[openssl/openssl] 4f619c: Ensure cmd from fuzz buffer is always valid
Neil Horman
noreply at github.com
Tue Jul 23 13:11:59 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 4f619ca622b6c36626ddc9a04b0b8589d7802dc0
https://github.com/openssl/openssl/commit/4f619ca622b6c36626ddc9a04b0b8589d7802dc0
Author: Neil Horman <nhorman at openssl.org>
Date: 2024-07-23 (Tue, 23 Jul 2024)
Changed paths:
M fuzz/quic-srtm.c
Log Message:
-----------
Ensure cmd from fuzz buffer is always valid
The quic-srtm fuzzer uses a loop in which an integer command is
extracted from the fuzzer buffer input to determine the action to take,
switching on the values between 0 and 3, and ignoring all other
commands. Howver in the failing fuzzer test case here:
https://oss-fuzz.com/testcase-detail/5618331942977536
The buffer provided shows a large number of 0 values (indicating an SRTM
add command), and almost no 1, 2, or 3 values. As such, the fuzzer only
truly exercises the srtm add path, which has the side effect of growing
the SRTM hash table unboundedly, leading to a timeout when 10 entries
need to be iterated over when the hashtable doall command is executed.
Fix this by ensuring that the command is always valid, and reasonably
distributed among all the operations with some modulo math.
Introducing this change bounds the hash table size in the reproducer
test case to less than half of the initially observed size, and avoids
the timeout.
Fixes openssl/project#679
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24827)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list