Skip to content

[fuzz] fix minor fuzz bugs#14593

Merged
mattklein123 merged 2 commits intoenvoyproxy:masterfrom
asraa:filter-fuzz-bug
Jan 10, 2021
Merged

[fuzz] fix minor fuzz bugs#14593
mattklein123 merged 2 commits intoenvoyproxy:masterfrom
asraa:filter-fuzz-bug

Conversation

@asraa
Copy link
Contributor

@asraa asraa commented Jan 7, 2021
edited
Loading

Signed-off-by: Asra Ali asraa@google.com

Commit Message: Fixes minor fuzz bugs.

  • Add runtime loader
  • Add listenerMetadata() to context for WASM filter
  • Fix divide by zero bug caused by a runtime percent < 1 in admission control filter

Risk Level: Low
Testing: Added unit test for admission control fix
Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28401
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28696
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29233

@asraa
fix bugs
60c918e 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa requested a review from mattklein123 as a code owner January 7, 2021 15:45
jmarantz
jmarantz reviewed Jan 8, 2021
View reviewed changes
Copy link
Contributor

@jmarantz jmarantz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a couple of nits/clarifications

test/extensions/filters/http/admission_control/config_test.cc Outdated
NiceMock<Server::Configuration::MockFactoryContext> factory_context;
EXPECT_THROW_WITH_MESSAGE(admission_control_filter_factory.createFilterFactoryFromProtoTyped(
proto, "whatever", factory_context),
EnvoyException, "Success Rate Threshold cannot be less than one.");
Copy link
Contributor

@jmarantz jmarantz Jan 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah I see here that we are just worried about it being a small positive float. OK, then I'd write "less than 1.0".

Copy link
Contributor Author

@asraa asraa Jan 8, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep! A small positive float can eventually round down to a division by zero.

envoy/source/extensions/filters/http/admission_control/admission_control.cc

Line 145 in 846f27c

double probability = total_requests - successful_requests / config_->successRateThreshold();

The alternative is to round up in this division but I don't want to change behavior for reasonable values (above 1) OR take the max of 1 and this value.

envoy/source/extensions/filters/http/admission_control/admission_control.cc

Line 56 in 846f27c

return std::min<double>(pct, 100.0) / 100.0;

Copy link
Contributor Author

@asraa asraa Jan 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just looping @tonya11en @mattklein123
The bounds for threshold described here say [0, 1]. https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/admission_control_filter
Should it actually be (0, 1] to avoid undefined behavior -- and in practice should it be [0.01, 1.0] (which is what this fix provides, blocking success rate threshold below 1.0%?)

Copy link
Member

@mattklein123 mattklein123 Jan 10, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I think this is reasonable. 👍

@asraa
address comments
e9e3ee1 
Signed-off-by: Asra Ali <asraa@google.com>
@mattklein123 mattklein123 merged commit 8a4b701 into envoyproxy:master Jan 10, 2021
mpuncel added a commit to mpuncel/envoy that referenced this pull request Jan 12, 2021
@mpuncel
Merge branch 'master' into mpuncel/http2-hc-goaway
64cc217 
* master:
  http: support creating filters with match tree (envoyproxy#14430)
  [tls] Expose ServerContextImpl::selectTlsContext (envoyproxy#14592)
  docs: update ext_proc docs to reflect implementation status (envoyproxy#14636)
  filter manager: drop assert (envoyproxy#14633)
  kick off v1.18.0 (envoyproxy#14637)
  1.17.0 release (envoyproxy#14624)
  Implement request header processing in ext_proc (envoyproxy#14385)
  http: expose encoded headers/trailers via callbacks (envoyproxy#14544)
  [fuzz] fix minor fuzz bugs (envoyproxy#14593)
  rate limit: add computed descriptors (envoyproxy#14448)
  tools: fill in the required args for Api::Impl (envoyproxy#14554)
  Bump envoy-build to current images (envoyproxy#14608)

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmarantz jmarantz jmarantz approved these changes

@mattklein123 mattklein123 Awaiting requested review from mattklein123

Assignees

@jmarantz jmarantz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asraa @jmarantz @mattklein123