Merge bitcoin/bitcoin#22453: fuzz: Limit max ops in rolling_bloom_filter fuzz target

MarcoFalke · MarcoFalke · commit 2aa937e97af6 · 2021-07-25T12:34:55.000+02:00
faa86b7 fuzz: Use ConsumeUInt256 helper to simplify rolling_bloom_filter fuzz test (MarcoFalke) aaaa61f fuzz: Speed up rolling_bloom_filter fuzz test (MarcoFalke) Pull request description: Without a size limit on the input data, the runtime is unbounded. Fix this by picking an upper bound on the maximum number of fuzz operations. Reproducer from OSS-Fuzz (without bug report): [clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log](https://github.com/bitcoin/bitcoin/files/6822159/clusterfuzz-testcase-rolling_bloom_filter-5980807721254912.log) ACKs for top commit: practicalswift: cr ACK faa86b7 theStack: Concept and code review ACK faa86b7 Tree-SHA512: eace588509dfddb2ba97baf86379fa713fa6eb758184abff676cb95807ff8ff36905eeaddeba05665b8464c35c57e2138f88caec71cbfb255e546bbe76558da0
diff --git a/src/test/fuzz/rolling_bloom_filter.cpp b/src/test/fuzz/rolling_bloom_filter.cpp
@@ -16,12 +16,16 @@
 
 FUZZ_TARGET(rolling_bloom_filter)
 {
+    // Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
+    // inputs.
+    int limit_max_ops{3000};
+
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
 
     CRollingBloomFilter rolling_bloom_filter{
         fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 1000),
         0.999 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max())};
-    while (fuzzed_data_provider.remaining_bytes() > 0) {
+    while (--limit_max_ops >= 0 && fuzzed_data_provider.remaining_bytes() > 0) {
         CallOneOf(
             fuzzed_data_provider,
             [&] {
@@ -32,13 +36,10 @@ FUZZ_TARGET(rolling_bloom_filter)
                 assert(present);
             },
             [&] {
-                const std::optional<uint256> u256 = ConsumeDeserializable<uint256>(fuzzed_data_provider);
-                if (!u256) {
-                    return;
-                }
-                (void)rolling_bloom_filter.contains(*u256);
-                rolling_bloom_filter.insert(*u256);
-                const bool present = rolling_bloom_filter.contains(*u256);
+                const uint256 u256{ConsumeUInt256(fuzzed_data_provider)};
+                (void)rolling_bloom_filter.contains(u256);
+                rolling_bloom_filter.insert(u256);
+                const bool present = rolling_bloom_filter.contains(u256);
                 assert(present);
             },
             [&] {
