Restrict metaflac fuzzer to offered file (#885)

The metaflac fuzzer could be directed to use files on the system,
leading to unreproducible crashes

Credit: Oss-fuzz
Issue: N/A (local run)

Author: ktmf01

oss-fuzz/common.h

@@ -1,2 +1,5 @@
 extern int alloc_check_threshold, alloc_check_counter, alloc_check_keep_failing;
 int alloc_check_threshold = INT32_MAX, alloc_check_counter = 0, alloc_check_keep_failing = 0;
+
+extern char* allowed_filename;
+char* allowed_filename = NULL;

oss-fuzz/tool_metaflac.c

@@ -57,6 +57,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	share__opterr = 0;
 	share__optind = 0;
 
+	allowed_filename = NULL;
+
 
 	if(size < 2)
 		return 0;
@@ -88,6 +90,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 	argv[numarg++] = filename;
 
+	allowed_filename = filename;
+
 	/* Create file to feed to stdin */
 	if(use_stdin) {
 		file_to_fuzz = mkstemp(filename_stdin);

src/metaflac/options.c

@@ -199,10 +199,23 @@ FLAC__bool parse_options(int argc, char *argv[], CommandLineOptions *options)
 
 	if(options->num_files > 0) {
 		unsigned i = 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+		extern char* allowed_filename;
+#endif
 		if(0 == (options->filenames = safe_malloc_mul_2op_(sizeof(char*), /*times*/options->num_files)))
 			die("out of memory allocating space for file names list");
 		while(share__optind < argc)
-			options->filenames[i++] = local_strdup(argv[share__optind++]);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+			if(strcmp(argv[share__optind],allowed_filename) == 0)
+#endif
+				options->filenames[i++] = local_strdup(argv[share__optind++]);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+			else {
+				if(options->num_files > 0)
+					options->num_files--;
+				share__optind++;
+			}
+#endif
 	}
 
 	if(options->args.checks.num_major_ops > 0) {