Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzing VMs: Limit memory usage #923

Merged
merged 2 commits into from
Oct 29, 2024
Merged

Fuzzing VMs: Limit memory usage #923

merged 2 commits into from
Oct 29, 2024

Conversation

LuisPH3
Copy link
Contributor

@LuisPH3 LuisPH3 commented Oct 28, 2024

This PR adds a limit to the memory expansions generated by fuzzing tests. Nightly fuzzing has crashed a few times and the problem is attributed to large memory allocations.

The CT has a limit to the available gas for the execution of an instruction, large enough for a 450MB allocation. This limit may be too high for FuzzDifferentialLfvmVsGeth. During fuzzing, two resulting states are created by executing both geth and lfvm. This doubles the memory expansion.

The offending corpus:

go test fuzz v1
[]byte("\xa0") 
int64(499_999_999_947)   
byte('\x04')
[]byte("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x00\xe90\x00")

Arguments are:

  • op: LOG0
  • gas: almost maximum allowed
  • revision
  • stack values: Last value is parameter size: 503_376_128 (480 MB)

The new code will not allow this execution by limiting gas to a 1/10 of the current limit.

@LuisPH3 LuisPH3 changed the title Fuzzuing VMs: Limit memory usage Fuzzing VMs: Limit memory usage Oct 28, 2024
facuMH
facuMH reviewed Oct 28, 2024
View reviewed changes
go/ct/evm_fuzz_test.go Outdated Show resolved Hide resolved
simonlechner
simonlechner previously approved these changes Oct 29, 2024
View reviewed changes
@LuisPH3 LuisPH3 force-pushed the luis/filter-large-mem-fuzzing branch 2 times, most recently from af8148f to 92a204e Compare October 29, 2024 10:00
@LuisPH3 LuisPH3 force-pushed the luis/filter-large-mem-fuzzing branch from 92a204e to 239e742 Compare October 29, 2024 10:13
@LuisPH3 LuisPH3 merged commit 9a8d0e5 into main Oct 29, 2024
5 checks passed
@LuisPH3 LuisPH3 deleted the luis/filter-large-mem-fuzzing branch October 29, 2024 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simonlechner simonlechner simonlechner approved these changes

@facuMH facuMH facuMH approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LuisPH3 @facuMH @simonlechner