Merge bitcoin/bitcoin#24298: fuzz: Avoid unsigned integer overflow in FormatParagraph

fa2f7d005932bff9b7d27744ae517b9e7910df8d fuzz: Avoid unsigned integer overflow in FormatParagraph (MarcoFalke)

Pull request description:

  `FormatParagraph` is only ever called with compile time constant arguments, so I don't see the need for fuzzing it.

  Though, keep it for now, but avoid the unsigned integer overflow with this patch.

ACKs for top commit:
  laanwj:
    Code review ACK fa2f7d005932bff9b7d27744ae517b9e7910df8d

Tree-SHA512: 01fc64a9ef73c183921ca1b0cd8db9514c0a242e3acf215a3393f383ae129e01625ebb16eaf9cb86370eda62d0145c3dcf8f62e40edf5958abc1f777c5687280
This commit is contained in:
fanquake 2022-02-10 07:14:11 +00:00 committed by pasta
parent 6dc5497313
commit 7f0bdbda11
No known key found for this signature in database
GPG Key ID: 52527BEDABE87984
2 changed files with 3 additions and 1 deletions

View File

@ -45,7 +45,8 @@ void test_one_input(const std::vector<uint8_t>& buffer)
(void)CopyrightHolders(random_string_1, fuzzed_data_provider.ConsumeIntegral<unsigned int>(), fuzzed_data_provider.ConsumeIntegral<unsigned int>());
FeeEstimateMode fee_estimate_mode;
(void)FeeModeFromString(random_string_1, fee_estimate_mode);
(void)FormatParagraph(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000));
const auto width{fuzzed_data_provider.ConsumeIntegralInRange<size_t>(1, 1000)};
(void)FormatParagraph(random_string_1, width, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, width));
(void)FormatSubVersion(random_string_1, fuzzed_data_provider.ConsumeIntegral<int>(), random_string_vector);
(void)GetDescriptorChecksum(random_string_1);
(void)HelpExampleCli(random_string_1, random_string_2);

View File

@ -384,6 +384,7 @@ bool ParseDouble(const std::string& str, double *out)
std::string FormatParagraph(const std::string& in, size_t width, size_t indent)
{
assert(width >= indent);
std::stringstream out;
size_t ptr = 0;
size_t indented = 0;