From 01960c53c7d71c70792abe19413315768dc2275a Mon Sep 17 00:00:00 2001 From: Martin Leitner-Ankerl Date: Sat, 9 Dec 2023 13:19:02 +0100 Subject: [PATCH] fuzz: make FuzzedDataProvider usage deterministic There exist many usages of `fuzzed_data_provider` where it is evaluated directly in the function call. Unfortunately, the order of evaluation of function arguments is unspecified. This means it can differ between compilers/version/optimization levels etc. But when the evaluation order changes, the same fuzzing input will produce different output, which is bad for coverage/reproducibility. This PR fixes all these cases where by moving multiple calls to `fuzzed_data_provider` out of the function arguments. --- src/test/fuzz/addrman.cpp | 30 ++++++++++++++------- src/test/fuzz/banman.cpp | 8 ++++-- src/test/fuzz/buffered_file.cpp | 4 ++- src/test/fuzz/connman.cpp | 16 +++++------- src/test/fuzz/crypto.cpp | 8 ++++-- src/test/fuzz/crypto_chacha20.cpp | 9 +++---- src/test/fuzz/cuckoocache.cpp | 4 ++- src/test/fuzz/message.cpp | 4 ++- src/test/fuzz/policy_estimator.cpp | 13 ++++++++-- src/test/fuzz/prevector.cpp | 33 +++++++++++++++--------- src/test/fuzz/script_format.cpp | 4 ++- src/test/fuzz/script_interpreter.cpp | 10 +++++-- src/test/fuzz/script_sign.cpp | 9 +++++-- src/test/fuzz/socks5.cpp | 8 +++--- src/test/fuzz/system.cpp | 16 +++++++++--- src/test/fuzz/util/net.cpp | 12 ++++----- src/wallet/test/fuzz/coinselection.cpp | 2 +- src/wallet/test/fuzz/scriptpubkeyman.cpp | 5 +++- 18 files changed, 129 insertions(+), 66 deletions(-) diff --git a/src/test/fuzz/addrman.cpp b/src/test/fuzz/addrman.cpp index ece396aadf..482e70a12d 100644 --- a/src/test/fuzz/addrman.cpp +++ b/src/test/fuzz/addrman.cpp @@ -263,19 +263,30 @@ FUZZ_TARGET(addrman, .init = initialize_addrman) LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { addresses.push_back(ConsumeAddress(fuzzed_data_provider)); } - addr_man.Add(addresses, ConsumeNetAddr(fuzzed_data_provider), std::chrono::seconds{ConsumeTime(fuzzed_data_provider, 0, 100000000)}); + auto net_addr = ConsumeNetAddr(fuzzed_data_provider); + auto time_penalty = std::chrono::seconds{ConsumeTime(fuzzed_data_provider, 0, 100000000)}; + addr_man.Add(addresses, net_addr, time_penalty); }, [&] { - addr_man.Good(ConsumeService(fuzzed_data_provider), NodeSeconds{std::chrono::seconds{ConsumeTime(fuzzed_data_provider)}}); + auto addr = ConsumeService(fuzzed_data_provider); + auto time = NodeSeconds{std::chrono::seconds{ConsumeTime(fuzzed_data_provider)}}; + addr_man.Good(addr, time); }, [&] { - addr_man.Attempt(ConsumeService(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool(), NodeSeconds{std::chrono::seconds{ConsumeTime(fuzzed_data_provider)}}); + auto addr = ConsumeService(fuzzed_data_provider); + auto count_failure = fuzzed_data_provider.ConsumeBool(); + auto time = NodeSeconds{std::chrono::seconds{ConsumeTime(fuzzed_data_provider)}}; + addr_man.Attempt(addr, count_failure, time); }, [&] { - addr_man.Connected(ConsumeService(fuzzed_data_provider), NodeSeconds{std::chrono::seconds{ConsumeTime(fuzzed_data_provider)}}); + auto addr = ConsumeService(fuzzed_data_provider); + auto time = NodeSeconds{std::chrono::seconds{ConsumeTime(fuzzed_data_provider)}}; + addr_man.Connected(addr, time); }, [&] { - addr_man.SetServices(ConsumeService(fuzzed_data_provider), ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS)); + auto addr = ConsumeService(fuzzed_data_provider); + auto