From c927be1a4ddc8978a013dc8056a4c14d31a1ad34 Mon Sep 17 00:00:00 2001
From: Gianni Trevisiol <gtrevi@users.noreply.github.com>
Date: Wed, 7 Dec 2022 02:03:33 +0100
Subject: [PATCH] fix fuzzer issues (#1719)

---
 tests/fuzz/execution_context.cpp | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/tests/fuzz/execution_context.cpp b/tests/fuzz/execution_context.cpp
index c9236dc02..1d4493185 100644
--- a/tests/fuzz/execution_context.cpp
+++ b/tests/fuzz/execution_context.cpp
@@ -24,6 +24,9 @@
 
 #define ONE_MB_IN_BYTE (1024 * 1024)
 
+extern "C" size_t ebpf_fuzzing_memory_limit;
+extern "C" bool ebpf_fuzzing_enabled;
+
 std::vector<ebpf_handle_t>
 get_handles()
 {
@@ -72,8 +75,6 @@ get_handles()
     return handles;
 }
 
-extern "C" bool ebpf_fuzzing_enabled;
-
 std::vector<std::mt19937::result_type>
 create_random_seed()
 {
@@ -131,19 +132,12 @@ TEST_CASE("execution_context_direct", "[fuzz]")
     ebpf_fuzzing_enabled = true;
     auto mt = seed_random_engine();
 
-    // Limit this processes memory to 50MB
-    HANDLE job = CreateJobObject(nullptr, nullptr);
-    JOBOBJECT_EXTENDED_LIMIT_INFORMATION limits{};
-    limits.BasicLimitInformation.LimitFlags = JOB_OBJECT_LIMIT_PROCESS_MEMORY;
-    limits.ProcessMemoryLimit = 50 * ONE_MB_IN_BYTE;
-    REQUIRE(job != INVALID_HANDLE_VALUE);
-
-    REQUIRE(SetInformationJobObject(job, JobObjectExtendedLimitInformation, &limits, sizeof(limits)));
-    REQUIRE(AssignProcessToJobObject(job, GetCurrentProcess()));
+    ebpf_fuzzing_memory_limit = 50 * ONE_MB_IN_BYTE;
 
     ebpf_protocol_buffer_t request;
     ebpf_protocol_buffer_t reply;
 
+    REQUIRE(handles.size() > 0);
     request.reserve(UINT16_MAX);
     reply.reserve(UINT16_MAX);
     for (size_t i = 0; i < iterations; i++) {
@@ -176,8 +170,10 @@ TEST_CASE("execution_context_direct", "[fuzz]")
         auto header = reinterpret_cast<ebpf_operation_header_t*>(request.data());
         header->id = operation_id;
         header->length = static_cast<uint16_t>(request.size());
-        *reinterpret_cast<ebpf_handle_t*>(request.data() + sizeof(ebpf_operation_header_t)) =
-            handles[mt() % handles.size()];
+        if (request.size() >= sizeof(ebpf_operation_header_t) + sizeof(handles[0])) {
+            *reinterpret_cast<ebpf_handle_t*>(request.data() + sizeof(ebpf_operation_header_t)) =
+                handles[mt() % handles.size()];
+        }
         if (minimum_reply_size != 0) {
             reply.resize(minimum_reply_size + mt() % 1024);
             invoke_ioctl(request, reply);