* zzuf.c: make the -B flag (max bytes) also work when fuzzing the standard

input.

doc/zzuf.1

@@ -57,9 +57,14 @@ This option is useful to preserve file headers or corrupt only a specific
 portion of a file.
 .TP
 \fB\-B\fR, \fB\-\-max\-bytes\fR=\fIn\fR
-Automatically terminate child processes that output more than \fIn\fR bytes
-on the standard output and standard error channels. This is useful to detect
-infinite loops. See also the \fB\-t\fR and \fB\-T\fR flags.
+Automatically stop after \fIn\fR bytes have been output.
+
+This either terminates child processes that output more than \fIn\fR bytes
+on the standard output and standard error channels, or stop reading from
+standard input if no program is being fuzzed.
+
+This is useful to detect infinite loops. See also the \fB\-t\fR and \fB\-T\fR
+flags.
 .TP
 \fB\-c\fR, \fB\-\-cmdline\fR
 Only fuzz files whose name is specified in the target application's command

src/zzuf.c

@@ -470,6 +470,7 @@ static void loop_stdin(struct opts *opts)
 {
     uint8_t md5sum[16];
     struct md5 *ctx = NULL;
+    int total = 0;
 
     if(opts->md5)
         ctx = _zz_md5_init();
@@ -493,12 +494,22 @@ static void loop_stdin(struct opts *opts)
     for(;;)
     {
         uint8_t buf[BUFSIZ];
-        int ret, off = 0, nw = 0;
+        int ret, toread = BUFSIZ, off = 0, nw = 0;
 
-        ret = read(0, buf, BUFSIZ);
+        if(opts->maxbytes >= 0)
+        {
+            if(total >= opts->maxbytes)
+                break;
+            if(total + BUFSIZ >= opts->maxbytes)
+                toread = opts->maxbytes - total;
+        }
+
+        ret = read(0, buf, toread);
         if(ret <= 0)
             break;
 
+        total += ret;
+
         _zz_fuzz(0, buf, ret);
         _zz_addpos(0, ret);