mirrors/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2024-11-19 09:53:47 +01:00
Code Issues Projects Releases Wiki Activity

Merge bitcoin/bitcoin#22453: fuzz: Limit max ops in rolling_bloom_filter fuzz target

Browse Source 
faa86b71ac fuzz: Use ConsumeUInt256 helper to simplify rolling_bloom_filter fuzz test (MarcoFalke)
aaaa61fd30 fuzz: Speed up rolling_bloom_filter fuzz test (MarcoFalke)

Pull request description:

  Without a size limit on the input data, the runtime is unbounded. Fix this by picking an upper bound on the maximum number of fuzz operations.

  Reproducer from OSS-Fuzz (without bug report):
  [clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log](https://github.com/bitcoin/bitcoin/files/6822159/clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log)

ACKs for top commit:
  practicalswift:
    cr ACK faa86b71ac
  theStack:
    Concept and code review ACK faa86b71ac

Tree-SHA512: eace588509dfddb2ba97baf86379fa713fa6eb758184abff676cb95807ff8ff36905eeaddeba05665b8464c35c57e2138f88caec71cbfb255e546bbe76558da0
This commit is contained in:
MarcoFalke 2021-07-25 12:34:48 +02:00
commit 2aa937e97a
No known key found for this signature in database
GPG Key ID: CE2B75697E69A548
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/test/fuzz/rolling_bloom_filter.cpp
View File

@ -16,12 +16,16 @@
FUZZ_TARGET(rolling_bloom_filter)
{
// Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
// inputs.
int limit_max_ops{3000};
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
CRollingBloomFilter rolling_bloom_filter{
fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 1000),
0.999 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max())};
while (fuzzed_data_provider.remaining_bytes() > 0) {
while (--limit_max_ops >= 0 && fuzzed_data_provider.remaining_bytes() > 0) {
CallOneOf(
fuzzed_data_provider,
[&] {
@ -32,13 +36,10 @@ FUZZ_TARGET(rolling_bloom_filter)
assert(present);
},
[&] {
const std::optional<uint256> u256 = ConsumeDeserializable<uint256>(fuzzed_data_provider);
if (!u256) {
return;
}
(void)rolling_bloom_filter.contains(*u256);
rolling_bloom_filter.insert(*u256);
const bool present = rolling_bloom_filter.contains(*u256);
const uint256 u256{ConsumeUInt256(fuzzed_data_provider)};
(void)rolling_bloom_filter.contains(u256);
rolling_bloom_filter.insert(u256);
const bool present = rolling_bloom_filter.contains(u256);
assert(present);
},
[&] {