Merge bitcoin/bitcoin#21909: fuzz: Limit max insertions in timedata fuzz test

fa95555a491dc01952703f476836e607ac34eab4 fuzz: Limit max insertions in timedata fuzz test (MarcoFalke)

Pull request description:

  It is debatable whether a size of the median filter other than `200` (the only size used in production) should be fuzzed. For now add a minimal patch to cap the max insertions. Otherwise the complexity is N^2 log(N), where N is the size of the fuzz input.

  Hopefully fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34167

ACKs for top commit:
  practicalswift:
    cr ACK fa95555a491dc01952703f476836e607ac34eab4: patch looks correct

Tree-SHA512: be7737e9f4c906053e355641de84dde31fed37ed6be4c5e92e602ca7675dffdaf06b7063b9235ef541b05d3d5fd689c99479317473bb15cb5271b8baabffd0f2

1 files changed, 3 insertions, 1 deletions

diff --git a/src/test/fuzz/timedata.cpp b/src/test/fuzz/timedata.cpp
index d7fa66298a..f7dc5f433e 100644
--- a/src/test/fuzz/timedata.cpp
+++ b/src/test/fuzz/timedata.cpp
@@ -15,10 +15,12 @@ FUZZ_TARGET(timedata)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     const unsigned int max_size = fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(0, 1000);
+    // A max_size of 0 implies no limit, so cap the max number of insertions to avoid timeouts
+    auto max_to_insert = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 4000);
     // Divide by 2 to avoid signed integer overflow in .median()
     const int64_t initial_value = fuzzed_data_provider.ConsumeIntegral<int64_t>() / 2;
     CMedianFilter<int64_t> median_filter{max_size, initial_value};
-    while (fuzzed_data_provider.remaining_bytes() > 0) {
+    while (fuzzed_data_provider.remaining_bytes() > 0 && --max_to_insert >= 0) {
         (void)median_filter.median();
         assert(median_filter.size() > 0);
         assert(static_cast<size_t>(median_filter.size()) == median_filter.sorted().size());