n_services = ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS); + addr_man.SetServices(addr, n_services); }); } const AddrMan& const_addr_man{addr_man}; @@ -283,11 +294,10 @@ FUZZ_TARGET(addrman, .init = initialize_addrman) if (fuzzed_data_provider.ConsumeBool()) { network = fuzzed_data_provider.PickValueInArray(ALL_NETWORKS); } - (void)const_addr_man.GetAddr( - /*max_addresses=*/fuzzed_data_provider.ConsumeIntegralInRange(0, 4096), - /*max_pct=*/fuzzed_data_provider.ConsumeIntegralInRange(0, 4096), - network, - /*filtered=*/fuzzed_data_provider.ConsumeBool()); + auto max_addresses = fuzzed_data_provider.ConsumeIntegralInRange(0, 4096); + auto max_pct = fuzzed_data_provider.ConsumeIntegralInRange(0, 4096); + auto filtered = fuzzed_data_provider.ConsumeBool(); + (void)const_addr_man.GetAddr(max_addresses, max_pct, network, filtered); (void)const_addr_man.Select(fuzzed_data_provider.ConsumeBool(), network); std::optional in_new; if (fuzzed_data_provider.ConsumeBool()) { diff --git a/src/test/fuzz/banman.cpp b/src/test/fuzz/banman.cpp index 4a040c56de..7ba357816b 100644 --- a/src/test/fuzz/banman.cpp +++ b/src/test/fuzz/banman.cpp @@ -76,7 +76,9 @@ FUZZ_TARGET(banman, .init = initialize_banman) } else { contains_invalid = true; } - ban_man.Ban(net_addr, ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool()); + auto ban_time_offset = ConsumeBanTimeOffset(fuzzed_data_provider); + auto since_unix_epoch = fuzzed_data_provider.ConsumeBool(); + ban_man.Ban(net_addr, ban_time_offset, since_unix_epoch); }, [&] { CSubNet subnet{ConsumeSubNet(fuzzed_data_provider)}; @@ -84,7 +86,9 @@ FUZZ_TARGET(banman, .init = initialize_banman) if (!subnet.IsValid()) { contains_invalid = true; } - ban_man.Ban(subnet, ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool()); + auto ban_time_offset = ConsumeBanTimeOffset(fuzzed_data_provider); + auto since_unix_epoch = fuzzed_data_provider.ConsumeBool(); + ban_man.Ban(subnet, ban_time_offset, since_unix_epoch); }, [&] { ban_man.ClearBanned(); diff --git a/src/test/fuzz/buffered_file.cpp b/src/test/fuzz/buffered_file.cpp index e30c19b265..a6a042a25c 100644 --- a/src/test/fuzz/buffered_file.cpp +++ b/src/test/fuzz/buffered_file.cpp @@ -25,7 +25,9 @@ FUZZ_TARGET(buffered_file) ConsumeRandomLengthByteVector(fuzzed_data_provider), }; try { - opt_buffered_file.emplace(fuzzed_file, fuzzed_data_provider.ConsumeIntegralInRange(0, 4096), fuzzed_data_provider.ConsumeIntegralInRange(0, 4096)); + auto n_buf_size = fuzzed_data_provider.ConsumeIntegralInRange(0, 4096); + auto n_rewind_in = fuzzed_data_provider.ConsumeIntegralInRange(0, 4096); + opt_buffered_file.emplace(fuzzed_file, n_buf_size, n_rewind_in); } catch (const std::ios_base::failure&) { } if (opt_buffered_file && !fuzzed_file.IsNull()) { diff --git a/src/test/fuzz/connman.cpp b/src/test/fuzz/connman.cpp index 24f91abd25..a7701e34f1 100644 --- a/src/test/fuzz/connman.cpp +++ b/src/test/fuzz/connman.cpp @@ -85,17 +85,15 @@ FUZZ_TARGET(connman, .init = initialize_connman) (void)connman.ForNode(fuzzed_data_provider.ConsumeIntegral(), [&](auto) { return fuzzed_data_provider.ConsumeBool(); }); }, [&] { - (void)connman.GetAddresses( - /*max_addresses=*/fuzzed_data_provider.ConsumeIntegral(), - /*max_pct=*/fuzzed_data_provider.ConsumeIntegral(), - /*network=*/std::nullopt, - /*filtered=*/fuzzed_data_provider.ConsumeBool()); + auto max_addresses = fuzzed_data_provider.ConsumeIntegral(); + auto max_pct = fuzzed_data_provider.ConsumeIntegral(); + auto filtered = fuzzed_data_provider.ConsumeBool(); + (void)connman.GetAddresses(max_addresses, max_pct, /*network=*/std::nullopt, filtered); }, [&] { - (void)connman.GetAddresses( - /*requestor=*/random_node, - /*max_addresses=*/fuzzed_data_provider.ConsumeIntegral(), - /*max_pct=*/fuzzed_data_provider.ConsumeIntegral()); + auto max_addresses = fuzzed_data_provider.ConsumeIntegral(); + auto max_pct = fuzzed_data_provider.ConsumeIntegral(); + (void)connman.GetAddresses(/*requestor=*/random_node, max_addresses, max_pct); }, [&] { (void)connman.GetDeterministicRandomizer(fuzzed_data_provider.ConsumeIntegral()); diff --git a/src/test/fuzz/crypto.cpp b/src/test/fuzz/crypto.cpp index ca8c1cd033..aa478277e3 100644 --- a/src/test/fuzz/crypto.cpp +++ b/src/test/fuzz/crypto.cpp @@ -22,7 +22,9 @@ FUZZ_TARGET(crypto) FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; std::vector data = ConsumeRandomLengthByteVector(fuzzed_data_provider); if (data.empty()) { - data.resize(fuzzed_data_provider.ConsumeIntegralInRange(1, 4096), fuzzed_data_provider.ConsumeIntegral()); + auto new_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 4096); + auto x = fuzzed_data_provider.ConsumeIntegral(); + data.resize(new_size, x); } CHash160 hash160; @@ -44,7 +46,9 @@ FUZZ_TARGET(crypto) if (fuzzed_data_provider.ConsumeBool()) { data = ConsumeRandomLengthByteVector(fuzzed_data_provider); if (data.empty()) { - data.resize(fuzzed_data_provider.ConsumeIntegralInRange(1, 4096), fuzzed_data_provider.ConsumeIntegral()); + auto new_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 4096); + auto x = fuzzed_data_provider.ConsumeIntegral(); + data.resize(new_size, x); } } diff --git a/src/test/fuzz/crypto_chacha20.cpp b/src/test/fuzz/crypto_chacha20.cpp index 50c77bf699..f956d9d01e 100644 --- a/src/test/fuzz/crypto_chacha20.cpp +++ b/src/test/fuzz/crypto_chacha20.cpp @@ -28,11 +28,10 @@ FUZZ_TARGET(crypto_chacha20) chacha20.SetKey(key); }, [&] { - chacha20.Seek( - { - fuzzed_data_provider.ConsumeIntegral(), - fuzzed_data_provider.ConsumeIntegral() - }, fuzzed_data_provider.ConsumeIntegral()); + ChaCha20::Nonce96 nonce{ + fuzzed_data_provider.ConsumeIntegral(), + fuzzed_data_provider.ConsumeIntegral()}; + chacha20.Seek(nonce, fuzzed_data_provider.ConsumeIntegral()); }, [&] { std::vector output(fuzzed_data_provider.ConsumeIntegralInRange(0, 4096)); diff --git a/src/test/fuzz/cuckoocache.cpp b/src/test/fuzz/cuckoocache.cpp index 50a71ee03f..f8a5bde3e6 100644 --- a/src/test/fuzz/cuckoocache.cpp +++ b/src/test/fuzz/cuckoocache.cpp @@ -41,7 +41,9 @@ FUZZ_TARGET(cuckoocache) if (fuzzed_data_provider.ConsumeBool()) { cuckoo_cache.insert(fuzzed_data_provider.ConsumeBool()); } else { - cuckoo_cache.contains(fuzzed_data_provider.ConsumeBool(), fuzzed_data_provider.ConsumeBool()); + auto e = fuzzed_data_provider.ConsumeBool(); + auto erase = fuzzed_data_provider.ConsumeBool(); + cuckoo_cache.contains(e, erase); } } fuzzed_data_provider_ptr = nullptr; diff --git a/src/test/fuzz/message.cpp b/src/test/fuzz/message.cpp index b5c95441f8..dc47fb14d7 100644 --- a/src/test/fuzz/message.cpp +++ b/src/test/fuzz/message.cpp @@ -39,7 +39,9 @@ FUZZ_TARGET(message, .init = initialize_message) } { (void)MessageHash(random_message); - (void)MessageVerify(fuzzed_data_provider.ConsumeRandomLengthString(1024), fuzzed_data_provider.ConsumeRandomLengthString(1024), random_message); + auto address = fuzzed_data_provider.ConsumeRandomLengthString(1024); + auto signature = fuzzed_data_provider.ConsumeRandomLengthString(1024); + (void)MessageVerify(address, signature, random_message); (void)SigningResultString(fuzzed_data_provider.PickValueInArray({SigningResult::OK, SigningResult::PRIVATE_KEY_NOT_AVAILABLE, SigningResult::SIGNING_FAILED})); } } diff --git a/src/test/fuzz/policy_estimator.cpp b/src/test/fuzz/policy_estimator.cpp index 40a1fc80f0..cd6a931f42 100644 --- a/src/test/fuzz/policy_estimator.cpp +++ b/src/test/fuzz/policy_estimator.cpp @@ -83,9 +83,18 @@ FUZZ_TARGET(policy_estimator, .init = initialize_policy_estimator) }); (void)block_policy_estimator.estimateFee(fuzzed_data_provider.ConsumeIntegral()); EstimationResult result; - (void)block_policy_estimator.estimateRawFee(fuzzed_data_provider.ConsumeIntegral(), fuzzed_data_provider.ConsumeFloatingPoint(), fuzzed_data_provider.PickValueInArray(ALL_FEE_ESTIMATE_HORIZONS), fuzzed_data_provider.ConsumeBool() ? &result : nullptr); + auto conf_target = fuzzed_data_provider.ConsumeIntegral(); + auto success_threshold = fuzzed_data_provider.ConsumeFloatingPoint(); + auto horizon = fuzzed_data_provider.PickValueInArray(ALL_FEE_ESTIMATE_HORIZONS); + auto* result_ptr = fuzzed_data_provider.ConsumeBool() ? &result : nullptr; + (void)block_policy_estimator.estimateRawFee(conf_target, success_threshold, horizon, result_ptr); + FeeCalculation fee_calculation; - (void)block_policy_estimator.estimateSmartFee(fuzzed_data_provider.ConsumeIntegral(), fuzzed_data_provider.ConsumeBool() ? &fee_calculation : nullptr, fuzzed_data_provider.ConsumeBool()); + conf_target = fuzzed_data_provider.ConsumeIntegral(); + auto* fee_calc_ptr = fuzzed_data_provider.ConsumeBool() ? &fee_calculation : nullptr; + auto conservative = fuzzed_data_provider.ConsumeBool(); + (void)block_policy_estimator.estimateSmartFee(conf_target, fee_calc_ptr, conservative); + (void)block_policy_estimator.HighestTargetTracked(fuzzed_data_provider.PickValueInArray(ALL_FEE_ESTIMATE_HORIZONS)); } { diff --git a/src/test/fuzz/prevector.cpp b/src/test/fuzz/prevector.cpp index 9cea32e304..76f2d31c4e 100644 --- a/src/test/fuzz/prevector.cpp +++ b/src/test/fuzz/prevector.cpp @@ -212,15 +212,20 @@ FUZZ_TARGET(prevector) LIMITED_WHILE(prov.remaining_bytes(), 3000) { switch (prov.ConsumeIntegralInRange(0, 13 + 3 * (test.size() > 0))) { - case 0: - test.insert(prov.ConsumeIntegralInRange(0, test.size()), prov.ConsumeIntegral()); - break; + case 0: { + auto position = prov.ConsumeIntegralInRange(0, test.size()); + auto value = prov.ConsumeIntegral(); + test.insert(position, value); + } break; case 1: test.resize(std::max(0, std::min(30, (int)test.size() + prov.ConsumeIntegralInRange(0, 4) - 2))); break; - case 2: - test.insert(prov.ConsumeIntegralInRange(0, test.size()), 1 + prov.ConsumeBool(), prov.ConsumeIntegral()); - break; + case 2: { + auto position = prov.ConsumeIntegralInRange(0, test.size()); + auto count = 1 + prov.ConsumeBool(); + auto value = prov.ConsumeIntegral(); + test.insert(position, count, value); + } break; case 3: { int del = prov.ConsumeIntegralInRange(0, test.size()); int beg = prov.ConsumeIntegralInRange(0, test.size() - del); @@ -257,9 +262,11 @@ FUZZ_TARGET(prevector) case 9: test.clear(); break; - case 10: - test.assign(prov.ConsumeIntegralInRange(0, 32767), prov.ConsumeIntegral()); - break; + case 10: { + auto n = prov.ConsumeIntegralInRange(0, 32767); + auto value = prov.ConsumeIntegral(); + test.assign(n, value); + } break; case 11: test.swap(); break; @@ -269,9 +276,11 @@ FUZZ_TARGET(prevector) case 13: test.move(); break; - case 14: - test.update(prov.ConsumeIntegralInRange(0, test.size() - 1), prov.ConsumeIntegral()); - break; + case 14: { + auto pos = prov.ConsumeIntegralInRange(0, test.size() - 1); + auto value = prov.ConsumeIntegral(); + test.update(pos, value); + } break; case 15: test.erase(prov.ConsumeIntegralInRange(0, test.size() - 1)); break; diff --git a/src/test/fuzz/script_format.cpp b/src/test/fuzz/script_format.cpp index 10150dcd7f..e26c42ae38 100644 --- a/src/test/fuzz/script_format.cpp +++ b/src/test/fuzz/script_format.cpp @@ -30,5 +30,7 @@ FUZZ_TARGET(script_format, .init = initialize_script_format) (void)ScriptToAsmStr(script, /*fAttemptSighashDecode=*/fuzzed_data_provider.ConsumeBool()); UniValue o1(UniValue::VOBJ); - ScriptToUniv(script, /*out=*/o1, /*include_hex=*/fuzzed_data_provider.ConsumeBool(), /*include_address=*/fuzzed_data_provider.ConsumeBool()); + auto include_hex = fuzzed_data_provider.ConsumeBool(); + auto include_address = fuzzed_data_provider.ConsumeBool(); + ScriptToUniv(script, /*out=*/o1, include_hex, include_address); } diff --git a/src/test/fuzz/script_interpreter.cpp b/src/test/fuzz/script_interpreter.cpp index 5e76443abe..9e3ad02b2e 100644 --- a/src/test/fuzz/script_interpreter.cpp +++ b/src/test/fuzz/script_interpreter.cpp @@ -25,12 +25,18 @@ FUZZ_TARGET(script_interpreter) const CTransaction tx_to{*mtx}; const unsigned int in = fuzzed_data_provider.ConsumeIntegral(); if (in < tx_to.vin.size()) { - (void)SignatureHash(script_code, tx_to, in, fuzzed_data_provider.ConsumeIntegral(), ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}), nullptr); + auto n_hash_type = fuzzed_data_provider.ConsumeIntegral(); + auto amount = ConsumeMoney(fuzzed_data_provider); + auto sigversion = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}); + (void)SignatureHash(script_code, tx_to, in, n_hash_type, amount, sigversion, nullptr); const std::optional mtx_precomputed = ConsumeDeserializable(fuzzed_data_provider, TX_WITH_WITNESS); if (mtx_precomputed) { const CTransaction tx_precomputed{*mtx_precomputed}; const PrecomputedTransactionData precomputed_transaction_data{tx_precomputed}; - (void)SignatureHash(script_code, tx_to, in, fuzzed_data_provider.ConsumeIntegral(), ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}), &precomputed_transaction_data); + n_hash_type = fuzzed_data_provider.ConsumeIntegral(); + amount = ConsumeMoney(fuzzed_data_provider); + sigversion = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}); + (void)SignatureHash(script_code, tx_to, in, n_hash_type, amount, sigversion, &precomputed_transaction_data); } } } diff --git a/src/test/fuzz/script_sign.cpp b/src/test/fuzz/script_sign.cpp index 9ae150e553..bb997e8d87 100644 --- a/src/test/fuzz/script_sign.cpp +++ b/src/test/fuzz/script_sign.cpp @@ -111,7 +111,10 @@ FUZZ_TARGET(script_sign, .init = initialize_script_sign) } if (n_in < script_tx_to.vin.size()) { SignatureData empty; - (void)SignSignature(provider, ConsumeScript(fuzzed_data_provider), script_tx_to, n_in, ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.ConsumeIntegral(), empty); + auto from_pub_key = ConsumeScript(fuzzed_data_provider); + auto amount = ConsumeMoney(fuzzed_data_provider); + auto n_hash_type = fuzzed_data_provider.ConsumeIntegral(); + (void)SignSignature(provider, from_pub_key, script_tx_to, n_in, amount, n_hash_type, empty); MutableTransactionSignatureCreator signature_creator{tx_to, n_in, ConsumeMoney(fuzzed_data_provider), fuzzed_data_provider.ConsumeIntegral()}; std::vector vch_sig; CKeyID address; @@ -122,7 +125,9 @@ FUZZ_TARGET(script_sign, .init = initialize_script_sign) } else { address = CKeyID{ConsumeUInt160(fuzzed_data_provider)}; } - (void)signature_creator.CreateSig(provider, vch_sig, address, ConsumeScript(fuzzed_data_provider), fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0})); + auto script_code = ConsumeScript(fuzzed_data_provider); + auto sigversion = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}); + (void)signature_creator.CreateSig(provider, vch_sig, address, script_code, sigversion); } std::map coins{ConsumeCoins(fuzzed_data_provider)}; std::map input_errors; diff --git a/src/test/fuzz/socks5.cpp b/src/test/fuzz/socks5.cpp index af81fcb593..17d1787586 100644 --- a/src/test/fuzz/socks5.cpp +++ b/src/test/fuzz/socks5.cpp @@ -41,8 +41,8 @@ FUZZ_TARGET(socks5, .init = initialize_socks5) FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider); // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within // a few seconds of fuzzing. - (void)Socks5(fuzzed_data_provider.ConsumeRandomLengthString(512), - fuzzed_data_provider.ConsumeIntegral(), - fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr, - fuzzed_sock); + auto str_dest = fuzzed_data_provider.ConsumeRandomLengthString(512); + auto port = fuzzed_data_provider.ConsumeIntegral(); + auto* auth = fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr; + (void)Socks5(str_dest, port, auth, fuzzed_sock); } diff --git a/src/test/fuzz/system.cpp b/src/test/fuzz/system.cpp index 73ae89b52a..7a8ea3f2c9 100644 --- a/src/test/fuzz/system.cpp +++ b/src/test/fuzz/system.cpp @@ -44,13 +44,19 @@ FUZZ_TARGET(system, .init = initialize_system) args_manager.SelectConfigNetwork(fuzzed_data_provider.ConsumeRandomLengthString(16)); }, [&] { - args_manager.SoftSetArg(fuzzed_data_provider.ConsumeRandomLengthString(16), fuzzed_data_provider.ConsumeRandomLengthString(16)); + auto str_arg = fuzzed_data_provider.ConsumeRandomLengthString(16); + auto str_value = fuzzed_data_provider.ConsumeRandomLengthString(16); + args_manager.SoftSetArg(str_arg, str_value); }, [&] { - args_manager.ForceSetArg(fuzzed_data_provider.ConsumeRandomLengthString(16), fuzzed_data_provider.ConsumeRandomLengthString(16)); + auto str_arg = fuzzed_data_provider.ConsumeRandomLengthString(16); + auto str_value = fuzzed_data_provider.ConsumeRandomLengthString(16); + args_manager.ForceSetArg(str_arg, str_value); }, [&] { - args_manager.SoftSetBoolArg(fuzzed_data_provider.ConsumeRandomLengthString(16), fuzzed_data_provider.ConsumeBool()); + auto str_arg = fuzzed_data_provider.ConsumeRandomLengthString(16); + auto f_value = fuzzed_data_provider.ConsumeBool(); + args_manager.SoftSetBoolArg(str_arg, f_value); }, [&] { const OptionsCategory options_category = fuzzed_data_provider.PickValueInArray({OptionsCategory::OPTIONS, OptionsCategory::CONNECTION, OptionsCategory::WALLET, OptionsCategory::WALLET_DEBUG_TEST, OptionsCategory::ZMQ, OptionsCategory::DEBUG_TEST, OptionsCategory::CHAINPARAMS, OptionsCategory::NODE_RELAY, OptionsCategory::BLOCK_CREATION, OptionsCategory::RPC, OptionsCategory::GUI, OptionsCategory::COMMANDS, OptionsCategory::REGISTER_COMMANDS, OptionsCategory::HIDDEN}); @@ -60,7 +66,9 @@ FUZZ_TARGET(system, .init = initialize_system) if (args_manager.GetArgFlags(argument_name) != std::nullopt) { return; } - args_manager.AddArg(argument_name, fuzzed_data_provider.ConsumeRandomLengthString(16), fuzzed_data_provider.ConsumeIntegral() & ~ArgsManager::COMMAND, options_category); + auto help = fuzzed_data_provider.ConsumeRandomLengthString(16); + auto flags = fuzzed_data_provider.ConsumeIntegral() & ~ArgsManager::COMMAND; + args_manager.AddArg(argument_name, help, flags, options_category); }, [&] { // Avoid hitting: diff --git a/src/test/fuzz/util/net.cpp b/src/test/fuzz/util/net.cpp index eb0f14ede0..213654476b 100644 --- a/src/test/fuzz/util/net.cpp +++ b/src/test/fuzz/util/net.cpp @@ -375,10 +375,10 @@ bool FuzzedSock::IsConnected(std::string& errmsg) const void FillNode(FuzzedDataProvider& fuzzed_data_provider, ConnmanTestMsg& connman, CNode& node) noexcept { - connman.Handshake(node, - /*successfully_connected=*/fuzzed_data_provider.ConsumeBool(), - /*remote_services=*/ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS), - /*local_services=*/ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS), - /*version=*/fuzzed_data_provider.ConsumeIntegralInRange(MIN_PEER_PROTO_VERSION, std::numeric_limits::max()), - /*relay_txs=*/fuzzed_data_provider.ConsumeBool()); + auto successfully_connected = fuzzed_data_provider.ConsumeBool(); + auto remote_services = ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS); + auto local_services = ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS); + auto version = fuzzed_data_provider.ConsumeIntegralInRange(MIN_PEER_PROTO_VERSION, std::numeric_limits::max()); + auto relay_txs = fuzzed_data_provider.ConsumeBool(); + connman.Handshake(node, successfully_connected, remote_services, local_services, version, relay_txs); } diff --git a/src/wallet/test/fuzz/coinselection.cpp b/src/wallet/test/fuzz/coinselection.cpp index 4caf96b18d..122c4d825a 100644 --- a/src/wallet/test/fuzz/coinselection.cpp +++ b/src/wallet/test/fuzz/coinselection.cpp @@ -111,7 +111,7 @@ FUZZ_TARGET(coinselection) GroupCoins(fuzzed_data_provider, utxo_pool, coin_params, /*positive_only=*/false, group_all); for (const OutputGroup& group : group_all) { - const CoinEligibilityFilter filter(fuzzed_data_provider.ConsumeIntegral(), fuzzed_data_provider.ConsumeIntegral(), fuzzed_data_provider.ConsumeIntegral()); + const CoinEligibilityFilter filter{fuzzed_data_provider.ConsumeIntegral(), fuzzed_data_provider.ConsumeIntegral(), fuzzed_data_provider.ConsumeIntegral()}; (void)group.EligibleForSpending(filter); } diff --git a/src/wallet/test/fuzz/scriptpubkeyman.cpp b/src/wallet/test/fuzz/scriptpubkeyman.cpp index b0c955f482..cc6bda962d 100644 --- a/src/wallet/test/fuzz/scriptpubkeyman.cpp +++ b/src/wallet/test/fuzz/scriptpubkeyman.cpp @@ -178,7 +178,10 @@ FUZZ_TARGET(scriptpubkeyman, .init = initialize_spkm) auto psbt{*opt_psbt}; const PrecomputedTransactionData txdata{PrecomputePSBTData(psbt)}; const int sighash_type{fuzzed_data_provider.ConsumeIntegralInRange(0, 150)}; - (void)spk_manager->FillPSBT(psbt, txdata, sighash_type, fuzzed_data_provider.ConsumeBool(), fuzzed_data_provider.ConsumeBool(), nullptr, fuzzed_data_provider.ConsumeBool()); + auto sign = fuzzed_data_provider.ConsumeBool(); + auto bip32derivs = fuzzed_data_provider.ConsumeBool(); + auto finalize = fuzzed_data_provider.ConsumeBool(); + (void)spk_manager->FillPSBT(psbt, txdata, sighash_type, sign, bip32derivs, nullptr, finalize); } ); }