Merge bitcoin/bitcoin#24298: fuzz: Avoid unsigned integer overflow in FormatParagraph

fa2f7d005932bff9b7d27744ae517b9e7910df8d fuzz: Avoid unsigned integer overflow in FormatParagraph (MarcoFalke) Pull request description: `FormatParagraph` is only ever called with compile time constant arguments, so I don't see the need for fuzzing it. Though, keep it for now, but avoid the unsigned integer overflow with this patch. ACKs for top commit: laanwj: Code review ACK fa2f7d005932bff9b7d27744ae517b9e7910df8d Tree-SHA512: 01fc64a9ef73c183921ca1b0cd8db9514c0a242e3acf215a3393f383ae129e01625ebb16eaf9cb86370eda62d0145c3dcf8f62e40edf5958abc1f777c5687280
2026-02-02 19:51:13 +00:00 · 2022-02-10 07:14:11 +00:00 · 2022-02-10 07:14:11 +00:00 · 3dc0bb9552
commit 3dc0bb9552
parent 8c0f02c69d fa2f7d0059
2 changed files with 3 additions and 1 deletions
--- a/src/test/fuzz/string.cpp
+++ b/src/test/fuzz/string.cpp
@ -145,7 +145,8 @@ FUZZ_TARGET(string)
    (void)CopyrightHolders(random_string_1);
    FeeEstimateMode fee_estimate_mode;
    (void)FeeModeFromString(random_string_1, fee_estimate_mode);
-    (void)FormatParagraph(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000));
+    const auto width{fuzzed_data_provider.ConsumeIntegralInRange<size_t>(1, 1000)};
+    (void)FormatParagraph(random_string_1, width, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, width));
    (void)FormatSubVersion(random_string_1, fuzzed_data_provider.ConsumeIntegral<int>(), random_string_vector);
    (void)GetDescriptorChecksum(random_string_1);
    (void)HelpExampleCli(random_string_1, random_string_2);
--- a/src/util/strencodings.cpp
+++ b/src/util/strencodings.cpp
@ -328,6 +328,7 @@ bool ParseUInt64(const std::string& str, uint64_t* out)

 std::string FormatParagraph(const std::string& in, size_t width, size_t indent)
 {
+    assert(width >= indent);
    std::stringstream out;
    size_t ptr = 0;
    size_t indented = 0;