Merge #21617: fuzz: Fix uninitialized read in i2p test

MarcoFalke · MarcoFalke · commit 6154291cf9ab · 2021-04-07T10:39:27.000+02:00
3333375 fuzz: Fix uninitialized read in test (MarcoFalke) Pull request description: Can be tested with: ``` ./test/fuzz/test_runner.py -l DEBUG --valgrind ../btc_qa_assets/fuzz_seed_corpus/ i2p ``` ``` ==22582== Conditional jump or move depends on uninitialised value(s) ==22582== at 0x6BB2D8: __sanitizer_cov_trace_const_cmp1 (in /tmp/bitcoin-core/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz) ==22582== by 0xB305DB: ConnectSocketDirectly(CService const&, Sock const&, int, bool) (netbase.cpp:570) ==22582== by 0x8AAA5D: i2p::sam::Session::Hello() const (i2p.cpp:284) ==22582== by 0x8A6FA0: i2p::sam::Session::CreateIfNotCreatedAlready() (i2p.cpp:352) ==22582== by 0x8A6742: i2p::sam::Session::Listen(i2p::Connection&) (i2p.cpp:134) ==22582== by 0x7A6C42: i2p_fuzz_target(Span<unsigned char const>) (i2p.cpp:37) ACKs for top commit: sipa: utACK 3333375 vasild: ACK 3333375 Tree-SHA512: 36073582b26b541324b3e55f3fd4a44abf89cb3081f36d361525daf8c27602fbc25f736510ec30df7cb4ca0c4e395e8d8a60f531bf6af358b5a3e65dbabf72c0
diff --git a/src/test/fuzz/util.cpp b/src/test/fuzz/util.cpp
@@ -7,6 +7,14 @@
 #include <util/rbf.h>
 #include <version.h>
 
+bool FuzzedSock::Wait(std::chrono::milliseconds timeout, Event requested, Event* occurred ) const
+{
+    if (!m_fuzzed_data_provider.ConsumeBool()) {
+        return false;
+    }
+    if (occurred) *occurred = 0;
+    return true;
+}
 
 void FillNode(FuzzedDataProvider& fuzzed_data_provider, CNode& node, bool init_version) noexcept
 {
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
@@ -738,12 +738,10 @@ class FuzzedSock : public Sock
         return 0;
     }
 
-    bool Wait(std::chrono::milliseconds timeout, Event requested, Event* occurred = nullptr) const override
-    {
-        return m_fuzzed_data_provider.ConsumeBool();
-    }
+    bool Wait(std::chrono::milliseconds timeout, Event requested, Event* occurred = nullptr) const override;
 
-    bool IsConnected(std::string& errmsg) const override {
+    bool IsConnected(std::string& errmsg) const override
+    {
         if (m_fuzzed_data_provider.ConsumeBool()) {
             return true;
         }

Original file line number	Diff line number	Diff line change
`@@ -738,12 +738,10 @@ class FuzzedSock : public Sock`
`738`	`738`	`return 0;`
`739`	`739`	`}`
`740`	`740`
`741`		`- bool Wait(std::chrono::milliseconds timeout, Event requested, Event* occurred = nullptr) const override`
`742`		`- {`
`743`		`- return m_fuzzed_data_provider.ConsumeBool();`
`744`		`- }`
	`741`	`+ bool Wait(std::chrono::milliseconds timeout, Event requested, Event* occurred = nullptr) const override;`
`745`	`742`
`746`		`- bool IsConnected(std::string& errmsg) const override {`
	`743`	`+ bool IsConnected(std::string& errmsg) const override`
	`744`	`+ {`
`747`	`745`	`if (m_fuzzed_data_provider.ConsumeBool()) {`
`748`	`746`	`return true;`
`749`	`747`	`}`