From 2f63ffd15caeb79867e56c8cedbe2c702952db9e Mon Sep 17 00:00:00 2001 From: practicalswift Date: Wed, 18 Dec 2019 16:25:20 +0000 Subject: [PATCH] tests: Add fuzzing harness for V1TransportDeserializer (P2P transport) --- src/Makefile.test.include | 7 +++ src/test/fuzz/p2p_transport_deserializer.cpp | 47 ++++++++++++++++++++ test/fuzz/test_runner.py | 1 + 3 files changed, 55 insertions(+) create mode 100644 src/test/fuzz/p2p_transport_deserializer.cpp diff --git a/src/Makefile.test.include b/src/Makefile.test.include index 0975551995..5fc117c0b1 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -37,6 +37,7 @@ FUZZ_TARGETS = \ test/fuzz/messageheader_deserialize \ test/fuzz/netaddr_deserialize \ test/fuzz/out_point_deserialize \ + test/fuzz/p2p_transport_deserializer \ test/fuzz/parse_hd_keypath \ test/fuzz/parse_iso8601 \ test/fuzz/parse_numbers \ @@ -433,6 +434,12 @@ test_fuzz_out_point_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_out_point_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) test_fuzz_out_point_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp +test_fuzz_p2p_transport_deserializer_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) +test_fuzz_p2p_transport_deserializer_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) +test_fuzz_p2p_transport_deserializer_LDADD = $(FUZZ_SUITE_LD_COMMON) +test_fuzz_p2p_transport_deserializer_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) +test_fuzz_p2p_transport_deserializer_SOURCES = $(FUZZ_SUITE) test/fuzz/p2p_transport_deserializer.cpp + test_fuzz_parse_hd_keypath_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) test_fuzz_parse_hd_keypath_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_parse_hd_keypath_LDADD = $(FUZZ_SUITE_LD_COMMON) diff --git a/src/test/fuzz/p2p_transport_deserializer.cpp b/src/test/fuzz/p2p_transport_deserializer.cpp new file mode 100644 index 0000000000..57393fed45 --- /dev/null +++ b/src/test/fuzz/p2p_transport_deserializer.cpp @@ -0,0 +1,47 @@ +// Copyright (c) 2019 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include +#include +#include +#include + +#include +#include +#include +#include + +void initialize() +{ + SelectParams(CBaseChainParams::REGTEST); +} + +void test_one_input(const std::vector& buffer) +{ + V1TransportDeserializer deserializer{Params().MessageStart(), SER_NETWORK, INIT_PROTO_VERSION}; + const char* pch = (const char*)buffer.data(); + size_t n_bytes = buffer.size(); + while (n_bytes > 0) { + const int handled = deserializer.Read(pch, n_bytes); + if (handled < 0) { + break; + } + pch += handled; + n_bytes -= handled; + if (deserializer.Complete()) { + const int64_t m_time = std::numeric_limits::max(); + const CNetMessage msg = deserializer.GetMessage(Params().MessageStart(), m_time); + assert(msg.m_command.size() <= CMessageHeader::COMMAND_SIZE); + assert(msg.m_raw_message_size <= buffer.size()); + assert(msg.m_raw_message_size == CMessageHeader::HEADER_SIZE + msg.m_message_size); + assert(msg.m_time == m_time); + if (msg.m_valid_header) { + assert(msg.m_valid_netmagic); + } + if (!msg.m_valid_netmagic) { + assert(!msg.m_valid_header); + } + } + } +} diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py index 9027311a8b..d2fc6ce312 100755 --- a/test/fuzz/test_runner.py +++ b/test/fuzz/test_runner.py @@ -28,6 +28,7 @@ FUZZERS_MISSING_CORPORA = [ "key_origin_info_deserialize", "merkle_block_deserialize", "out_point_deserialize", + "p2p_transport_deserializer", "parse_hd_keypath", "parse_numbers", "parse_script",