phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-25 10:43:19 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fuzz: replace every fuzzer-controlled loop with a LIMITED_WHILE loop

Browse source 
Blindly chose a cap of 10000 iterations for every loop, except for
the two in script_ops.cpp and scriptnum_ops.cpp which appeared to
(sometimes) be deserializing individual bytes; capped those to one
million to ensure that sometimes we try working with massive scripts.

There was also one fuzzer-controlled loop in timedata.cpp which was
already capped, so I left that alone.

git grep 'while (fuzz' should now run clean except for timedata.cpp
This commit is contained in:
Andrew Poelstra 2021-10-25 19:48:22 +00:00
parent 22a9018649
commit 214d9055ac
29 changed files with 34 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/test/fuzz/addrman.cpp
View file

@ -236,7 +236,7 @@ FUZZ_TARGET_INIT(addrman, initialize_addrman)
}
}
AddrManDeterministic& addr_man = *addr_man_ptr;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {
@ -247,7 +247,7 @@ FUZZ_TARGET_INIT(addrman, initialize_addrman)
},
[&] {
std::vector<CAddress> addresses;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::optional<CAddress> opt_address = ConsumeDeserializable<CAddress>(fuzzed_data_provider);
if (!opt_address) {
break;

2
src/test/fuzz/autofile.cpp
View file

@ -19,7 +19,7 @@ FUZZ_TARGET(autofile)
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
FuzzedAutoFileProvider fuzzed_auto_file_provider = ConsumeAutoFile(fuzzed_data_provider);
CAutoFile auto_file = fuzzed_auto_file_provider.open();
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/bloom_filter.cpp
View file

@ -24,7 +24,7 @@ FUZZ_TARGET(bloom_filter)
1.0 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max()),
fuzzed_data_provider.ConsumeIntegral<unsigned int>(),
static_cast<unsigned char>(fuzzed_data_provider.PickValueInArray({BLOOM_UPDATE_NONE, BLOOM_UPDATE_ALL, BLOOM_UPDATE_P2PUBKEY_ONLY, BLOOM_UPDATE_MASK}))};
while (fuzzed_data_provider.remaining_bytes() > 0) {
LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/buffered_file.cpp
View file

@ -29,7 +29,7 @@ FUZZ_TARGET(buffered_file)
}
if (opt_buffered_file && fuzzed_file != nullptr) {
bool setpos_fail = false;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/chain.cpp
View file

@ -35,7 +35,7 @@ FUZZ_TARGET(chain)
(void)CDiskBlockIndex{*disk_block_index};
(void)disk_block_index->BuildSkip();
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const BlockStatus block_status = fuzzed_data_provider.PickValueInArray({
BlockStatus::BLOCK_VALID_UNKNOWN,
BlockStatus::BLOCK_VALID_RESERVED,

4
src/test/fuzz/coins_view.cpp
View file

@ -51,7 +51,7 @@ FUZZ_TARGET_INIT(coins_view, initialize_coins_view)
COutPoint random_out_point;
Coin random_coin;
CMutableTransaction random_mutable_transaction;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {
@ -114,7 +114,7 @@ FUZZ_TARGET_INIT(coins_view, initialize_coins_view)
},
[&] {
CCoinsMap coins_map;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CCoinsCacheEntry coins_cache_entry;
coins_cache_entry.flags = fuzzed_data_provider.ConsumeIntegral<unsigned char>();
if (fuzzed_data_provider.ConsumeBool()) {

2
src/test/fuzz/connman.cpp
View file

@ -31,7 +31,7 @@ FUZZ_TARGET_INIT(connman, initialize_connman)
CNode random_node = ConsumeNode(fuzzed_data_provider);
CSubNet random_subnet;
std::string random_string;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/crypto_aes256.cpp
View file

@ -19,7 +19,7 @@ FUZZ_TARGET(crypto_aes256)
AES256Encrypt encrypt{key.data()};
AES256Decrypt decrypt{key.data()};
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::vector<uint8_t> plaintext = ConsumeFixedLengthByteVector(fuzzed_data_provider, AES_BLOCKSIZE);
std::vector<uint8_t> ciphertext(AES_BLOCKSIZE);
encrypt.Encrypt(ciphertext.data(), plaintext.data());

2
src/test/fuzz/crypto_aes256cbc.cpp
View file

@ -21,7 +21,7 @@ FUZZ_TARGET(crypto_aes256cbc)
AES256CBCEncrypt encrypt{key.data(), iv.data(), pad};
AES256CBCDecrypt decrypt{key.data(), iv.data(), pad};
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::vector<uint8_t> plaintext = ConsumeRandomLengthByteVector(fuzzed_data_provider);
std::vector<uint8_t> ciphertext(plaintext.size() + AES_BLOCKSIZE);
const int encrypt_ret = encrypt.Encrypt(plaintext.data(), plaintext.size(), ciphertext.data());

