fuzz: fixes oss-fuzz: 8363#3905
fuzz: fixes oss-fuzz: 8363#3905zuercher merged 4 commits intoenvoyproxy:masterfrom anirudhmurali:oss-fuzz-8363
Conversation
Signed-off-by: Anirudh M <m.anirudh18@gmail.com>
source/common/protobuf/utility.h
Outdated
| default_value) \ | ||
| ((message).has_##field_name() \ | ||
| ((message).has_##field_name() && !std::isnan((message).field_name().value()) \ | ||
| ? ProtobufPercentHelper::convertPercent((message).field_name().value(), max_value) \ |
There was a problem hiding this comment.
I think this is fine to mitigate the issue today. The clean way to do this is to catch NaN in PGV annotations (i.e. https://github.com/envoyproxy/envoy/blob/master/api/envoy/type/percent.proto#L14, https://github.com/lyft/protoc-gen-validate/blob/master/validate/validate.proto#L98), the same way we validate the [0..100] range.
Can you file an issue for NaN validation at https://github.com/lyft/protoc-gen-validate and add a TODO comment here?
There was a problem hiding this comment.
Agreed, this would be a good validation to have in PGV - it's simple, self-contained, and generally useful.
There was a problem hiding this comment.
Thanks for filing the issue. I think you need a small change of behavior here. Instead of returning the default in NaN, it should throw EnvoyException(), to allow the NaN to be reflected back to the config pipeline.
Signed-off-by: Anirudh M <m.anirudh18@gmail.com>
Signed-off-by: Anirudh M <m.anirudh18@gmail.com>
source/common/protobuf/utility.h
Outdated
| ((message).has_##field_name() && !std::isnan((message).field_name().value()) \ | ||
| ? ProtobufPercentHelper::convertPercent((message).field_name().value(), max_value) \ | ||
| ((message).has_##field_name() \ | ||
| ? !std::isnan((message).field_name().value()) \ |
There was a problem hiding this comment.
I would flip the logic here to have the isnan case first.
source/common/protobuf/utility.h
Outdated
| ((message).has_##field_name() \ | ||
| ? !std::isnan((message).field_name().value()) \ | ||
| ? ProtobufPercentHelper::convertPercent((message).field_name().value(), max_value) \ | ||
| : throw EnvoyException(fmt::format("Value not in the range of 0..100 range.")) \ |
Signed-off-by: Anirudh M <m.anirudh18@gmail.com>
4 participants
Title: Fixes oss-fuzz: 8363
Description: oss-fuzz issue (8363): https://oss-fuzz.com/v2/testcase-detail/5988544525893632
The crash was because of passing
nantoEnvoy::ProtobufPercentHelper::convertPercent, it asserts since it is not in the numeric range. Instead of adding a check in this function, have added a check in the preprocessor so that it goes tocheckAndReturnDefaultand the default value is used.Have also added the crashing testcase to the corpus.
Risk Level: Low
Testing: Tested unit tests (bazel test //server:server_fuzz_test), built and ran fuzzers with oss-fuzz.
Signed-off-by: Anirudh M m.anirudh18@gmail.com