tests: Avoid hitting some known minor tinyformat issues when fuzzing strprintf(...) #18109

practicalswift commented at 5:09 PM on February 10, 2020: contributor

Avoid hitting some known minor tinyformat issues when fuzzing strprintf(...). These can be removed when the issues have been resolved upstreams :)

Note to reviewers: The %c and %* issues are also present for %<some junk>c and %<some junk>*. That is why simply matching on "%c" or "%*" is not enough. Note that the intentionally trivial skipping logic overshoots somewhat (c[…]% is filtered in addition to %[…]c).

fanquake added the label Utils/log/libs on Feb 10, 2020

practicalswift force-pushed on Feb 10, 2020

fanquake removed the label Utils/log/libs on Feb 10, 2020

fanquake added the label Tests on Feb 10, 2020

practicalswift force-pushed on Feb 10, 2020

in src/test/fuzz/strprintf.cpp:122 in 7f82eec0c5 outdated

 114 | @@ -115,28 +115,50 @@ void test_one_input(const std::vector<uint8_t>& buffer)
 115 |          case 5:
 116 |              (void)strprintf(format_string, fuzzed_data_provider.ConsumeBool());
 117 |              break;
 118 | -        case 6:
 119 | +        }
 120 | +    } catch (const tinyformat::format_error&) {
 121 | +    }
 122 | +
 123 | +    if (format_string.find("%") != std::string::npos && format_string.find("c") != std::string::npos) {

theStack commented at 12:03 PM on February 12, 2020:

This not just matches %<some junk>c, but also c<some junk>%, since both searches start from the begin of the format string. To correct that you'd need to save the found position of the % (=return value of the first .find()) and pass it to the search for the c (=second parameter of the second .find()). Given that if I understood your intention correctly ;-) Also, a tiny nit: could use the overloaded version of .find() which takes a char as first parameter instead of passing strings with length 1, see http://www.cplusplus.com/reference/string/string/find/ (probably more efficient).

practicalswift commented at 12:32 PM on February 12, 2020:

See comment below :)

in src/test/fuzz/strprintf.cpp:129 in 7f82eec0c5 outdated

 125 | +        // * strprintf("%c", 1.31783e+38);
 126 | +        // tinyformat.h:244:36: runtime error: 1.31783e+38 is outside the range of representable values of type 'char'
 127 | +        return;
 128 | +    }
 129 | +
 130 | +    if (format_string.find("%") != std::string::npos && format_string.find("*") != std::string::npos) {

theStack commented at 12:07 PM on February 12, 2020:

See my review comment above (matching logic and as micro-nit using .find()-version with char as first parameter).

theStack commented at 12:12 PM on February 12, 2020: member

I usually avoid to do code-reviews before I can give at least "Concept ACK". In this case I unfortunately don't have enough clue about the details of fuzzing, but saw that the matching logic doesn't correspond to the desired effect in the PR description. Hope that's still okay and helpful.

practicalswift commented at 12:31 PM on February 12, 2020: contributor

@theStack Thanks for the review! I'll address the nit about .find(char). The skipping logic is intentional - I wanted to keep it as simple as possible and the overshoot (that c[…]% is matched in addition to %[…]c) doesn't matter in practice. I'm happy to change that if proven wrong or if anyone cares strongly :) Regardless I'll update the PR description to make the intention more clear. Again, thanks for reviewing!

tests: Avoid hitting some known minor tinyformat issues when fuzzing strprintf(...) 470e2ac602

practicalswift force-pushed on Feb 12, 2020

MarcoFalke merged this on Mar 5, 2020

MarcoFalke closed this on Mar 5, 2020

sidhujag referenced this in commit 10ee0af531 on Mar 7, 2020

sidhujag referenced this in commit e21ca4a152 on Nov 10, 2020

deadalnix referenced this in commit 69aed0c331 on Jan 19, 2021

practicalswift deleted the branch on Apr 10, 2021

PastaPastaPasta referenced this in commit 2388159c5b on Apr 3, 2022

DrahtBot locked this on Aug 18, 2022