mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2025-01-21 20:15:21 +00:00
ef603fde4c
As the virt queues are initialized with random bytes from the fuzzing engine, a descriptor buffer for the available ring can have a very large length (e.g. up to 4GB). This means there can be up to 1 billion entries (e.g. page frame number) for virtio-balloon to process a signal available descriptor (given each entry is 4 bytes). This is the reason why oss-fuzz reported a hanging issue for this fuzzer, where the generated descriptor buffer length is 4,278,321,152. We can avoid this kind of long execution by reducing the size of guest memory. For example, with 1MB of guest memory, the number of descriptor entries for processing is limited ~256K. Signed-off-by: Bo Chen <chen.bo@intel.com>