Chiebot-Mirror
/
grpc
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[fix] Prevent a signed integer overflow in timeout_encoding.cc (#32432)

Browse Source 
Return `Timeout(kMaxHours, Unit::kHours)` if the value is about to
overflow in `DivideRoundingUp`.

<!--

If you know who should review your pull request, please assign it to
that
person, otherwise the pull request would get assigned randomly.

If your pull request is for a specific language, please add the
appropriate
lang label.

-->
pull/32439/head
Yijie Ma 2 years ago committed by GitHub
parent 4b05dc88b7
commit bdea76728b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      src/core/lib/transport/timeout_encoding.cc
  2. 6
      test/core/end2end/fuzzers/client_fuzzer.cc
  3. BIN
      test/core/end2end/fuzzers/client_fuzzer_corpus/testcase-5371891407519744

7
src/core/lib/transport/timeout_encoding.cc
Unescape View File

@ -20,6 +20,8 @@
#include "src/core/lib/transport/timeout_encoding.h"
#include <limits>
#include "absl/base/attributes.h"
#include <grpc/support/log.h>
@ -30,7 +32,7 @@ namespace grpc_core {
namespace {
int64_t DivideRoundingUp(int64_t dividend, int64_t divisor) {
return (dividend + divisor - 1) / divisor;
return (dividend - 1 + divisor) / divisor;
}
constexpr int64_t kSecondsPerMinute = 60;
@ -173,6 +175,9 @@ Timeout Timeout::FromMillis(int64_t millis) {
} else if (millis < 100000) {
int64_t value = DivideRoundingUp(millis, 100);
if (value % 10 != 0) return Timeout(value, Unit::kHundredMilliseconds);
} else if (millis > std::numeric_limits<int64_t>::max() - 999) {
// prevent signed integer overflow.
return Timeout(kMaxHours, Unit::kHours);
}
return Timeout::FromSeconds(DivideRoundingUp(millis, 1000));
}

6
test/core/end2end/fuzzers/client_fuzzer.cc
Unescape View File

@ -25,6 +25,7 @@
#include "absl/status/statusor.h"
#include "absl/strings/str_format.h"
#include "absl/types/optional.h"
#include <grpc/byte_buffer.h>
#include <grpc/grpc.h>
@ -38,6 +39,7 @@
#include "src/core/lib/channel/channel_args_preconditioning.h"
#include "src/core/lib/config/core_configuration.h"
#include "src/core/lib/gprpp/crash.h"
#include "src/core/lib/gprpp/env.h"
#include "src/core/lib/gprpp/ref_counted_ptr.h"
#include "src/core/lib/iomgr/endpoint.h"
#include "src/core/lib/iomgr/exec_ctx.h"
@ -59,7 +61,9 @@ static void* tag(intptr_t t) { return reinterpret_cast<void*>(t); }
static void dont_log(gpr_log_func_args* /*args*/) {}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
if (squelch) gpr_set_log_function(dont_log);
if (squelch && !grpc_core::GetEnv("GRPC_TRACE_FUZZER").has_value()) {
gpr_set_log_function(dont_log);
}
grpc_init();
{
grpc_core::ExecCtx exec_ctx;

BIN
test/core/end2end/fuzzers/client_fuzzer_corpus/testcase-5371891407519744
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save