LaconicNetwork/cosmos-sdk
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

fix: x/tx/signing/textual/IntValueRenderer.Parse: gracefully handle "" + fuzz (#15730)

Browse Source 
Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>
This commit is contained in:
Emmanuel T Odeke 2023-04-07 07:19:38 -07:00 committed by GitHub
parent df161c214c
commit 7c068afa6f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
x/tx/CHANGELOG.md
View File

@ -36,6 +36,10 @@ Ref: https://keepachangelog.com/en/1.0.0/
* [#15581](https://github.com/cosmos/cosmos-sdk/pull/15581) `GetSignersOptions` and `directaux.SignModeHandlerOptions` now
require a `signing.ProtoFileResolver` interface instead of `protodesc.Resolver`.
### Bug Fixes
* (signing/textual) [#15730](https://github.com/cosmos/cosmos-sdk/pull/15730) make IntValueRenderer.Parse: gracefully handle "" + fuzz
## v0.4.0
### API Breaking
@ -48,4 +52,4 @@ require a `signing.ProtoFileResolver` interface instead of `protodesc.Resolver`.
* [#15302](https://github.com/cosmos/cosmos-sdk/pull/15302) Add support for a custom registry (e.g. gogo's MergedRegistry) to be plugged into SIGN_MODE_TEXTUAL.
* [#15557](https://github.com/cosmos/cosmos-sdk/pull/15557) Implement unknown field filtering.
* [#15515](https://github.com/cosmos/cosmos-sdk/pull/15515) Implement SIGN_MODE_LEGACY_AMINO_JSON handler.
* [#15515](https://github.com/cosmos/cosmos-sdk/pull/15515) Implement SIGN_MODE_LEGACY_AMINO_JSON handler.

30
x/tx/signing/textual/fuzz_test.go Normal file
View File

@ -0,0 +1,30 @@
package textual_test
import (
"context"
"testing"
"cosmossdk.io/x/tx/signing/textual"
)
func FuzzIntValueRendererParse(f *testing.F) {
if testing.Short() {
f.Skip()
}
// 1. Firstly add some seeds
f.Add("10.11")
f.Add("-10.11")
f.Add("0.999999")
f.Add(".999999")
f.Add("1'000.999999")
f.Add("1'000'111")
f.Add("340'282'366'920'938'463'463'374'607'431'768'211'455")
// 2. Next setup and run the fuzzer.
ivr := textual.NewIntValueRenderer(fieldDescriptorFromName("UINT64"))
ctx := context.Background()
f.Fuzz(func(t *testing.T, input string) {
_, _ = ivr.Parse(ctx, []textual.Screen{{Content: input}})
})
}

5
x/tx/signing/textual/int.go
View File

@ -2,6 +2,7 @@ package textual
import (
"context"
"errors"
"fmt"
"strconv"
"strings"
@ -79,6 +80,10 @@ func (vr intValueRenderer) Parse(_ context.Context, screens []Screen) (protorefl
// parseInt parses a value-rendered string into an integer
func parseInt(v string) (string, error) {
if len(v) == 0 {
return "", errors.New("expecting a non-empty string")
}
sign := ""
if v[0] == '-' {
sign = "-"