tests: Avoid accumulating allocated memory in a global state if LogPrintf is called when fuzzing #17894
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Concept ACK. I'm not too familiar with libFuzzer so I can't speak to that, but won't this buildup only occur if AFL is in persistent mode since then there's a loop rather than a new binary being executed? |
Traceback (most recent call last):
File "test/fuzz/test_runner.py", line 175, in <module>
main()
File "test/fuzz/test_runner.py", line 115, in main
universal_newlines=True,
File "/usr/lib/python3.6/subprocess.py", line 438, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/addr_info_deserialize', '-help=1']'
died with <Signals.SIGABRT: 6>. |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsNo conflicts as of last run. |
|
@Crypt-iQ Yes, the build-up will only occur if in-process fuzzing is used: |
maflcko
reviewed
Jan 13, 2020
practicalswift
force-pushed
the
fuzzers-deserialize-enable-logging
branch
from
125de8a
to
91013dd
Compare
…intf is called when fuzzing
practicalswift
force-pushed
the
fuzzers-deserialize-enable-logging
branch
from
91013dd
to
d7f4583
Compare
|
@MarcoFalke Approach ACK now with the updated version? :) |
|
@MarcoFalke How can we proceed with this one? Would be really nice to not have deal with this memory leak when fuzzing the deserialisation code :) |
|
Closing due to lack of interest :) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Avoid accumulating allocated memory in a global state if
LogPrintfis called when fuzzing.The accumulation takes place via the
m_msgs_before_openbuffering.Resolved by enabling logging and writing log messages to standard output.
This has the added benefit of making the fuzzing operator aware of any log printing caused by fuzzing which is likely to be an anomaly in itself (in the general case).
The only fuzzing harness in
masterthat I've seen callingLogPrintfismessageheader_deserializevia the call toCMessageHeader::IsValid()which somewhat surprisingly does aLogPrintfin the case ofnMessageSize > MAX_SIZE:)Before:
After:
How to test this PR