mirror of https://github.com/bitcoin/bitcoin.git synced 2025-05-28 12:50:17 +02:00

History

Merge #18009 : tests: Add fuzzing harness for strprintf(…)

cc668d06fb71463fd406df761b0e89e25d4de968 tests: Add fuzzing harness for strprintf(...) (practicalswift)
ccc3c76e2b5d28a2372ae5752c08256396bf43e6 tests: Add fuzzer strprintf to FUZZERS_MISSING_CORPORA (temporarily) (practicalswift)
6ef04912af7f216f3112e0e9919f67e36415a792 tests: Update FuzzedDataProvider.h from upstream (LLVM) (practicalswift)

Pull request description:

  Add fuzzing harness for `strprintf(…)`.

  Update `FuzzedDataProvider.h`.

  Avoid hitting some issues in tinyformat (reported upstreams in https://github.com/c42f/tinyformat/issues/70).

  ---

  Found issues in tinyformat:

  **Issue 1.** The following causes a signed integer overflow followed by an allocation of 9 GB of RAM (or an OOM in memory constrained environments):

  ```
  strprintf("%.777777700000000$", 1.0);
  ```

  **Issue 2.** The following causes a stack overflow:

  ```
  strprintf("%987654321000000:", 1);
  ```

  **Issue 3.** The following causes a stack overflow:

  ```
  strprintf("%1$*1$*", -11111111);
  ```

  **Issue 4.** The following causes a `NULL` pointer dereference:

  ```
  strprintf("%.1s", (char *)nullptr);
  ```

  **Issue 5.** The following causes a float cast overflow:

  ```
  strprintf("%c", -1000.0);
  ```

  **Issue 6.** The following causes a float cast overflow followed by an invalid integer negation:

  ```
  strprintf("%*", std::numeric_limits<double>::lowest());
  ```

Top commit has no ACKs.

Tree-SHA512: 9b765559281470f4983eb5aeca94bab1b15ec9837c0ee01a20f4348e9335e4ee4e4fecbd7a1a5a8ac96aabe0f9eeb597b8fc9a2c8faf1bab386e8225d5cdbc18

2020-01-31 02:56:49 +13:00

check-doc.py

test/contrib: Fix invalid escapes in regex strings

2019-09-03 14:38:38 -04:00

check-rpc-mappings.py

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

commit-script-check.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

extended-lint-all.sh

scripted-diff: Bump copyright of files changed in 2020

2020-01-15 02:18:00 +07:00

extended-lint-cppcheck.sh

scripted-diff: Bump copyright of files changed in 2020

2020-01-15 02:18:00 +07:00

git-subtree-check.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

lint-all.sh

Run all lint scripts

2019-05-16 16:42:59 +02:00

lint-assertions.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

lint-circular-dependencies.sh

Refactor: Copy CWallet signals and print function to LegacyScriptPubKeyMan

2020-01-23 16:35:08 -05:00

lint-filenames.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

lint-format-strings.py

Refactor: Copy CWallet signals and print function to LegacyScriptPubKeyMan

2020-01-23 16:35:08 -05:00

lint-format-strings.sh

tests: Add fuzzing harness for strprintf(...)

2020-01-27 21:31:42 +00:00

lint-include-guards.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

lint-includes.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

lint-locale-dependence.sh

Merge #17691 : doc: Add missed copyright headers

2020-01-16 15:58:35 -05:00

lint-logs.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

lint-python-mutable-default-parameters.sh

lint: Catch use of [] or {} as default parameter values in Python functions

2019-08-26 10:53:10 +00:00

lint-python-utf8-encoding.sh

lint: Make sure we read the command line inputs using utf-8 decoding in python

2018-09-02 21:40:51 +08:00

lint-python.sh

scripted-diff: Bump copyright of files changed in 2019

2019-12-30 10:42:20 +13:00

lint-qt.sh

test: Add lint to prevent SIGNAL/SLOT connect style

2018-08-21 09:43:55 +01:00

lint-rpc-help.sh

rpc: Documentation fixups

2018-11-15 12:19:11 -05:00

lint-shebang.sh

scripted-diff: Add missed copyright headers

2020-01-04 20:18:28 +02:00

lint-shell-locale.sh

macOS fix: Work around empty (sub)expression error when using BSD grep

2018-08-31 00:52:48 +02:00

lint-shell.sh

script: Enable SC2001 rule for Gitian scripts

2019-11-27 19:27:56 +02:00

lint-spelling.ignore-words.txt

doc: Fix some misspellings

2019-11-04 04:22:53 -05:00

lint-spelling.sh

2019-12-30 10:42:20 +13:00

lint-tests.sh

Obsolete #!/bin/bash shebang

2018-06-20 11:12:41 +03:00

lint-whitespace.sh

test: Avoid whitespace linting in qt translations

2019-09-30 09:55:54 +02:00

README.md

doc: Document that GNU tools are required for linters

2019-10-17 10:52:11 -04:00

README.md

This folder contains lint scripts.

check-doc.py

Check for missing documentation of command line options.

commit-script-check.sh

Verification of scripted diffs. Scripted diffs are only assumed to run on the latest LTS release of Ubuntu. Running them on other operating systems might require installing GNU tools, such as GNU sed.

git-subtree-check.sh

Run this script from the root of the repository to verify that a subtree matches the contents of the commit it claims to have been updated to.

To use, make sure that you have fetched the upstream repository branch in which the subtree is maintained:

for src/secp256k1: https://github.com/bitcoin-core/secp256k1.git (branch master)
for src/leveldb: https://github.com/bitcoin-core/leveldb.git (branch bitcoin-fork)
for src/univalue: https://github.com/bitcoin-core/univalue.git (branch master)
for src/crypto/ctaes: https://github.com/bitcoin-core/ctaes.git (branch master)

Usage: git-subtree-check.sh DIR (COMMIT)

COMMIT may be omitted, in which case HEAD is used.

lint-all.sh

Calls other scripts with the lint- prefix.