Bitcoin: -fsanitize=integer๋กœ ํผ์ง•ํ•  ๋•Œ UBsan ๊ฒฝ๊ณ 

์— ๋งŒ๋“  2020๋…„ 08์›” 07์ผ  ยท  3์ฝ”๋ฉ˜ํŠธ  ยท  ์ถœ์ฒ˜: bitcoin/bitcoin

process_messages ํ•˜๋„ค์Šค๋ฅผ -fsanitize=integer ํผ์ง€ํ•˜๊ณ  ubsan ์–ต์ œ ํŒŒ์ผ์„ ์‚ฌ์šฉํ•˜๋„๋ก ์ฃผ์˜ํ•˜๋ฉด ๋‹ค์Œ๊ณผ ๊ฐ™์€ ์ถฉ๋Œ์ด ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค.

INFO: Seed: 2176449341
INFO: Loaded 1 modules   (204269 inline 8-bit counters): 204269 [0x555d1700aeb0, 0x555d1703cc9d), 
INFO: Loaded 1 PC tables (204269 PCs): 204269 [0x555d1703cca0,0x555d1735ab70), 
INFO:     7752 files found in /root/qa-assets/fuzz_seed_corpus/process_messages
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes
INFO: seed corpus: files: 7752 min: 1b max: 3984182b total: 71282676b rss: 81Mb
protocol.h:420:42: runtime error: implicit conversion from type 'int' of value -168430091 (32-bit, signed) to type 'unsigned int' changed the value to 4126537205 (32-bit, unsigned)
    #0 0x555d1630b5ff in CInv::IsGenTxMsg() const /root/bitcoin/src/./protocol.h:420:42
    #1 0x555d1630b5ff in ProcessMessage(CNode&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, CDataStream&, std::chrono::duration<long, std::ratio<1l, 1000000l> >, CChainParams const&, ChainstateManager&, CTxMemPool&, CConnman&, BanMan*, std::atomic<bool> const&) /root/bitcoin/src/net_processing.cpp:3696:25
    #2 0x555d1632d971 in PeerLogicValidation::ProcessMessages(CNode*, std::atomic<bool>&) /root/bitcoin/src/net_processing.cpp:3842:9
    #3 0x555d1632fec5 in non-virtual thunk to PeerLogicValidation::ProcessMessages(CNode*, std::atomic<bool>&) /root/bitcoin/src/net_processing.cpp
    #4 0x555d162a1f3e in ConnmanTestMsg::ProcessMessagesOnce(CNode&) /root/bitcoin/src/./test/util/net.h:26:56
    #5 0x555d162a1f3e in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) /root/bitcoin/src/test/fuzz/process_messages.cpp:74:21
    #6 0x555d16954bd6 in LLVMFuzzerTestOneInput /root/bitcoin/src/test/fuzz/fuzz.cpp:45:5
    #7 0x555d16231751 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/bitcoin/src/test/fuzz/process_messages+0x649751)
    #8 0x555d16230e95 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/root/bitcoin/src/test/fuzz/process_messages+0x648e95)
    #9 0x555d162337b7 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/root/bitcoin/src/test/fuzz/process_messages+0x64b7b7)
    #10 0x555d16233b19 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/root/bitcoin/src/test/fuzz/process_messages+0x64bb19)
    #11 0x555d162227ee in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/bitcoin/src/test/fuzz/process_messages+0x63a7ee)
    #12 0x555d1624b632 in main (/root/bitcoin/src/test/fuzz/process_messages+0x663632)
    #13 0x7f247597fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #14 0x555d161f7569 in _start (/root/bitcoin/src/test/fuzz/process_messages+0x60f569)

SUMMARY: UndefinedBehaviorSanitizer: implicit-integer-sign-change protocol.h:420:42 in 
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0x6e,0x6f,0x74,0x66,0x6f,0x75,0x6e,0x64,0x0,0x1,0x7f,0x99,0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xa5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0xf5,0x99,0x99,0x99,0x99,0x99,0x99,0x99,0x99,0x99,0x99,0x99,0x99,0xdc,0x1,0x7c,0x0,0x0,0x0,0x0,0x0,0x0,0xc0,
notfound\x00\x01\x7f\x99\x02\x00\x00\x00\x00\x00\x00\x00\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\xf5\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\x99\xdc\x01|\x00\x00\x00\x00\x00\x00\xc0
artifact_prefix='./'; Test unit written to ./crash-6d18289c14a3cab8896d942d6c4021b2b6895a1e
Base64: bm90Zm91bmQAAX+ZAgAAAAAAAAClpaWlpaWlpaWlpaWlpaWlpaX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX1mZmZmZmZmZmZmZmZ3AF8AAAAAAAAwA==

