Opened 2 years ago

Last modified 19 months ago

#21996 new enhancement

Should we treat BUG messages as fatal errors during fuzzing?

Reported by: Sebastian Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 031-deferred-20170425, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

While wondering why #21966 wasn't caught during consdiff code fuzzing, I noticed that in the C implementation failing to apply a generated diff is not a reason to assert, but rather an LD_BUG log message is generated. Unapplying the 21966 fix and fuzzing promptly leads to the discovery of that bug. I think it might make sense to ensure any BUG message that gets triggered fails an assertion if we're currently fuzzing?

Child Tickets

Change History (10)

comment:1 Changed 2 years ago by asn

That seems smart to me, if it doesn't require a huge code change.

comment:2 Changed 2 years ago by nickm

This could be a good idea, if we go through all the cases where there are BUG warnings and make sure that they are really supposed to be untriggerable on arbitrary inputs.

(I think that some places, we might do something like BUGing an attempt to compute a diff between things with a ".")

comment:3 Changed 2 years ago by Sebastian

I meant it more generally possibly, like asserting in log_fn_ if we're running under fuzzing and trigger an LD_BUG message (as well as fixing all cases where we're triggering a BUG message through fuzzing)

comment:4 Changed 2 years ago by teor

We might also want to do this in the unit tests, once we've removed all the BUG() messages in them. And maybe using chutney as well.

comment:5 Changed 2 years ago by nickm

Keywords: 031-deferred-20170425 added
Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final

Triage: batch-defer unowned items of priority Medium or lower to 0.3.2.

comment:6 Changed 2 years ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:7 Changed 21 months ago by nickm

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final
Type: defectenhancement

Label a bunch of (arguable and definite) enhancements as enhancements for 0.3.4.

comment:8 Changed 19 months ago by nickm

Keywords: 034-triage-20180328 added

comment:9 Changed 19 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:10 Changed 19 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.