From d243cd62ede205c0a45486b472809da9af6f508b Mon Sep 17 00:00:00 2001 From: Dhi Aurrahman Date: Wed, 5 Sep 2018 01:58:59 +0700 Subject: [PATCH] test: set to zero when start_time exceeds limit (#4328) When the RequestInfo start_time exceeds max limit, set to zero to avoid undefined behavior. Before this patch, utility's fromRequestInfo experienced similar error below: /usr/include/c++/5/chrono:176:67: runtime error: signed integer overflow: 9799832698963886 * 1000 cannot be represented in type 'long int' Fixes oss-fuzz issues: * https://oss-fuzz.com/v2/testcase-detail/5647641023610880 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10124) * https://oss-fuzz.com/v2/testcase-detail/5701824317751296 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10128) Risk Level: Low Testing: ASAN/UBSAN tests, corpus entries added. Signed-off-by: Dhi Aurrahman --- ...nimized-access_log_formatter_fuzz_test-5701824317751296 | 1 + ...case-minimized-header_parser_fuzz_test-5647641023610880 | 1 + test/fuzz/utility.h | 7 +++++-- 3 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 test/common/access_log/access_log_formatter_corpus/clusterfuzz-testcase-minimized-access_log_formatter_fuzz_test-5701824317751296 create mode 100644 test/common/router/header_parser_corpus/clusterfuzz-testcase-minimized-header_parser_fuzz_test-5647641023610880 diff --git a/test/common/access_log/access_log_formatter_corpus/clusterfuzz-testcase-minimized-access_log_formatter_fuzz_test-5701824317751296 b/test/common/access_log/access_log_formatter_corpus/clusterfuzz-testcase-minimized-access_log_formatter_fuzz_test-5701824317751296 new file mode 100644 index 000000000000..542c0daf722b --- /dev/null +++ b/test/common/access_log/access_log_formatter_corpus/clusterfuzz-testcase-minimized-access_log_formatter_fuzz_test-5701824317751296 @@ -0,0 +1 @@ +format: "%START_TIME(%f)%" request_info { start_time: 18446744073709551615 } diff --git a/test/common/router/header_parser_corpus/clusterfuzz-testcase-minimized-header_parser_fuzz_test-5647641023610880 b/test/common/router/header_parser_corpus/clusterfuzz-testcase-minimized-header_parser_fuzz_test-5647641023610880 new file mode 100644 index 000000000000..1251ede979a5 --- /dev/null +++ b/test/common/router/header_parser_corpus/clusterfuzz-testcase-minimized-header_parser_fuzz_test-5647641023610880 @@ -0,0 +1 @@ +headers_to_add { header { key: " " value: "%START_TIME(ÿ)%" } } request_info { start_time: 9799832698963886077 } diff --git a/test/fuzz/utility.h b/test/fuzz/utility.h index 6933b2313420..3c5fdf1158db 100644 --- a/test/fuzz/utility.h +++ b/test/fuzz/utility.h @@ -37,8 +37,11 @@ inline TestRequestInfo fromRequestInfo(const test::fuzz::RequestInfo& request_in TestRequestInfo test_request_info; test_request_info.metadata_ = request_info.dynamic_metadata(); // libc++ clocks don't track at nanosecond on OS X. - test_request_info.start_time_ = - SystemTime(std::chrono::microseconds(request_info.start_time() / 1000)); + const auto start_time = + std::numeric_limits::max() < request_info.start_time() + ? 0 + : request_info.start_time() / 1000; + test_request_info.start_time_ = SystemTime(std::chrono::microseconds(start_time)); if (request_info.has_response_code()) { test_request_info.response_code_ = request_info.response_code().value(); }