Skip to content

Update for oss-fuzz Issue 22106 #16405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
twghu wants to merge 78 commits into from
Closed

Update for oss-fuzz Issue 22106 #16405

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
78 commits
Select commit Hold shift + click to select a range
7dd9689
Update for oss-fuzz Issue 22106
twghu May 10, 2021
9375301
docs: record distroless images (#16359)
daixiang0 May 10, 2021
950dc9e
Update for oss-fuzz Issue 30088
twghu May 10, 2021
049bdb3
grid: Rename alternate_protocols_cache.{h,cc} to alternate_protocols_…
RyanTheOptimist May 11, 2021
5afbb4d
docs: Simplify api build (/cont) (#16417)
phlax May 11, 2021
3f3e684
Update for oss-fuzz Issue 30088, calculation of initial byte count
twghu May 11, 2021
5333b92
Implement handling of escaped slash characters in URL path
yanavlasov Apr 19, 2021
06c8d41
docs: follow up to #15926 (#16421)
alyssawilk May 12, 2021
c24cea7
dependabot: Updates (#16379)
phlax May 12, 2021
b57f187
Document that python3-pip is a build dependency. (#16409)
jpeach May 12, 2021
955f15d
bazel: unify msys (#16394)
daixiang0 May 12, 2021
db06665
docs: Update sphinx (#16413)
phlax May 12, 2021
38cec23
docs: Use repo role for repo links (#16455)
phlax May 12, 2021
55a23b2
bugfix: test fails to build on MacOS due to unused parameters (#16454)
goaway May 12, 2021
aaebda2
matching: disable hcm integration by default (#16387)
May 12, 2021
f97112c
bazel: add --config=docker-asan and --config=remote-tsan. (#16451)
PiotrSikora May 12, 2021
ce071f6
Update rules_apple (#16404)
vladmos May 12, 2021
c784d89
server: avoid flushing while a flush is in progress (#16370)
May 12, 2021
e7ddd61
docs: Fix bootstrap docs version link (#16457)
phlax May 12, 2021
bacffe4
remove trace drivers' dependency on HttpTracerImpl (#16244)
wbpcode May 12, 2021
80e1ca8
aws_request_signing_filter hash payload by default (#15846)
jstewmon May 12, 2021
3f57381
wasm: fix V8 build with --config={docker,remote}-msan. (#16452)
PiotrSikora May 12, 2021
0d3bf7f
test: Removing orphan type_util_test file (#16464)
adisuissa May 12, 2021
ff62ef1
dependabot: Updates (#16459)
phlax May 13, 2021
2443032
Revert "dependabot: Updates (#16459)" (#16483)
phlax May 13, 2021
874fb03
transport_sockets: removed well_known_names.h file (#16164)
daixiang0 May 14, 2021
8c59b6a
Workaround for CI gcc build error with long argument list (#16484)
yanavlasov May 14, 2021
55cfadd
dependabot: Updates (#16485)
phlax May 14, 2021
1f4ca4c
oauth: fix sds update (#16253)
Inode1 May 14, 2021
ae780e2
test: deflake upstream starttls integration test (#16436)
cpakulski May 14, 2021
6be425f
deps: update protobuf to 3.16.0 (#16390)
benjaminp May 16, 2021
beac1ec
HCM: add support for IP detection extensions (#14855)
May 16, 2021
41c1da4
docs: comment config extension (#16406)
daixiang0 May 17, 2021
43e9711
add defensive coding against None (for missing buildifier) in pre-com…
May 17, 2021
ea456cc
docs: update rotation to include watching envoy-ci (#16463)
alyssawilk May 17, 2021
50024c1
docs: Fix subtitle format (#16521)
luckyxiaoqiang May 17, 2021
c5833f2
redis cluster: fix ClusterSlot operator == (#16116)
gaoliangdut May 17, 2021
4d2e018
http: cleaning up obsolete grpc args (#16525)
alyssawilk May 17, 2021
69effc2
Fix bug in flaky test script (#16434)
May 17, 2021
1921053
dependabot: Updates (#16499)
phlax May 18, 2021
ea32578
tcp: switching to the new pool (#16465)
alyssawilk May 18, 2021
736375a
test: clean up upstream protocols (#16467)
alyssawilk May 18, 2021
5ad73cf
disable giant request/response tests under TSAN (#16533)
danzh2010 May 18, 2021
178c088
Allow http route and cluster metadata to contain typed metadata in An…
yanjunxiang-google May 18, 2021
964de6c
grid: Plumb the AlternateProtocolCache down to the grid from the Upst…
RyanTheOptimist May 18, 2021
1c7e3bf
fix mac build (#16514)
ramaraochavali May 18, 2021
196f849
Crash support: Restore crash context on filter's posted callback (#16…
KBaichoo May 18, 2021
3602cf3
coverage: bumping numbers (#16522)
alyssawilk May 18, 2021
80b5699
http: more tests for local reply and reset (#16526)
alyssawilk May 18, 2021
ea4cadc
xds: enable the `is_optional` field for HttpFilter (#16119)
soulxu May 18, 2021
84138f7
quiche: disable giant request/response test cases from quic_http_inte…
danzh2010 May 19, 2021
cc24391
docs: fix format issue (#16555)
daixiang0 May 19, 2021
8baff9a
quic: adjusting coverage (#16570)
alyssawilk May 19, 2021
92416be
http: remove HeaderUtility::addHeaders (duplicate). (#16509)
PiotrSikora May 19, 2021
5f3fbf6
examples: unify apt and cleanup unused installation (#16519)
daixiang0 May 19, 2021
67bfb7c
quic: use sds for upstream http/3 (#16462)
alyssawilk May 19, 2021
bf3e6a2
safe_memcpy_test: Explicit type for arguments of the vector construct…
rialg May 19, 2021
94d1137
