player/command: disable subprocess command for fuzzing

Allowing arbitrary command execution for the fuzzer is not ideal. While some testing of this code is valid, unsupervised fuzzing of the input is not. It may be better to add a dedicated test or fuzz-test for this case.
mpv-player · Nov 13, 2024 · 82b9998 · 82b9998
1 parent 3e362a0
commit 82b9998
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/player/command.c b/player/command.c
@@ -6231,6 +6231,7 @@ static void subprocess_write(void *p)
     // Unused; we write a full buffer.
 }
 
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 static void cmd_subprocess(void *p)
 {
     struct mp_cmd_ctx *cmd = p;
@@ -6345,6 +6346,7 @@ static void cmd_subprocess(void *p)
 
     talloc_free(tmp);
 }
+#endif
 
 static void cmd_enable_input_section(void *p)
 {
@@ -7104,6 +7106,7 @@ const struct mp_cmd_def mp_cmds[] = {
                         {"args", OPT_STRING(v.s)}, },
         .vararg = true,
     },
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     { "subprocess", cmd_subprocess,
         {
             {"args", OPT_STRINGLIST(v.str_list)},
@@ -7120,6 +7123,7 @@ const struct mp_cmd_def mp_cmds[] = {
         .spawn_thread = true,
         .can_abort = true,
     },
+#endif
 
     { "set", cmd_set, {{"name", OPT_STRING(v.s)}, {"value", OPT_STRING(v.s)}}},
     { "del", cmd_del, {{"name", OPT_STRING(v.s)}}},