Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add fuzzers for gnovm/pkg/gnolang/ParseFile + ConvertUntypedBigDecToFloat #3455

Merged
merged 2 commits into from
Jan 9, 2025
Merged

feat: add fuzzers for gnovm/pkg/gnolang/ParseFile + ConvertUntypedBigDecToFloat #3455

merged 2 commits into from
Jan 9, 2025
+209 −0

Conversation

odeke-em
Copy link
Contributor

@odeke-em odeke-em commented Jan 8, 2025

To harden the security of Gno, this change introduces fuzzers that so far have already rediscovered a cockroadch/apd/v3 bug per cockroachdb/apd#120 (comment)

Updates #3087

@github-actions github-actions bot added the 📦 🤖 gnovm Issues or PRs gnovm related label Jan 8, 2025
@odeke-em
Copy link
Contributor Author

odeke-em commented Jan 8, 2025

Kindly cc-ing @moul @thehowl @notJoon @jaekwon @n2p5

@Gno2D2
Copy link
Collaborator

Gno2D2 commented Jan 8, 2025
edited
Loading

🛠 PR Checks Summary

All Automated Checks passed. ✅

Manual Checks (for Reviewers):
  • IGNORE the bot requirements for this PR (force green CI check)
  • The pull request description provides enough details (checked by @n2p5)
Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info)

☑️ Contributor Actions:
  1. Fix any issues flagged by automated checks.
  2. Follow the Contributor Checklist to ensure your PR is ready for review.
    • Add new tests, or document why they are unnecessary.
    • Provide clear examples/screenshots, if necessary.
    • Update documentation, if required.
    • Ensure no breaking changes, or include BREAKING CHANGE notes.
    • Link related issues/PRs, where applicable.
☑️ Reviewer Actions:
  1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.
📚 Resources:
Debug
Automated Checks
Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 The pull request was created from a fork (head branch repo: odeke-em/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request
Manual Checks
**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

  • Any user with comment edit permission
The pull request description provides enough details

If

🟢 Condition met
└── 🟢 Not (🔴 Pull request author is a member of the team: core-contributors)

Can be checked by

  • team core-contributors

@odeke-em odeke-em force-pushed the fuzz-gnolang-ParseFile+ConvertUntypedBigdecToFloat branch from 56f8406 to 5f42160 Compare January 8, 2025 04:57
@odeke-em odeke-em changed the title fuzz(gnovm/pkg/gnolang): add fuzzers for ParseFile + ConvertUntypedBigDecToFloat feat: add fuzzers for gnovm/pkg/gnolang/ParseFile + ConvertUntypedBigDecToFloat Jan 8, 2025
@odeke-em odeke-em force-pushed the fuzz-gnolang-ParseFile+ConvertUntypedBigdecToFloat branch 2 times, most recently from 6e2cd92 to 2782d69 Compare January 8, 2025 05:43
notJoon
notJoon approved these changes Jan 8, 2025
View reviewed changes
Copy link
Member

@notJoon notJoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@odeke-em
feat: add fuzzers for gnovm/pkg/gnolang/ParseFile + ConvertUntypedBig…
56939c9 
…DecToFloat

To harden the security of Gno, this change introduces fuzzers
that so far have already rediscovered a cockroadch/apd/v3 bug
per cockroachdb/apd#120 (comment)

Updates  gnolang#3087
@odeke-em odeke-em force-pushed the fuzz-gnolang-ParseFile+ConvertUntypedBigdecToFloat branch from 2782d69 to 56939c9 Compare January 8, 2025 07:44
@thehowl thehowl added the bounty/candidate PR is candidate to receive a bounty. label Jan 9, 2025
n2p5
n2p5 approved these changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@n2p5 n2p5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed with @odeke-em , LGTM, important work.

@n2p5 n2p5 merged commit aa031a6 into gnolang:master Jan 9, 2025
24 checks passed
@codecov Codecov
Copy link

codecov bot commented Jan 9, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

@odeke-em odeke-em deleted the fuzz-gnolang-ParseFile+ConvertUntypedBigdecToFloat branch January 9, 2025 20:28
albttx pushed a commit that referenced this pull request Jan 10, 2025
@odeke-em @n2p5 @albttx
feat: add fuzzers for gnovm/pkg/gnolang/ParseFile + ConvertUntypedBig…
c740730 
…DecToFloat (#3455)

To harden the security of Gno, this change introduces fuzzers that so
far have already rediscovered a cockroadch/apd/v3 bug per
cockroachdb/apd#120 (comment)

Updates  #3087

Co-authored-by: Nathan Toups <[email protected]>
@moul moul mentioned this pull request Jan 21, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n2p5 n2p5 n2p5 approved these changes

@notJoon notJoon notJoon approved these changes

Assignees

@odeke-em odeke-em

Labels
bounty/candidate PR is candidate to receive a bounty. 📦 🤖 gnovm Issues or PRs gnovm related
Projects
🧙‍♂️gno.land core team
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@odeke-em @Gno2D2 @n2p5 @notJoon @thehowl