Merge remote-tracking branch 'origin/topic/jazoff/fuzz-size-limits'

- I rolled the fuzz chunk limit check into FuzzBuffer::Valid()

* origin/topic/jazoff/fuzz-size-limits:
  Skip fuzz inputs that have more than 64 chunks

src/fuzzers/FuzzBuffer.cc

@@ -6,7 +6,7 @@
 
 #include "FuzzBuffer.h"
 
-bool zeek::detail::FuzzBuffer::Valid() const
+bool zeek::detail::FuzzBuffer::Valid(int chunk_count_limit) const
 	{
 	if ( end - begin < PKT_MAGIC_LEN + 2 )
 		return false;
@@ -14,9 +14,31 @@ bool zeek::detail::FuzzBuffer::Valid() const
 	if ( memcmp(begin, PKT_MAGIC, PKT_MAGIC_LEN) != 0)
 		return false;
 
+	if ( ChunkCount() > chunk_count_limit )
+		return false;
+
 	return true;
 	}
 
+int zeek::detail::FuzzBuffer::ChunkCount() const
+	{
+	auto pos = begin;
+	int chunks = 0;
+
+	while ( pos < end )
+		{
+		pos = (const unsigned char*)memmem(pos, end - pos,
+		                                   PKT_MAGIC, PKT_MAGIC_LEN);
+		if ( ! pos )
+			break;
+
+		pos += PKT_MAGIC_LEN + 1;
+		chunks++;
+		}
+
+	return chunks;
+	}
+
 std::optional<zeek::detail::FuzzBuffer::Chunk> zeek::detail::FuzzBuffer::Next()
 	{
 	if ( begin == end )

src/fuzzers/FuzzBuffer.h

@@ -27,6 +27,7 @@ public:
 
 	static constexpr int PKT_MAGIC_LEN = 4;
 	static constexpr unsigned char PKT_MAGIC[PKT_MAGIC_LEN + 1] = "\1PKT";
+	static constexpr int MAX_CHUNK_COUNT = 64;
 
 	/**
 	 * Initialize fuzz buffer.
@@ -39,9 +40,16 @@ public:
 
 	/**
 	 * @return  whether the fuzz buffer object is valid --  has enough bytes
-	 * to Deliver to an analyzer and starts with a *PKT_MAGIC* bytestring.
+	 * to Deliver to an analyzer, starts with a *PKT_MAGIC* bytestring, and
+	 * contains less than the limiting number of chunk.
+	 * .
 	 */
-	bool Valid() const;
+	bool Valid(int chunk_count_limit = MAX_CHUNK_COUNT) const;
+
+	/**
+	 * @return  the number of chunks in the fuzz buffer object
+	 */
+	int ChunkCount() const;
 
 	/**
 	 * @return  the next chunk to deliver, if one could be extracted