Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

quic fuzzer hang #22412

Closed
kroeckx opened this issue Oct 17, 2023 · 4 comments
Closed

quic fuzzer hang #22412

kroeckx opened this issue Oct 17, 2023 · 4 comments
Labels
branch: master Merge to master branch triaged: bug The issue/pr is/fixes a bug
Milestone
3.2.0

Comments

@kroeckx
Copy link
Member

kroeckx commented Oct 17, 2023

The fuzzer from #22368 combined with #22410 and #22411, hangs with
hang2.gz
@kroeckx kroeckx added the issue: bug report The issue was opened to report a bug label Oct 17, 2023
@mattcaswell mattcaswell added branch: master Merge to master branch triaged: bug The issue/pr is/fixes a bug and removed issue: bug report The issue was opened to report a bug labels Oct 17, 2023
@mattcaswell mattcaswell added this to the 3.2.0 milestone Oct 17, 2023
@kroeckx
Copy link
Member Author

kroeckx commented Oct 17, 2023 via email

@mattcaswell
Copy link
Member

This hang is caused because we receive a very large token in a retry packet. Later we try to create a PING frame but, because the token is so large, we fail to insert the PING or anything else into the datagram. Since we have failed to generate a PING, but the ping deadline has expired we immediately try to create another PING - and so on in an infinite loop.

mattcaswell added a commit to mattcaswell/openssl that referenced this issue Oct 18, 2023
@mattcaswell
If we fail to output anything when generating a datagram we should fail
15e9a25 
If when generating a datagram we are unable to output anything then we are
not making progress and we should fail, otherwise we may get into an
infinite loop (i.e. continually trying to output a datagram and continually
failing to do so in an infinite loop).

Fixes openssl#22412
This was referenced Oct 18, 2023
Closed
Closed
@mattcaswell
Copy link
Member

If you fix this, can I suggest that you run the fuzzer for a minute or so. I've found both those hangs in a few seconds. Use libfuzzer, and add -timeout=5 to the command line, so it gives you a nice file instead of just hanging for a very long time.

I did that and immediately ran into #22427

@hlandau hlandau mentioned this issue Oct 19, 2023
Closed
@mattcaswell mattcaswell mentioned this issue Oct 19, 2023
Closed
@t8m
Copy link
Member

t8m commented Oct 24, 2023

The original hang was fixed.

@t8m t8m closed this as completed Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
branch: master Merge to master branch triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
3.2.0
3 participants
@kroeckx @t8m @mattcaswell