highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-04-08 03:59:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

fuzz: in FuzzedSock::GetSockName(), return a random-length name

Browse Source 
ConsumeData() will always try to return a name as long as the requested size. It is more useful, and
closer to how `getsockname` would actually behave in reality, to return a random length name
instead.

This was hindering coverage in the PCP fuzz target as the addr len was set to the size of the
sockaddr_in struct and would exhaust all the provided data from the fuzzer.

Thanks to Marco Fleon for suggesting this.

Co-Authored-by: marcofleon <marleo23@proton.me>
This commit is contained in:
Antoine Poinsot 2025-02-12 11:17:55 -05:00
parent 0d472c1953
commit 1695c8ab5b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/test/fuzz/util/net.cpp
View File

@ -358,8 +358,10 @@ int FuzzedSock::GetSockName(sockaddr* name, socklen_t* name_len) const
return -1;
}
assert(name_len);
*name_len = m_fuzzed_data_provider.ConsumeData(name, *name_len);
if (*name_len < (int)sizeof(sockaddr)) return -1;
const auto bytes{ConsumeRandomLengthByteVector(m_fuzzed_data_provider, *name_len)};
if (bytes.size() < (int)sizeof(sockaddr)) return -1;
std::memcpy(name, bytes.data(), bytes.size());
*name_len = bytes.size();
return 0;
}