phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-10 20:03:34 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge bitcoin/bitcoin#22649: fuzz: Avoid OOM in system fuzz target

Browse source 
fa7718344d fuzz: Avoid OOM in system fuzz target (MarcoFalke)

Pull request description:

  If the inputs size is unlimited, the target may consume unlimited memory, because the argsmanager stores the argument names. Limiting the size should fix this issue.

  Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36906

ACKs for top commit:
  practicalswift:
    cr ACK fa7718344d

Tree-SHA512: 6edfcf324ee9d94e511038ee01340f02db50bcb233af3f1a1717c3602164c88528d9d987e971ec32f1a4593b868019bea0102c53c9b02bfefec3dfde959483cf
This commit is contained in:
MarcoFalke 2021-08-16 10:47:55 +02:00
commit 42b00a3758
No known key found for this signature in database
GPG key ID: CE2B75697E69A548
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/test/fuzz/fuzz.h
View file

@ -11,6 +11,9 @@
#include <functional> #include <functional>
#include <string_view> #include <string_view>
#define LIMITED_WHILE(condition, limit) \
for (unsigned _count{limit}; (condition) && _count; --_count)
using FuzzBufferType = Span<const uint8_t>; using FuzzBufferType = Span<const uint8_t>;
using TypeTestOneInput = std::function<void(FuzzBufferType)>; using TypeTestOneInput = std::function<void(FuzzBufferType)>;

3
src/test/fuzz/system.cpp
View file

@ -31,7 +31,8 @@ FUZZ_TARGET(system)
SetupHelpOptions(args_manager); SetupHelpOptions(args_manager);
} }
while (fuzzed_data_provider.ConsumeBool()) { LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 3000)
{
CallOneOf( CallOneOf(
fuzzed_data_provider, fuzzed_data_provider,
[&] { [&] {