From be47ac39e80471250e010d7b526105b7a0dcd4c1 Mon Sep 17 00:00:00 2001
From: Chris Fallin <chris@cfallin.org>
Date: Wed, 31 Aug 2022 10:10:38 -0700
Subject: [PATCH] Fuzzing function generator: bound the debug-labels size.
 (#73)

Currently there is a loop that takes a variable step toward an end point
with an integer from `Arbitrary`; if this integer is always zero (for
example due to end-of-input?) then we add debug labels to a particular
input SSA value forever. This eventually causes an OOM crash.  This PR
bounds the loop at a reasonable count (10) instead.
---
 src/fuzzing/func.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/fuzzing/func.rs b/src/fuzzing/func.rs
index 21754a0..9ccb94f 100644
--- a/src/fuzzing/func.rs
+++ b/src/fuzzing/func.rs
@@ -388,7 +388,10 @@ impl Func {
                 if bool::arbitrary(u)? {
                     let assumed_end_inst = 10 * num_blocks;
                     let mut start = u.int_in_range::<usize>(0..=assumed_end_inst)?;
-                    while start < assumed_end_inst {
+                    for _ in 0..10 {
+                        if start >= assumed_end_inst {
+                            break;
+                        }
                         let end = u.int_in_range::<usize>(start..=assumed_end_inst)?;
                         let label = u.int_in_range::<u32>(0..=100)?;
                         builder.f.debug_value_labels.push((