doc/html/strprintf_8cpp_source.html

 // Copyright (c) 2020-2021 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
 #include <tinyformat.h>
 #include <util/strencodings.h>
 #include <util/translation.h>

 #include <algorithm>
 #include <cstdint>
 #include <string>
 #include <vector>

 template <typename... Args>
 void fuzz_fmt(const std::string& fmt, const Args&... args)
 {
     (void)tfm::format(tfm::RuntimeFormat{fmt}, args...);
 }

 FUZZ_TARGET(str_printf)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
     const std::string format_string = fuzzed_data_provider.ConsumeRandomLengthString(64);

     const int digits_in_format_specifier = std::count_if(format_string.begin(), format_string.end(), IsDigit);

     // Avoid triggering the following crash bug:
     // * strprintf("%987654321000000:", 1);
     //
     // Avoid triggering the following OOM bug:
     // * strprintf("%.222222200000000$", 1.1);
     //
     // Upstream bug report: https://github.com/c42f/tinyformat/issues/70
     if (format_string.find('%') != std::string::npos && digits_in_format_specifier >= 7) {
         return;
     }

     // Avoid triggering the following crash bug:
     // * strprintf("%1$*1$*", -11111111);
     //
     // Upstream bug report: https://github.com/c42f/tinyformat/issues/70
     if (format_string.find('%') != std::string::npos && format_string.find('$') != std::string::npos && format_string.find('*') != std::string::npos && digits_in_format_specifier > 0) {
         return;
     }

     // Avoid triggering the following crash bug:
     // * strprintf("%.1s", (char*)nullptr);
     //
     // (void)strprintf(format_string, (char*)nullptr);
     //
     // Upstream bug report: https://github.com/c42f/tinyformat/issues/70

     try {
         CallOneOf(
             fuzzed_data_provider,
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeRandomLengthString(32));
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeRandomLengthString(32).c_str());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<signed char>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<unsigned char>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<char>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeBool());
             });
     } catch (const tinyformat::format_error&) {
     }

     if (format_string.find('%') != std::string::npos && format_string.find('c') != std::string::npos) {
         // Avoid triggering the following:
         // * strprintf("%c", 1.31783e+38);
         // tinyformat.h:244:36: runtime error: 1.31783e+38 is outside the range of representable values of type 'char'
         return;
     }

     if (format_string.find('%') != std::string::npos && format_string.find('*') != std::string::npos) {
         // Avoid triggering the following:
         // * strprintf("%*", -2.33527e+38);
         // tinyformat.h:283:65: runtime error: -2.33527e+38 is outside the range of representable values of type 'int'
         // * strprintf("%*", -2147483648);
         // tinyformat.h:763:25: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
         return;
     }

     try {
         CallOneOf(
             fuzzed_data_provider,
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeFloatingPoint<float>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeFloatingPoint<double>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<int16_t>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<uint16_t>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<int32_t>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<uint32_t>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<int64_t>());
             },
             [&] {
                 fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<uint64_t>());
             });
     } catch (const tinyformat::format_error&) {
     }
 }
FuzzedDataProvider.h

fuzz.h

IsDigit
constexpr bool IsDigit(char c)
Tests if the given character is a decimal digit.
Definition: strencodings.h:150

strencodings.h

tinyformat::format
void format(std::ostream &out, FormatStringCheck< sizeof...(Args)> fmt, const Args &... args)
Format list of arguments to the stream according to given format string.
Definition: tinyformat.h:1079

args
ArgsManager & args
Definition: bitcoind.cpp:277

FuzzedDataProvider::ConsumeRandomLengthString
std::string ConsumeRandomLengthString(size_t max_length)
Definition: FuzzedDataProvider.h:153

tinyformat.h

tinyformat::format_error
Definition: tinyformat.h:202

translation.h

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

FUZZ_TARGET
FUZZ_TARGET(str_printf)
Definition: strprintf.cpp:23

fuzz_fmt
void fuzz_fmt(const std::string &fmt, const Args &... args)
Definition: strprintf.cpp:18

util.h

tinyformat::RuntimeFormat
Definition: tinyformat.h:184

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35