From 2398283ff6f1174dfdf1c32f14f72632d4781514 Mon Sep 17 00:00:00 2001 From: fanquake Date: Wed, 12 May 2021 11:02:25 +1000 Subject: [PATCH] Merge bitcoin/bitcoin#21922: fuzz: Avoid timeout in EncodeBase58 faa0d94a7d9cdd10e81ee231a7b06d4b14b37e13 fuzz: Avoid timeout in EncodeBase58 (MarcoFalke) Pull request description: The complexity is O(N^2), so limit the size. Hopefully fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34126 Oss-Fuzz testcase for `rpc` fuzzer: https://github.com/bitcoin/bitcoin/files/6461382/clusterfuzz-testcase-minimized-rpc-4831734974775296.log ACKs for top commit: practicalswift: cr ACK faa0d94a7d9cdd10e81ee231a7b06d4b14b37e13: patch looks correct sipa: utACK faa0d94a7d9cdd10e81ee231a7b06d4b14b37e13 Tree-SHA512: 57ad9de8d811b828982d09a586782fc8a62fa3685590301d58120e2249caa30a9dccd3abe0b47e00ea8482de705fe0edbed298ab8761ea0d29496b50ed2db5d7 --- src/test/fuzz/rpc.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/test/fuzz/rpc.cpp b/src/test/fuzz/rpc.cpp index cbe5de6d52..3657294349 100644 --- a/src/test/fuzz/rpc.cpp +++ b/src/test/fuzz/rpc.cpp @@ -174,6 +174,7 @@ const std::vector RPC_COMMANDS_SAFE_FOR_FUZZING{ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider) { const size_t max_string_length = 4096; + const size_t max_base58_bytes_length{64}; std::string r; CallOneOf( fuzzed_data_provider, @@ -227,11 +228,11 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider) }, [&] { // base58 argument - r = EncodeBase58(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length))); + r = EncodeBase58(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_base58_bytes_length))); }, [&] { // base58 argument with checksum - r = EncodeBase58Check(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length))); + r = EncodeBase58Check(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_base58_bytes_length))); }, [&] { // hex encoded block