phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-10 11:57:28 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fuzz: Extend script fuzz test

Browse source
This commit is contained in:
MarcoFalke 2020-04-04 01:32:39 +08:00
parent f0d6487e29
commit fa86edf66d
No known key found for this signature in database
GPG key ID: CE2B75697E69A548
1 changed files with 26 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/test/fuzz/script.cpp
View file

@ -9,6 +9,7 @@
#include <policy/policy.h>
#include <pubkey.h>
#include <script/descriptor.h>
#include <script/interpreter.h>
#include <script/script.h>
#include <script/sign.h>
#include <script/signingprovider.h>
@ -30,7 +31,10 @@ void initialize()
void test_one_input(const std::vector<uint8_t>& buffer)
{
const CScript script(buffer.begin(), buffer.end());
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
const Optional<CScript> script_opt = ConsumeDeserializable<CScript>(fuzzed_data_provider);
if (!script_opt) return;
const CScript script{*script_opt};
std::vector<unsigned char> compressed;
if (CompressScript(script, compressed)) {
@ -89,12 +93,30 @@ void test_one_input(const std::vector<uint8_t>& buffer)
ScriptToUniv(script, o4, false);
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
const std::vector<uint8_t> bytes = ConsumeRandomLengthByteVector(fuzzed_data_provider);
// DecompressScript(..., ..., bytes) is not guaranteed to be defined if bytes.size() <= 23.
if (bytes.size() >= 24) {
// DecompressScript(..., ..., bytes) is not guaranteed to be defined if the bytes vector is too short
if (bytes.size() >= 32) {
CScript decompressed_script;
DecompressScript(decompressed_script, fuzzed_data_provider.ConsumeIntegral<unsigned int>(), bytes);
}
}
const Optional<CScript> other_script = ConsumeDeserializable<CScript>(fuzzed_data_provider);
if (other_script) {
{
CScript script_mut{script};
(void)FindAndDelete(script_mut, *other_script);
}
const std::vector<std::string> random_string_vector = ConsumeRandomLengthStringVector(fuzzed_data_provider);
const uint32_t u32{fuzzed_data_provider.ConsumeIntegral<uint32_t>()};
const uint32_t flags{u32 | SCRIPT_VERIFY_P2SH};
{
CScriptWitness wit;
for (const auto& s : random_string_vector) {
wit.stack.emplace_back(s.begin(), s.end());
}
(void)CountWitnessSigOps(script, *other_script, &wit, flags);
wit.SetNull();
}
}
}