-
Notifications
You must be signed in to change notification settings - Fork 36.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: Add fuzzing harness for strprintf(…) #18009
Conversation
6afd1a4
to
4144dfa
Compare
When updating FuzzedDataProvider, please include the exact commit id that it was updated to |
4144dfa
to
a6d7905
Compare
@MarcoFalke Good point! Done! :) |
a6d7905
to
e951715
Compare
aa0cbf3
to
4534f1e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK
nit: in the commit that bumps the provider: Could limit the commit subject to a reasonable length, i.e. move the url to the commit body
4534f1e
to
48661c5
Compare
@MarcoFalke Thanks for reviewing! Feedback addressed. Please re-review :) |
48661c5
to
cc668d0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sirs. This is very good test.
Would be helpful to comment on "why" in each commit message - e.g. I was curious to look into why the |
cc668d0 tests: Add fuzzing harness for strprintf(...) (practicalswift) ccc3c76 tests: Add fuzzer strprintf to FUZZERS_MISSING_CORPORA (temporarily) (practicalswift) 6ef0491 tests: Update FuzzedDataProvider.h from upstream (LLVM) (practicalswift) Pull request description: Add fuzzing harness for `strprintf(…)`. Update `FuzzedDataProvider.h`. Avoid hitting some issues in tinyformat (reported upstreams in c42f/tinyformat#70). --- Found issues in tinyformat: **Issue 1.** The following causes a signed integer overflow followed by an allocation of 9 GB of RAM (or an OOM in memory constrained environments): ``` strprintf("%.777777700000000$", 1.0); ``` **Issue 2.** The following causes a stack overflow: ``` strprintf("%987654321000000:", 1); ``` **Issue 3.** The following causes a stack overflow: ``` strprintf("%1$*1$*", -11111111); ``` **Issue 4.** The following causes a `NULL` pointer dereference: ``` strprintf("%.1s", (char *)nullptr); ``` **Issue 5.** The following causes a float cast overflow: ``` strprintf("%c", -1000.0); ``` **Issue 6.** The following causes a float cast overflow followed by an invalid integer negation: ``` strprintf("%*", std::numeric_limits<double>::lowest()); ``` Top commit has no ACKs. Tree-SHA512: 9b765559281470f4983eb5aeca94bab1b15ec9837c0ee01a20f4348e9335e4ee4e4fecbd7a1a5a8ac96aabe0f9eeb597b8fc9a2c8faf1bab386e8225d5cdbc18
Summary: ``` Add fuzzing harness for strprintf(…). Update FuzzedDataProvider.h. Avoid hitting some issues in tinyformat (reported upstreams in c42f/tinyformat#70). ``` Backport of core [[bitcoin/bitcoin#18009 | PR18009]]. Test Plan: ninja bitcoin-fuzzers ./src/test/fuzz/strprintf Reviewers: #bitcoin_abc, deadalnix Reviewed By: #bitcoin_abc, deadalnix Differential Revision: https://reviews.bitcoinabc.org/D8004
Add fuzzing harness for
strprintf(…)
.Update
FuzzedDataProvider.h
.Avoid hitting some issues in tinyformat (reported upstreams in c42f/tinyformat#70).
Found issues in tinyformat:
Issue 1. The following causes a signed integer overflow followed by an allocation of 9 GB of RAM (or an OOM in memory constrained environments):
Issue 2. The following causes a stack overflow:
Issue 3. The following causes a stack overflow:
Issue 4. The following causes a
NULL
pointer dereference:Issue 5. The following causes a float cast overflow:
Issue 6. The following causes a float cast overflow followed by an invalid integer negation: