[net] Re-enable net_url_request_fuzzer and enforce max input size.

Bug: 820089
Change-Id: Ie550f62a262d0b15fef4db4e0247a37b9a0f2a59
Reviewed-on: https://chromium-review.googlesource.com/c/1405989
Commit-Queue: Eric Roman <eroman@chromium.org>
Reviewed-by: Eric Roman <eroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#622270}
diff --git a/net/BUILD.gn b/net/BUILD.gn
index bb17f67..892ceb7 100644
--- a/net/BUILD.gn
+++ b/net/BUILD.gn
@@ -6220,10 +6220,6 @@
     "//net",
   ]
   dict = "data/fuzzer_dictionaries/net_url_request_fuzzer.dict"
-
-  # TODO(crbug.com/820089): Figure out why this fuzzer's corpus explodes to
-  # 10 GB. For now, disable it on ClusterFuzz.
-  additional_configs = [ "//testing/libfuzzer:no_clusterfuzz" ]
 }
 
 fuzzer_test("net_auth_challenge_tokenizer_fuzzer") {
diff --git a/net/url_request/url_request_fuzzer.cc b/net/url_request/url_request_fuzzer.cc
index 98e581c8..a8fb3ab 100644
--- a/net/url_request/url_request_fuzzer.cc
+++ b/net/url_request/url_request_fuzzer.cc
@@ -19,6 +19,11 @@
 #include "net/url_request/url_request_test_util.h"
 #include "url/gurl.h"
 
+
+// Restrict max input length to reject too long inputs that can be too slow to
+// process and may lead to an unbounded corpus growth.
+const size_t kMaxInputSize = 65536 + 257;
+
 // Integration fuzzer for URLRequest's handling of HTTP requests. Can follow
 // redirects, both on the same server (using a new socket or the old one) and
 // across servers.
@@ -27,6 +32,9 @@
 // QUIC, DNS failures (they all currently resolve to localhost), IPv6 DNS
 // results, URLs with IPs instead of hostnames (v4 and v6), etc.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  if (size > kMaxInputSize)
+    return 0;
+
   base::FuzzedDataProvider data_provider(data, size);
   net::TestURLRequestContext url_request_context(true);
   net::FuzzedSocketFactory fuzzed_socket_factory(&data_provider);