fuzz fix

DmitriyMusatkin · DmitriyMusatkin · commit cccbab56f80c · 2026-03-10T11:24:19.000-07:00
diff --git a/include/aws/s3/private/s3_default_buffer_pool.h b/include/aws/s3/private/s3_default_buffer_pool.h
@@ -44,6 +44,9 @@ struct aws_s3_default_buffer_pool_usage_stats {
     /* Max size of buffer to be allocated from primary. */
     size_t primary_cutoff;
 
+    /* Min size of buffer to be allocated from primary. */
+    size_t primary_min_cutoff;
+
     /* Overall memory allocated for blocks. */
     size_t primary_allocated;
     /* Number of blocks allocated in primary. */
diff --git a/source/s3_default_buffer_pool.c b/source/s3_default_buffer_pool.c
@@ -896,6 +896,7 @@ struct aws_s3_default_buffer_pool_usage_stats aws_s3_default_buffer_pool_get_usa
     struct aws_s3_default_buffer_pool_usage_stats ret = (struct aws_s3_default_buffer_pool_usage_stats){
         .mem_limit = buffer_pool->mem_limit,
         .primary_cutoff = buffer_pool->primary_size_cutoff,
+        .primary_min_cutoff = buffer_pool->primary_size_min_cutoff,
         .primary_allocated = buffer_pool->primary_allocated,
         .primary_used = buffer_pool->primary_used,
         .primary_reserved = buffer_pool->primary_reserved,
diff --git a/source/s3_meta_request.c b/source/s3_meta_request.c
@@ -1430,7 +1430,11 @@ static int s_s3_meta_request_incoming_headers(
                          * optimistically allocate part sized buffer, and see if its enough. If its over, the req will
                          * get canceled. So in that case skip validation on expected size.
                          */
-                        if (request->request_tag != AWS_S3_AUTO_RANGE_GET_REQUEST_TYPE_GET_OBJECT_WITH_PART_NUMBER_1 &&
+                        bool is_unknown_len_part_req = 
+                            request->request_type == AWS_S3_REQUEST_TYPE_GET_OBJECT &&
+                            request->request_tag != AWS_S3_AUTO_RANGE_GET_REQUEST_TYPE_GET_OBJECT_WITH_PART_NUMBER_1;
+
+                        if ( !is_unknown_len_part_req &&
                             (object_size != object_range_end + 1 || request->part_range_end < object_range_end)) {
                             /* Something went wrong if it's matching. Log the error. */
                             AWS_LOGF_ERROR(
diff --git a/tests/fuzz/fuzz_buffer_pool_special_size.c b/tests/fuzz/fuzz_buffer_pool_special_size.c
@@ -84,6 +84,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     /* Get initial stats */
     struct aws_s3_default_buffer_pool_usage_stats initial_stats = aws_s3_default_buffer_pool_get_usage(buffer_pool);
     size_t primary_cutoff = initial_stats.primary_cutoff;
+    size_t primary_min_cutoff = initial_stats.primary_min_cutoff;
 
     /* Add special sizes - consume as much input as available */
     size_t special_sizes[MAX_SPECIAL_SIZES] = {0};
@@ -179,7 +180,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         } else if (size_type == 1) {
             /* Primary storage allocation (below primary_cutoff) */
             reservation_size = 1024 + (size_value % (primary_cutoff - 1024));
-            is_primary = true;
+            if (reservation_size < primary_min_cutoff) {
+                is_secondary = true;
+            } else {
+                is_primary = true;
+            }
         } else {
             /* Secondary storage allocation (above primary_cutoff, below smallest special size) */
             size_t secondary_range = special_sizes[0] - primary_cutoff - 1;
