelector make use of heavy
things like regexes, which take a fairly big amount of memory.

OSS-Fuzz does not offer a proper way to increase the memory [1], therefore
we limit the input size [2].

[1] https://google.github.io/oss-fuzz/faq/#how-do-you-handle-timeouts-and-ooms
[2] https://google.github.io/oss-fuzz/getting-started/new-project-guide/#input-size

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
---
 promql/fuzz.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/promql/fuzz.go b/promql/fuzz.go
index 066700d8c..eeb1fede8 100644
--- a/promql/fuzz.go
+++ b/promql/fuzz.go
@@ -48,6 +48,11 @@ const (
 	fuzzInteresting = 1
 	fuzzMeh         = 0
 	fuzzDiscard     = -1
+
+	// Input size above which we know that Prometheus would consume too much
+	// memory. The recommended way to deal with it is check input size.
+	// https://google.github.io/oss-fuzz/getting-started/new-project-guide/#input-size
+	maxInputSize = 10240
 )
 
 func fuzzParseMetricWithContentType(in []byte, contentType string) int {
@@ -84,6 +89,9 @@ func FuzzParseOpenMetric(in []byte) int {
 
 // Fuzz the metric selector parser.
 func FuzzParseMetricSelector(in []byte) int {
+	if len(in) > maxInputSize {
+		return fuzzMeh
+	}
 	_, err := parser.ParseMetricSelector(string(in))
 	if err == nil {
 		return fuzzInteresting
@@ -94,6 +102,9 @@ func FuzzParseMetricSelector(in []byte) int {
 
 // Fuzz the expression parser.
 func FuzzParseExpr(in []byte) int {
+	if len(in) > maxInputSize {
+		return fuzzMeh
+	}
 	_, err := parser.ParseExpr(string(in))
 	if err == nil {
 		return fuzzInteresting