From 76141fe8a80fdfd8b6b24c87895d05359fcc6ee1 Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Sun, 25 Jul 2021 12:34:48 +0200 Subject: [PATCH] Merge bitcoin/bitcoin#22453: fuzz: Limit max ops in rolling_bloom_filter fuzz target faa86b71acefc8f2e366746a1c251888e6e686dd fuzz: Use ConsumeUInt256 helper to simplify rolling_bloom_filter fuzz test (MarcoFalke) aaaa61fd306e25379e6222e31bf160a6eb04f74e fuzz: Speed up rolling_bloom_filter fuzz test (MarcoFalke) Pull request description: Without a size limit on the input data, the runtime is unbounded. Fix this by picking an upper bound on the maximum number of fuzz operations. Reproducer from OSS-Fuzz (without bug report): [clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log](https://github.com/bitcoin/bitcoin/files/6822159/clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log) ACKs for top commit: practicalswift: cr ACK faa86b71acefc8f2e366746a1c251888e6e686dd theStack: Concept and code review ACK faa86b71acefc8f2e366746a1c251888e6e686dd Tree-SHA512: eace588509dfddb2ba97baf86379fa713fa6eb758184abff676cb95807ff8ff36905eeaddeba05665b8464c35c57e2138f88caec71cbfb255e546bbe76558da0 --- src/test/fuzz/rolling_bloom_filter.cpp | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/test/fuzz/rolling_bloom_filter.cpp b/src/test/fuzz/rolling_bloom_filter.cpp index 2a08b45aa3..7e7c4cf428 100644 --- a/src/test/fuzz/rolling_bloom_filter.cpp +++ b/src/test/fuzz/rolling_bloom_filter.cpp @@ -16,12 +16,16 @@ FUZZ_TARGET(rolling_bloom_filter) { + // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on + // inputs. + int limit_max_ops{3000}; + FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); CRollingBloomFilter rolling_bloom_filter{ fuzzed_data_provider.ConsumeIntegralInRange(1, 1000), 0.999 / fuzzed_data_provider.ConsumeIntegralInRange(1, std::numeric_limits::max())}; - while (fuzzed_data_provider.remaining_bytes() > 0) { + while (--limit_max_ops >= 0 && fuzzed_data_provider.remaining_bytes() > 0) { CallOneOf( fuzzed_data_provider, [&] { @@ -32,13 +36,10 @@ FUZZ_TARGET(rolling_bloom_filter) assert(present); }, [&] { - const std::optional u256 = ConsumeDeserializable(fuzzed_data_provider); - if (!u256) { - return; - } - (void)rolling_bloom_filter.contains(*u256); - rolling_bloom_filter.insert(*u256); - const bool present = rolling_bloom_filter.contains(*u256); + const uint256 u256{ConsumeUInt256(fuzzed_data_provider)}; + (void)rolling_bloom_filter.contains(u256); + rolling_bloom_filter.insert(u256); + const bool present = rolling_bloom_filter.contains(u256); assert(present); }, [&] {