quic: reduce socket option header exposure (#16541)
jpeach May 19, 2021
c468e57
http3: cleaning up TODO (#16547)
alyssawilk May 20, 2021
fe58023
PULL_REQUEST_TEMPLATE.md: hide example (#16538)
daixiang0 May 20, 2021
d304a2f
Fixing GRPC initial metadata validation (#16414)
omriz May 20, 2021
c307494
ext_proc: Support CONTINUE_AND_REPLACE from header callbacks (#16437)
gbrail May 20, 2021
17aa841
docker: Use entrypoint for distroless image (#16383)
phlax May 20, 2021
75aecf2
quic: improve coverage (#16569)
alyssawilk May 20, 2021
5218436
Added default connect_timeout in cluster config (#16453)
May 20, 2021
2b9fb47
test: fix merge brekage (#16597)
alyssawilk May 20, 2021
2174fd0
add a helper class for runtime-derived uint32 (#16398)
WeavingGao May 20, 2021
aee42fd
event: Remove obsolete runtime guard for 'envoy.reloadable_features.a…
antoniovicente May 20, 2021
c63cbab
Update ConfigDump documentation. (#16491)
paul-r-gall May 20, 2021
02f3162
bazel: add a few flags to --config=clang-msan. (#16603)
PiotrSikora May 20, 2021
25574b4
ci: exclude Google Test macros from clang-tidy (#16557)
jpeach May 21, 2021
5c28e95
Skip metadata processing after sending local reply (#16154)
GinYM May 21, 2021
b603923
docs: mark matching API and related features as alpha (#16210)
May 21, 2021
d520883
dependabot: Updates (#16566)
phlax May 21, 2021
807ff70
Update for oss-fuzz Issue 22106
twghu May 10, 2021
240e999
Update for oss-fuzz Issue 30088
twghu May 10, 2021
e0c65db
Update for oss-fuzz Issue 30088, calculation of initial byte count
twghu May 11, 2021
0748634
Merge branch 'issue-4709' of github.com:twghu/envoy into issue-4709
twghu May 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
192 changes: 192 additions & 0 deletions ...tp/codec_impl_corpus/clusterfuzz-testcase-minimized-codec_impl_fuzz_test-5766628005642240
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 7 additions & 1 deletion test/common/http/codec_impl_fuzz_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,13 @@ class HttpStream : public LinkedObject<HttpStream> {
}
}
// Perform the stream action.
directionalAction(request_, stream_action.request());
// The request_.request_encoder_ is initialized from the response_.response_decoder_.
// Fuzz test codec_impl_fuzz_test-5766628005642240 created a situation where the response
// stream was in closed state leading to the state.request_encoder_ in directionalAction()
// kData case no longer being a valid address.
if (response_.stream_state_ != HttpStream::StreamState::Closed) {
directionalAction(request_, stream_action.request());
}
break;
}
case test::common::http::StreamAction::kResponse: {
Expand Down
1 change: 1 addition & 0 deletions .../stat_merger_corpus/clusterfuzz-testcase-minimized-stat_merger_fuzz_test-5675276891717632
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions test/common/stats/stat_merger_fuzz_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ void testDynamicEncoding(absl::string_view data, SymbolTable& symbol_table) {
// segments, which trigger some inconsistent handling as described in that
// bug.
uint32_t num_bytes = (1 + data[index]) & 0x7;
if (index == 0 && num_bytes == 0) {

@antoniovicente antoniovicente May 11, 2021

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There seems to be an inconsistency between the line above and the comment before it. The code above generate num_bytes between 0 and 7, not 1 and 8.

https://github.com/envoyproxy/envoy/pull/10965/files#r629769284

@jmarantz jmarantz May 11, 2021

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are right; the code should be changed to reflect the comment. However it's not material to the problems in this fuzz test.

There's an outstanding PR that will fix it, however: #16239

@jessicayuen will you be able to push that forward?

I think the fix offered here is too aggressive; it doesn't just skip over the troublesome cases but completely stops the test on the passed-in corpus. It could just 'continue'.

@twghu twghu May 11, 2021

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change to initial byte count has resolved crash and removed need for additional testing of num_bytes.

return;

@antoniovicente antoniovicente May 11, 2021

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is num_bytes == 0 ok if index != 0 ?

@twghu twghu May 11, 2021

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was the specific fail case, it does seem logical that if the control byte yields a length of 0 then the specic segment is suspect regardless.

@twghu twghu May 11, 2021

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change to initial byte count has resolved crash and removed need for additional testing of num_bytes.

}

// Carve out the segment and use the 4th bit from the control-byte to
// determine whether to treat this segment symbolic or not.
Expand Down