Break out of $GENERATE loop when not generating

If the LHS and the RHS have not been modified it is pointless to keep processing the $GENERATE loop. Detect this and break the loop after 1 interation.
Limit the number of loops $GENERATE does when fuzzing
2025-02-24 10:58:25 +11:00 · 2025-02-24 10:38:01 +11:00
3 changed files with 22 additions and 3 deletions
--- a/fuzz/dns_master_load.c
+++ b/fuzz/dns_master_load.c
@@ -27,10 +27,13 @@

 bool debug = false;

+extern bool dns_master_fuzz;
+
 int
 LLVMFuzzerInitialize(int *argc, char ***argv) {
 	UNUSED(argc);
 	UNUSED(argv);
+	dns_master_fuzz = true;
 	return 0;
 }

--- a/fuzz/dns_master_load.in/generate-too-many.db
+++ b/fuzz/dns_master_load.in/generate-too-many.db
@@ -0,0 +1 @@
+$GENERATE	133557393-0143393203	Sp{{{{{N-	256	Spf ¼ib922f ¼ ¼ib429297
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -89,6 +89,8 @@

 #define CHECKNAMESFAIL(x) (((x) & DNS_MASTER_CHECKNAMESFAIL) != 0)

+bool dns_master_fuzz = false;
+
 typedef ISC_LIST(dns_rdatalist_t) rdatalist_head_t;

 typedef struct dns_incctx dns_incctx_t;
@@ -637,7 +639,7 @@ nibbles(char *numbuf, size_t length, unsigned int width, char mode,
 }

 static isc_result_t
-genname(char *name, int it, char *buffer, size_t length) {
+genname(char *name, int it, bool *generated, char *buffer, size_t length) {
 	char fmt[sizeof("%04000000000d")];
 	char numbuf[128];
 	char *cp;
@@ -651,6 +653,8 @@ genname(char *name, int it, char *buffer, size_t length) {
 	unsigned int width;
 	bool nibblemode;

+	REQUIRE(generated != NULL);
+
 	r.base = buffer;
 	r.length = (unsigned int)length;

@@ -729,6 +733,7 @@ genname(char *name, int it, char *buffer, size_t length) {
 				r.base[0] = *cp++;
 				isc_textregion_consume(&r, 1);
 			}
+			*generated = true;
 		} else if (*name == '\\') {
 			if (r.length == 0) {
 				return ISC_R_NOSPACE;
@@ -780,6 +785,7 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
 	unsigned int i;
 	dns_incctx_t *ictx;
 	char dummy[2];
+	size_t count = dns_master_fuzz ? 1024 : 0;

 	ictx = lctx->inc;
 	callbacks = lctx->callbacks;
@@ -829,11 +835,12 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
 	}

 	for (i = start; i <= (unsigned int)stop; i += step) {
-		result = genname(lhs, i, lhsbuf, DNS_MASTER_LHS);
+		bool generated = false;
+		result = genname(lhs, i, &generated, lhsbuf, DNS_MASTER_LHS);
 		if (result != ISC_R_SUCCESS) {
 			goto error_cleanup;
 		}
-		result = genname(rhs, i, rhsbuf, DNS_MASTER_RHS);
+		result = genname(rhs, i, &generated, rhsbuf, DNS_MASTER_RHS);
 		if (result != ISC_R_SUCCESS) {
 			goto error_cleanup;
 		}
@@ -892,6 +899,14 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
 			goto error_cleanup;
 		}
 		dns_rdata_reset(&rdata);
+		/*
+		 * The fuzzer can generate large counts and/or
+		 * LHS and RHS that don't vary.  Exit the loop
+		 * early under these circumstances.
+		 */
+		if (!generated || (count != 0 && --count == 0)) {
+			break;
+		}
 	}
 	result = ISC_R_SUCCESS;
 	goto cleanup;
				`@@ -0,0 +1 @@`
				`$GENERATE 133557393-0143393203 Sp{{{{{N- 256 Spf ¼ib922f ¼ ¼ib429297`