type ๊ฐ€ int ์ด๊ณ  ๋น„๊ต์—์„œ ๋ณ€ํ™˜๋˜๊ธฐ ๋•Œ๋ฌธ์— ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค. ๋‚˜๋Š” type ๊ฐ€ uint32_t type ์ด์–ด์•ผ ํ•œ๋‹ค๊ณ  ์ƒ๊ฐํ•˜์ง€๋งŒ ์ด๊ฒƒ์ด ๋Œ€์‹  ์–ต์ œ๋˜์–ด์•ผ ํ•˜๋Š”์ง€ ํ™•์ธํ•˜๊ธฐ ์œ„ํ•ด ๋ฌธ์ œ๋ฅผ ๋งŒ๋“ค ๊ฒƒ์ด๋ผ๊ณ  ๋Š๊ผˆ์Šต๋‹ˆ๋‹ค. :).
https://github.com/bitcoin/bitcoin/blob/a78742830aa35bf57bcb0a4730977a1e5a1876bc/src/protocol.h#L420

picture Crypt-iQ
👍1

๊ฐ€์žฅ ์œ ์šฉํ•œ ๋Œ“๊ธ€

@Crypt-iQ์˜ ๊ฒฐ๊ณผ๋ฅผ ํผ์ง•ํ•˜๊ณ  ๋ณด๊ณ ํ•ด ์ฃผ์…”์„œ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค!

picture practicalswift ์— 2020๋…„ 08์›” 27์ผ
👍2

๋ชจ๋“  3 ๋Œ“๊ธ€

์ด๊ฒƒ์€ ์—ฌ๊ธฐ์—์„œ ๋ฐœ์ƒํ•ฉ๋‹ˆ๋‹ค:
https://github.com/bitcoin/bitcoin/blob/6d8543504d8c5bde1d12a3c60407dee44d2c8e11/src/net_processing.cpp#L3719 -L3727

vInv ๋Š” CInv ์Œ์ˆ˜ type vInv ๋กœ ์ฑ„์›Œ์ง€๊ณ  IsGenTxMsg ๋Š” ์•ฝ๊ฐ„ ๋” ๋‚ฎ๊ฒŒ ํ˜ธ์ถœ๋ฉ๋‹ˆ๋‹ค. ์‚ฌ๋žŒ๋“ค์ด ๊ฒ€์ƒ‰ํ•  ํ•„์š”๊ฐ€ ์—†๋„๋ก ๋ณด๋‹ค ์ •ํ™•ํ•˜๊ฒŒ ํ•˜๊ธฐ ์œ„ํ•จ์ž…๋‹ˆ๋‹ค.

Crypt-iQ picture Crypt-iQ ์— 2020๋…„ 08์›” 08์ผ
👍1

์ข‹์€ ๋ฐœ๊ฒฌ!

jonatack picture jonatack ์— 2020๋…„ 08์›” 25์ผ
🚀1

@Crypt-iQ์˜ ๊ฒฐ๊ณผ๋ฅผ ํผ์ง•ํ•˜๊ณ  ๋ณด๊ณ ํ•ด ์ฃผ์…”์„œ ๊ฐ์‚ฌํ•ฉ๋‹ˆ๋‹ค!

practicalswift picture practicalswift ์— 2020๋…„ 08์›” 27์ผ
👍2
์ด ํŽ˜์ด์ง€๊ฐ€ ๋„์›€์ด ๋˜์—ˆ๋‚˜์š”?
0 / 5 - 0 ๋“ฑ๊ธ‰

๊ด€๋ จ ๋ฌธ์ œ

praxeology-guy picture praxeology-guy  ยท  3์ฝ”๋ฉ˜ํŠธ
laanwj picture laanwj  ยท  3์ฝ”๋ฉ˜ํŠธ
MattyAB picture MattyAB  ยท  3์ฝ”๋ฉ˜ํŠธ
cruxby picture cruxby  ยท  3์ฝ”๋ฉ˜ํŠธ
askmike picture askmike  ยท  3์ฝ”๋ฉ˜ํŠธ