2
src/test/fuzz/crypto_chacha20.cpp
View file

@ -19,7 +19,7 @@ FUZZ_TARGET(crypto_chacha20)
const std::vector<unsigned char> key = ConsumeFixedLengthByteVector(fuzzed_data_provider, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(16, 32));
chacha20 = ChaCha20{key.data(), key.size()};
}
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/crypto_chacha20_poly1305_aead.cpp
View file

@ -28,7 +28,7 @@ FUZZ_TARGET(crypto_chacha20_poly1305_aead)
std::vector<uint8_t> in(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
std::vector<uint8_t> out(buffer_size + CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN, 0);
bool is_encrypt = fuzzed_data_provider.ConsumeBool();
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/crypto_hkdf_hmac_sha256_l32.cpp
View file

@ -18,7 +18,7 @@ FUZZ_TARGET(crypto_hkdf_hmac_sha256_l32)
const std::vector<uint8_t> initial_key_material = ConsumeRandomLengthByteVector(fuzzed_data_provider);
CHKDF_HMAC_SHA256_L32 hkdf_hmac_sha256_l32(initial_key_material.data(), initial_key_material.size(), fuzzed_data_provider.ConsumeRandomLengthString(1024));
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
std::vector<uint8_t> out(32);
hkdf_hmac_sha256_l32.Expand32(fuzzed_data_provider.ConsumeRandomLengthString(128), out.data());
}

2
src/test/fuzz/cuckoocache.cpp
View file

@ -37,7 +37,7 @@ FUZZ_TARGET(cuckoocache)
} else {
cuckoo_cache.setup(fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, 4096));
}
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
if (fuzzed_data_provider.ConsumeBool()) {
cuckoo_cache.insert(fuzzed_data_provider.ConsumeBool());
} else {

2
src/test/fuzz/fees.cpp
View file

@ -18,7 +18,7 @@ FUZZ_TARGET(fees)
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
const CFeeRate minimal_incremental_fee{ConsumeMoney(fuzzed_data_provider)};
FeeFilterRounder fee_filter_rounder{minimal_incremental_fee};
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const CAmount current_minimum_fee = ConsumeMoney(fuzzed_data_provider);
const CAmount rounded_fee = fee_filter_rounder.round(current_minimum_fee);
assert(MoneyRange(rounded_fee));

2
src/test/fuzz/merkleblock.cpp
View file

@ -34,7 +34,7 @@ FUZZ_TARGET(merkleblock)
if (fuzzed_data_provider.ConsumeBool()) {
merkle_block = CMerkleBlock{*opt_block, bloom_filter};
} else if (fuzzed_data_provider.ConsumeBool()) {
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
txids.insert(ConsumeUInt256(fuzzed_data_provider));
}
merkle_block = CMerkleBlock{*opt_block, txids};

2
src/test/fuzz/net.cpp
View file

@ -32,7 +32,7 @@ FUZZ_TARGET_INIT(net, initialize_net)
SetMockTime(ConsumeTime(fuzzed_data_provider));
CNode node{ConsumeNode(fuzzed_data_provider)};
node.SetCommonVersion(fuzzed_data_provider.ConsumeIntegral<int>());
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/netbase_dns_lookup.cpp
View file

@ -22,7 +22,7 @@ FUZZ_TARGET(netbase_dns_lookup)
auto fuzzed_dns_lookup_function = [&](const std::string&, bool) {
std::vector<CNetAddr> resolved_addresses;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
resolved_addresses.push_back(ConsumeNetAddr(fuzzed_data_provider));
}
return resolved_addresses;

2
src/test/fuzz/node_eviction.cpp
View file

@ -18,7 +18,7 @@ FUZZ_TARGET(node_eviction)
{
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
std::vector<NodeEvictionCandidate> eviction_candidates;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
eviction_candidates.push_back({
/* id */ fuzzed_data_provider.ConsumeIntegral<NodeId>(),
/* nTimeConnected */ fuzzed_data_provider.ConsumeIntegral<int64_t>(),

4
src/test/fuzz/policy_estimator.cpp
View file

@ -24,7 +24,7 @@ FUZZ_TARGET_INIT(policy_estimator, initialize_policy_estimator)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
CBlockPolicyEstimator block_policy_estimator;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
CallOneOf(
fuzzed_data_provider,
[&] {
@ -40,7 +40,7 @@ FUZZ_TARGET_INIT(policy_estimator, initialize_policy_estimator)
},
[&] {
std::vector<CTxMemPoolEntry> mempool_entries;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::optional<CMutableTransaction> mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
if (!mtx) {
break;

