Page MenuHomePhabricator

fuzz: Stop nodes in process_message* fuzzers
ClosedPublic

Authored by Fabien on Dec 21 2020, 10:48.

Details

Reviewers
majcosta
Group Reviewers
Restricted Project
Commits
rABC306b94dd6d36: fuzz: Stop nodes in process_message* fuzzers
Summary
Background is that I saw an integer overflow in net_processing

#30629113	REDUCE cov: 25793 ft: 142917 corp: 3421/2417Kb
lim: 4096exec/s: 89 rss: 614Mb L: 1719/4096 MS: 1 EraseBytes...
net_processing.cpp:977:25: runtime error: signed integer overflow:
2147483624 + 100 cannot be represented in type 'int'

UndefinedBehaviorSanitizer: undefined-behavior
net_processing.cpp:977:25 in
net_processing.cpp:985:9: runtime error: signed integer overflow:
-2147483572 - 100 cannot be represented in type 'int'
SUMMMARY: UndefinedBehaviorSanitizer: undefined-behavior
net_processing.cpp:985:9 in

Telling from the line numbers, it looks like nMisbehavior wrapped
around.

Fix that by calling StopNodes after each exec, which should clear the
node state and thus nMisbehavior.

Backport of core PR18875

Test Plan
ninja bitcoin-fuzzers
./test/fuzz/test_runner.py <path_to_corpus>

Event Timeline

Fabien requested review of this revision.Dec 21 2020, 10:48
majcosta retitled this revision from fuzz: Stop nodes in process_message* fuzzers ``` Background is that I saw an integer overflow in net_processing #30629113 REDUCE cov: 25793 ft: 142917 corp: 3421/2417Kb lim: 4096 exec/s: 89 rss: 614Mb L: 1719/4096 MS: 1 EraseBytes... to fuzz: Stop nodes in process_message* fuzzers```Background is that I saw an integer overflow in net_processing#30629113 REDUCE cov: 25793 ft: 142917 corp: 3421/2417Kb lim: 4096exec/s: 89 rss: 614Mb L: 1719/4096 MS: 1 EraseBytes....Dec 21 2020, 11:59
majcosta edited the summary of this revision. (Show Details)
Fabien retitled this revision from fuzz: Stop nodes in process_message* fuzzers```Background is that I saw an integer overflow in net_processing#30629113 REDUCE cov: 25793 ft: 142917 corp: 3421/2417Kb lim: 4096exec/s: 89 rss: 614Mb L: 1719/4096 MS: 1 EraseBytes... to fuzz: Stop nodes in process_message* fuzzers.Dec 21 2020, 12:02
Fabien edited the summary of this revision. (Show Details)
This revision is now accepted and ready to land.Dec 21 2020, 12:02