fuzz: Create a block template in tx_pool targets

2025-01-10 11:57:28 -03:00 · 2021-04-28 21:04:14 +02:00 · 2021-04-28 21:04:14 +02:00 · fa03d0acd6
commit fa03d0acd6
parent fa61ce5cf5
2 changed files with 28 additions and 13 deletions
--- a/src/test/fuzz/tx_pool.cpp
+++ b/src/test/fuzz/tx_pool.cpp
@ -3,6 +3,7 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #include <consensus/validation.h>
+#include <miner.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
@ -77,6 +78,29 @@ void SetMempoolConstraints(ArgsManager& args, FuzzedDataProvider& fuzzed_data_pr
                     ToString(fuzzed_data_provider.ConsumeIntegralInRange<unsigned>(0, 999)));
 }

+void Finish(FuzzedDataProvider& fuzzed_data_provider, MockedTxPool& tx_pool, CChainState& chainstate)
+{
+    WITH_LOCK(::cs_main, tx_pool.check(chainstate));
+    {
+        BlockAssembler::Options options;
+        options.nBlockMaxWeight = fuzzed_data_provider.ConsumeIntegralInRange(0U, MAX_BLOCK_WEIGHT);
+        options.blockMinFeeRate = CFeeRate{ConsumeMoney(fuzzed_data_provider)};
+        auto assembler = BlockAssembler{chainstate, *static_cast<CTxMemPool*>(&tx_pool), ::Params(), options};
+        auto block_template = assembler.CreateNewBlock(CScript{} << OP_TRUE);
+        Assert(block_template->block.vtx.size() >= 1);
+    }
+    const auto info_all = tx_pool.infoAll();
+    if (!info_all.empty()) {
+        const auto& tx_to_remove = *PickValue(fuzzed_data_provider, info_all).tx;
+        WITH_LOCK(tx_pool.cs, tx_pool.removeRecursive(tx_to_remove, /* dummy */ MemPoolRemovalReason::BLOCK));
+        std::vector<uint256> all_txids;
+        tx_pool.queryHashes(all_txids);
+        assert(all_txids.size() < info_all.size());
+        WITH_LOCK(::cs_main, tx_pool.check(chainstate));
+    }
+    SyncWithValidationInterfaceQueue();
+}
+
 void MockTime(FuzzedDataProvider& fuzzed_data_provider, const CChainState& chainstate)
 {
    const auto time = ConsumeTime(fuzzed_data_provider,
@ -245,17 +269,7 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
            }
        }
    }
-    WITH_LOCK(::cs_main, tx_pool.check(chainstate));
-    const auto info_all = tx_pool.infoAll();
-    if (!info_all.empty()) {
-        const auto& tx_to_remove = *PickValue(fuzzed_data_provider, info_all).tx;
-        WITH_LOCK(tx_pool.cs, tx_pool.removeRecursive(tx_to_remove, /* dummy */ MemPoolRemovalReason::BLOCK));
-        std::vector<uint256> all_txids;
-        tx_pool.queryHashes(all_txids);
-        assert(all_txids.size() < info_all.size());
-        WITH_LOCK(::cs_main, tx_pool.check(chainstate));
-    }
-    SyncWithValidationInterfaceQueue();
+    Finish(fuzzed_data_provider, tx_pool, chainstate);
 }

 FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
@ -308,8 +322,7 @@ FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
        if (accepted) {
            txids.push_back(tx->GetHash());
        }
-
-        SyncWithValidationInterfaceQueue();
    }
+    Finish(fuzzed_data_provider, tx_pool, chainstate);
 }
 } // namespace
--- a/test/sanitizer_suppressions/ubsan
+++ b/test/sanitizer_suppressions/ubsan
@ -5,6 +5,8 @@
 # names can be used.
 # See https://github.com/google/sanitizers/issues/1364
 signed-integer-overflow:txmempool.cpp
+# https://github.com/bitcoin/bitcoin/pull/21798#issuecomment-829180719
+signed-integer-overflow:policy/feerate.cpp

 # -fsanitize=integer suppressions
 # ===============================