[wasm][fuzzer] Enforce input size limit

The "max_len" argument for fuzzer targets is deprecated. We need to
enforce the limit internally.

R=ahaas@chromium.org

Bug: chromium:894939
Change-Id: I2206bc63d5e39f1aa189e11042a6a0bbcca31b0d
Reviewed-on: https://chromium-review.googlesource.com/c/1299020Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56998}

test/fuzzer/wasm-fuzzer-common.cc

@@ -251,6 +251,11 @@ void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,
 
 int WasmExecutionFuzzer::FuzzWasmModule(Vector<const uint8_t> data,
                                         bool require_valid) {
+  // Strictly enforce the input size limit. Note that setting "max_len" on the
+  // fuzzer target is not enough, since different fuzzers are used and not all
+  // respect that limit.
+  if (data.size() > max_input_size()) return 0;
+
   v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
   v8::Isolate* isolate = support->GetIsolate();
   i::Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);

test/fuzzer/wasm-fuzzer-common.h

@@ -34,6 +34,8 @@ class WasmExecutionFuzzer {
   virtual ~WasmExecutionFuzzer() = default;
   int FuzzWasmModule(Vector<const uint8_t> data, bool require_valid = false);
 
+  virtual size_t max_input_size() const { return 512; }
+
  protected:
   virtual bool GenerateModule(
       Isolate* isolate, Zone* zone, Vector<const uint8_t> data,