mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-09 11:27:28 -03:00
Merge #20377: fuzz: Fill various small fuzzing gaps
4ddbcd0d9a
fuzz: Add coverage for CDataStream consumer (practicalswift)546a0764f3
fuzz: Fill various small fuzzing gaps (practicalswift) Pull request description: Fill various small fuzzing gaps. See [`doc/fuzzing.md`](https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md) for information on how to fuzz Bitcoin Core. Don't forget to contribute any coverage increasing inputs you find to the [Bitcoin Core fuzzing corpus repo](https://github.com/bitcoin-core/qa-assets). Happy fuzzing :) ACKs for top commit: MarcoFalke: review ACK4ddbcd0d9a
Tree-SHA512: d20f2cc0172f39948673846d088121782f39b4556df8b38fa14859cfa062c1519d18ee9601d4503ef1ba9613976cc5349c1fc0f0b9601a3d68127ffce1b1854e
This commit is contained in:
commit
f1f26b8d5b
3 changed files with 72 additions and 1 deletions
|
@ -210,6 +210,7 @@ test_fuzz_fuzz_SOURCES = \
|
|||
test/fuzz/crypto_hkdf_hmac_sha256_l32.cpp \
|
||||
test/fuzz/crypto_poly1305.cpp \
|
||||
test/fuzz/cuckoocache.cpp \
|
||||
test/fuzz/data_stream.cpp \
|
||||
test/fuzz/decode_tx.cpp \
|
||||
test/fuzz/descriptor_parse.cpp \
|
||||
test/fuzz/deserialize.cpp \
|
||||
|
|
25
src/test/fuzz/data_stream.cpp
Normal file
25
src/test/fuzz/data_stream.cpp
Normal file
|
@ -0,0 +1,25 @@
|
|||
// Copyright (c) 2020 The Bitcoin Core developers
|
||||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#include <addrman.h>
|
||||
#include <net.h>
|
||||
#include <test/fuzz/FuzzedDataProvider.h>
|
||||
#include <test/fuzz/fuzz.h>
|
||||
#include <test/fuzz/util.h>
|
||||
|
||||
#include <cstdint>
|
||||
#include <vector>
|
||||
|
||||
void initialize_data_stream_addr_man()
|
||||
{
|
||||
InitializeFuzzingContext();
|
||||
}
|
||||
|
||||
FUZZ_TARGET_INIT(data_stream_addr_man, initialize_data_stream_addr_man)
|
||||
{
|
||||
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
|
||||
CDataStream data_stream = ConsumeDataStream(fuzzed_data_provider);
|
||||
CAddrMan addr_man;
|
||||
CAddrDB::Read(addr_man, data_stream);
|
||||
}
|
|
@ -2,6 +2,8 @@
|
|||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#include <merkleblock.h>
|
||||
#include <policy/fees.h>
|
||||
#include <rpc/util.h>
|
||||
#include <test/fuzz/FuzzedDataProvider.h>
|
||||
#include <test/fuzz/fuzz.h>
|
||||
|
@ -9,9 +11,37 @@
|
|||
#include <util/error.h>
|
||||
#include <util/translation.h>
|
||||
|
||||
#include <array>
|
||||
#include <cstdint>
|
||||
#include <vector>
|
||||
|
||||
namespace {
|
||||
constexpr TransactionError ALL_TRANSACTION_ERROR[] = {
|
||||
TransactionError::OK,
|
||||
TransactionError::MISSING_INPUTS,
|
||||
TransactionError::ALREADY_IN_CHAIN,
|
||||
TransactionError::P2P_DISABLED,
|
||||
TransactionError::MEMPOOL_REJECTED,
|
||||
TransactionError::MEMPOOL_ERROR,
|
||||
TransactionError::INVALID_PSBT,
|
||||
TransactionError::PSBT_MISMATCH,
|
||||
TransactionError::SIGHASH_MISMATCH,
|
||||
TransactionError::MAX_FEE_EXCEEDED,
|
||||
};
|
||||
|
||||
constexpr FeeEstimateHorizon ALL_FEE_EST_HORIZON[] = {
|
||||
FeeEstimateHorizon::SHORT_HALFLIFE,
|
||||
FeeEstimateHorizon::MED_HALFLIFE,
|
||||
FeeEstimateHorizon::LONG_HALFLIFE,
|
||||
};
|
||||
|
||||
constexpr OutputType ALL_OUTPUT_TYPE[] = {
|
||||
OutputType::LEGACY,
|
||||
OutputType::P2SH_SEGWIT,
|
||||
OutputType::BECH32,
|
||||
};
|
||||
}; // namespace
|
||||
|
||||
// The fuzzing kitchen sink: Fuzzing harness for functions that need to be
|
||||
// fuzzed but a.) don't belong in any existing fuzzing harness file, and
|
||||
// b.) are not important enough to warrant their own fuzzing harness file.
|
||||
|
@ -19,8 +49,23 @@ FUZZ_TARGET(kitchen_sink)
|
|||
{
|
||||
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||
|
||||
const TransactionError transaction_error = fuzzed_data_provider.PickValueInArray<TransactionError>({TransactionError::OK, TransactionError::MISSING_INPUTS, TransactionError::ALREADY_IN_CHAIN, TransactionError::P2P_DISABLED, TransactionError::MEMPOOL_REJECTED, TransactionError::MEMPOOL_ERROR, TransactionError::INVALID_PSBT, TransactionError::PSBT_MISMATCH, TransactionError::SIGHASH_MISMATCH, TransactionError::MAX_FEE_EXCEEDED});
|
||||
const TransactionError transaction_error = fuzzed_data_provider.PickValueInArray(ALL_TRANSACTION_ERROR);
|
||||
(void)JSONRPCTransactionError(transaction_error);
|
||||
(void)RPCErrorFromTransactionError(transaction_error);
|
||||
(void)TransactionErrorString(transaction_error);
|
||||
|
||||
(void)StringForFeeEstimateHorizon(fuzzed_data_provider.PickValueInArray(ALL_FEE_EST_HORIZON));
|
||||
|
||||
const OutputType output_type = fuzzed_data_provider.PickValueInArray(ALL_OUTPUT_TYPE);
|
||||
const std::string& output_type_string = FormatOutputType(output_type);
|
||||
OutputType output_type_parsed;
|
||||
const bool parsed = ParseOutputType(output_type_string, output_type_parsed);
|
||||
assert(parsed);
|
||||
assert(output_type == output_type_parsed);
|
||||
(void)ParseOutputType(fuzzed_data_provider.ConsumeRandomLengthString(64), output_type_parsed);
|
||||
|
||||
const std::vector<uint8_t> bytes = ConsumeRandomLengthByteVector(fuzzed_data_provider);
|
||||
const std::vector<bool> bits = BytesToBits(bytes);
|
||||
const std::vector<uint8_t> bytes_decoded = BitsToBytes(bits);
|
||||
assert(bytes == bytes_decoded);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue