Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bug in validating unused bits #106771

Merged
merged 5 commits into from
Sep 3, 2024
Merged

Fix bug in validating unused bits #106771

merged 5 commits into from
Sep 3, 2024

Conversation

buyaa-n
Copy link
Member

@buyaa-n buyaa-n commented Aug 21, 2024

Fix bug in validating unused bits found with Base64Url fuzzer

The input that failed the fuzzer is Base64Url.IsValid("SM=") which supposed to return false, invalid input

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-memory
See info in area-owners.md if you want to be subscribed.

@buyaa-n buyaa-n mentioned this pull request Aug 21, 2024
Merged
@MihaZupan MihaZupan mentioned this pull request Aug 21, 2024
Open
@MihaZupan
Copy link
Member

Looks like there are still some unhandled cases: MihuBot/runtime-utils#562

// Base64UrlFuzzer
System.Exception: Expected=Done Actual=InvalidData
   at DotnetFuzzing.Assert.<Equal>g__Throw|0_0[T](T expected, T actual) in D:\a\runtime-utils\runtime-utils\Runner\runtime\src\libraries\Fuzzing\DotnetFuzzing\Assert.cs:line 18
   at DotnetFuzzing.Assert.Equal[T](T expected, T actual) in D:\a\runtime-utils\runtime-utils\Runner\runtime\src\libraries\Fuzzing\DotnetFuzzing\Assert.cs:line 14
   at DotnetFuzzing.Fuzzers.Base64UrlFuzzer.FuzzTarget(ReadOnlySpan`1 bytes) in D:\a\runtime-utils\runtime-utils\Runner\runtime\src\libraries\Fuzzing\DotnetFuzzing\Fuzzers\Base64UrlFuzzer.cs:line 109
   at SharpFuzz.Fuzzer.LibFuzzer.Run(ReadOnlySpanAction action, Boolean ignoreExceptions)
==8932== ERROR: libFuzzer: deadly signal
NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 1 CrossOver-; base unit: 122a96fbeb0d3493dcb52f34d0b7bfecbec11036
0x73,0xa,0x45,0x73,0xa,0xa,0x3d,0x3d,
s\012Es\012\012==
artifact_prefix='./'; Test unit written to Base64UrlFuzzer-artifact-2
Base64: cwpFcwoKPT0=

This was referenced Aug 21, 2024
Open
Open
Open
Closed
@MihaZupan
Copy link
Member

@MihuBot fuzz Base64Url -combineWith #106509

@MihuBot MihuBot mentioned this pull request Aug 22, 2024
Open
@buyaa-n
Copy link
Member Author

buyaa-n commented Aug 22, 2024

@MihuBot fuzz Base64Url -combineWith #106509

Its really cool that we can run a fuzzer with a given PR, thanks!

@MihuBot MihuBot mentioned this pull request Aug 22, 2024
Open
@buyaa-n @stephentoub
Update src/libraries/System.Private.CoreLib/src/System/Buffers/Text/B…
baf5a22 
…ase64Url/Base64UrlValidator.cs

Co-authored-by: Stephen Toub <stoub@microsoft.com>
@build-analysis build-analysis bot mentioned this pull request Sep 3, 2024
Open
3 tasks
@buyaa-n buyaa-n merged commit 4011912 into dotnet:main Sep 3, 2024
143 of 148 checks passed
@buyaa-n buyaa-n deleted the fix_validation branch September 3, 2024 22:02
@build-analysis build-analysis bot mentioned this pull request Sep 3, 2024
Closed
@buyaa-n
Copy link
Member Author

buyaa-n commented Sep 3, 2024

/backport to release/9.0

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 3, 2024

Started backporting to release/9.0: https://github.com/dotnet/runtime/actions/runs/10691347585

@github-actions github-actions bot mentioned this pull request Sep 3, 2024
Merged
4 tasks
radekdoulik pushed a commit to radekdoulik/runtime that referenced this pull request Sep 6, 2024
@buyaa-n @stephentoub @radekdoulik
Fix bug in validating unused bits (dotnet#106771)
c01d163 
* Fix bug in validating unused bits

* Fix another failure

* Update src/libraries/System.Private.CoreLib/src/System/Buffers/Text/Base64Url/Base64UrlValidator.cs

Co-authored-by: Stephen Toub <stoub@microsoft.com>

---------

Co-authored-by: Stephen Toub <stoub@microsoft.com>
jtschuster pushed a commit to jtschuster/runtime that referenced this pull request Sep 17, 2024
@buyaa-n @stephentoub @jtschuster
Fix bug in validating unused bits (dotnet#106771)
c8df0c3 
* Fix bug in validating unused bits

* Fix another failure

* Update src/libraries/System.Private.CoreLib/src/System/Buffers/Text/Base64Url/Base64UrlValidator.cs

Co-authored-by: Stephen Toub <stoub@microsoft.com>

---------

Co-authored-by: Stephen Toub <stoub@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephentoub stephentoub stephentoub approved these changes

@MihaZupan MihaZupan Awaiting requested review from MihaZupan

@tannergooding tannergooding Awaiting requested review from tannergooding

Assignees

@buyaa-n buyaa-n

Labels
area-System.Memory
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@buyaa-n @MihaZupan @stephentoub