diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2021-07-25 12:34:48 +0200 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2021-07-25 12:34:55 +0200 |
| commit | 2aa937e97af66206f9f128e59b47ec93cfb5e0b3 (patch) | |
| tree | ba85b5c10c1e6157329fc7be62ec483b6ce4eb37 | |
| parent | 2735e111eba32bc97b25960c626dd573447cdbee (diff) | |
| parent | faa86b71acefc8f2e366746a1c251888e6e686dd (diff) | |
Merge bitcoin/bitcoin#22453: fuzz: Limit max ops in rolling_bloom_filter fuzz target
faa86b71acefc8f2e366746a1c251888e6e686dd fuzz: Use ConsumeUInt256 helper to simplify rolling_bloom_filter fuzz test (MarcoFalke)
aaaa61fd306e25379e6222e31bf160a6eb04f74e fuzz: Speed up rolling_bloom_filter fuzz test (MarcoFalke)
Pull request description:
Without a size limit on the input data, the runtime is unbounded. Fix this by picking an upper bound on the maximum number of fuzz operations.
Reproducer from OSS-Fuzz (without bug report):
[clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log](https://github.com/bitcoin/bitcoin/files/6822159/clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log)
ACKs for top commit:
practicalswift:
cr ACK faa86b71acefc8f2e366746a1c251888e6e686dd
theStack:
Concept and code review ACK faa86b71acefc8f2e366746a1c251888e6e686dd
Tree-SHA512: eace588509dfddb2ba97baf86379fa713fa6eb758184abff676cb95807ff8ff36905eeaddeba05665b8464c35c57e2138f88caec71cbfb255e546bbe76558da0
| -rw-r--r-- | src/test/fuzz/rolling_bloom_filter.cpp | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/test/fuzz/rolling_bloom_filter.cpp b/src/test/fuzz/rolling_bloom_filter.cpp index 07059cce76..3b33115e72 100644 --- a/src/test/fuzz/rolling_bloom_filter.cpp +++ b/src/test/fuzz/rolling_bloom_filter.cpp @@ -16,12 +16,16 @@ FUZZ_TARGET(rolling_bloom_filter) { + // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on + // inputs. + int limit_max_ops{3000}; + FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); CRollingBloomFilter rolling_bloom_filter{ fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 1000), 0.999 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max())}; - while (fuzzed_data_provider.remaining_bytes() > 0) { + while (--limit_max_ops >= 0 && fuzzed_data_provider.remaining_bytes() > 0) { CallOneOf( fuzzed_data_provider, [&] { @@ -32,13 +36,10 @@ FUZZ_TARGET(rolling_bloom_filter) assert(present); }, [&] { - const std::optional<uint256> u256 = ConsumeDeserializable<uint256>(fuzzed_data_provider); - if (!u256) { - return; - } - (void)rolling_bloom_filter.contains(*u256); - rolling_bloom_filter.insert(*u256); - const bool present = rolling_bloom_filter.contains(*u256); + const uint256 u256{ConsumeUInt256(fuzzed_data_provider)}; + (void)rolling_bloom_filter.contains(u256); + rolling_bloom_filter.insert(u256); + const bool present = rolling_bloom_filter.contains(u256); assert(present); }, [&] { |