2
src/test/fuzz/pow.cpp
View file

@ -27,7 +27,7 @@ FUZZ_TARGET_INIT(pow, initialize_pow)
std::vector<CBlockIndex> blocks;
const uint32_t fixed_time = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
const uint32_t fixed_bits = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
while (fuzzed_data_provider.remaining_bytes() > 0) {
LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 10000) {
const std::optional<CBlockHeader> block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);
if (!block_header) {
continue;

2
src/test/fuzz/process_messages.cpp
View file

@ -55,7 +55,7 @@ FUZZ_TARGET_INIT(process_messages, initialize_process_messages)
connman.AddTestNode(p2p_node);
}
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::string random_message_type{fuzzed_data_provider.ConsumeBytesAsString(CMessageHeader::COMMAND_SIZE).c_str()};
const auto mock_time = ConsumeTime(fuzzed_data_provider);

2
src/test/fuzz/rbf.cpp
View file

@ -24,7 +24,7 @@ FUZZ_TARGET(rbf)
return;
}
CTxMemPool pool;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::optional<CMutableTransaction> another_mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
if (!another_mtx) {
break;

4
src/test/fuzz/rpc.cpp
View file

@ -294,7 +294,7 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
std::string ConsumeArrayRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
{
std::vector<std::string> scalar_arguments;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) {
scalar_arguments.push_back(ConsumeScalarRPCArgument(fuzzed_data_provider));
}
return "[\"" + Join(scalar_arguments, "\",\"") + "\"]";
@ -348,7 +348,7 @@ FUZZ_TARGET_INIT(rpc, initialize_rpc)
return;
}
std::vector<std::string> arguments;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) {
arguments.push_back(ConsumeRPCArgument(fuzzed_data_provider));
}
try {

2
src/test/fuzz/script_descriptor_cache.cpp
View file

@ -17,7 +17,7 @@ FUZZ_TARGET(script_descriptor_cache)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
DescriptorCache descriptor_cache;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::vector<uint8_t> code = fuzzed_data_provider.ConsumeBytes<uint8_t>(BIP32_EXTKEY_SIZE);
if (code.size() == BIP32_EXTKEY_SIZE) {
CExtPubKey xpub;

2
src/test/fuzz/script_ops.cpp
View file

@ -15,7 +15,7 @@ FUZZ_TARGET(script_ops)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
CScript script_mut = ConsumeScript(fuzzed_data_provider);
while (fuzzed_data_provider.remaining_bytes() > 0) {
LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 1000000) {
CallOneOf(
fuzzed_data_provider,
[&] {

4
src/test/fuzz/script_sign.cpp
View file

@ -48,7 +48,7 @@ FUZZ_TARGET_INIT(script_sign, initialize_script_sign)
{
std::map<CPubKey, KeyOriginInfo> hd_keypaths;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::optional<CPubKey> pub_key = ConsumeDeserializable<CPubKey>(fuzzed_data_provider);
if (!pub_key) {
break;
@ -125,7 +125,7 @@ FUZZ_TARGET_INIT(script_sign, initialize_script_sign)
(void)signature_creator.CreateSig(provider, vch_sig, address, ConsumeScript(fuzzed_data_provider), fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}));
}
std::map<COutPoint, Coin> coins;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
const std::optional<COutPoint> outpoint = ConsumeDeserializable<COutPoint>(fuzzed_data_provider);
if (!outpoint) {
break;

2
src/test/fuzz/scriptnum_ops.cpp
View file

@ -28,7 +28,7 @@ FUZZ_TARGET(scriptnum_ops)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
CScriptNum script_num = ConsumeScriptNum(fuzzed_data_provider);
while (fuzzed_data_provider.remaining_bytes() > 0) {
LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 1000000) {
CallOneOf(
fuzzed_data_provider,
[&] {

2
src/test/fuzz/torcontrol.cpp
View file

@ -44,7 +44,7 @@ FUZZ_TARGET_INIT(torcontrol, initialize_torcontrol)
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
TorController tor_controller;
while (fuzzed_data_provider.ConsumeBool()) {
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
TorControlReply tor_control_reply;
CallOneOf(
fuzzed_data_provider,

2
src/test/fuzz/versionbits.cpp
View file

@ -199,7 +199,7 @@ FUZZ_TARGET_INIT(versionbits, initialize)
const uint32_t signalling_mask = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
// mine prior periods
while (fuzzed_data_provider.remaining_bytes() > 0) {
while (fuzzed_data_provider.remaining_bytes() > 0) { // early exit; no need for LIMITED_WHILE
// all blocks in these periods either do or don't signal
bool signal = fuzzed_data_provider.ConsumeBool();
for (int b = 0; b < period; ++b) {