phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-15 14:22:37 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
bitcoin/src/test/fuzz
History
MarcoFalke 4d5eaf7a90
Merge #20995: fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION 
fad3d7625a fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION (MarcoFalke)
fa99e33aeb fuzz: move-only FillNode implementation to cpp file (MarcoFalke)

Pull request description:

  This fixes a fuzz bug introduced in #20881. Previously the nodes in the fuzz tests had their version initialized to a constant (`PROTOCOL_VERSION`). After #20881, the nodes have their version initialized to an arbitrary signed integer. This is problematic for several reasons:

  * Both `nVersion` and `m_greatest_common_version` may be initialized to `0`. If a `version` message is processed, this leads to a crash, because `m_greatest_common_version` must be `INIT_PROTO_VERSION` while the `version` message is processed. See #20138
  * The "valid" range for `nVersion` is `[MIN_PEER_PROTO_VERSION, std::numeric_limits<int32_t>::max()]` (see check in net_processing)
  * The "valid" range for `m_greatest_common_version` is `std::min(nVersion, PROTOCOL_VERSION)` (see net_processing)

  Fix all issues by initializing `nVersion` and `m_greatest_common_version` to their valid ranges.

  -----

  The crashers, if someone wants to try this at home:

  ```
  ( echo 'dmVyc2lvbgAWFhYWFhYWFhYWFhYWFhYWFhYWFhZp/29uAPX//xYWFhYWFhYWFhYWFhYWFhYWFhYW
  FhYWFhYWaW9uAOr1//8WFhYWFha0ZXJzaW9uAPX//wAAAAAAABAAAAAAAAAAAAC0ZXJzaW9uAPX/
  /wBPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT08AAAAAABAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAB2ZXJzaW9uAACDJIO9vXYKAAAAAAAAAAAAAAAAAAAAAAB2ZfS1qmu1qhUVFWs=' | base64 --decode > /tmp/a ) && FUZZ=process_message_version ./src/test/fuzz/fuzz /tmp/a
  ```
  ```
  ( echo 'dmVyc2lvbgD//wAhTmiqN///NDcAAACENDL/iv//8DYAAHL///////79/RtcAJqamhqa/QEAAAD/
  ///+/f1oZWFkZXJzAAAAAM8BAAAAIAYibkYRGgtZyq8SaGVhZGVycwAAAAD/NDcAAACENDL/iv//
  8DYAAHL///////79/RtcAJqamhqa/QEAAAD////+/f1oZWFkZXJzAAAAAM8BAAAAIAYibkYRGgtZ
  yq8SaGVhZGVycwAAAADPAQAAACAGIm5GERoLWS1wb3J061u/KMNPOkwFXqZ///b5IgIAAD+5ubkb
  XD5hZGRyAJqamhqasP0BAAAAAAAAAP0BAAAAIf39/R0dHQAAAAAAMgAA///7//+gXqZ///b5IgIA
  AD+5ubm5ubm5AAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAFgAAAAAAAAAAAAlBmv39/f1/f39B
  f39hZGRyAG5vAACaLgAdGzY2zwEAAAAgBiJuRhEaC1ktcG9ydOtbvyjDTzpMBV6mf//2+SICAAA/
  ubm5G1w+YWRkcgCampoamrD9AQAAAAAAAAD9AQAAACH9/f0dHR0AAAAAADIAAP//+///oF6mf//2
  +SICAAA/ubm5ubm5uQAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAABYAAAAAAAAAAAAJQZr9/f39
  f39/QX9/YWRkcgBubwAAmi4AHRs2NjY2NjY2NjYCAgI2NgIA/f39/f39Nv39/TUmABxc' | base64 --decode > /tmp/b ) && FUZZ=process_message_version ./src/test/fuzz/fuzz /tmp/b
  ```

ACKs for top commit:
  practicalswift:
    cr ACK fad3d7625a

Tree-SHA512: ea64ee99b94d8e619e3949d2d21252c1236412c0e40f44f2b73595ca70cd2da0bdab005fb1a54f65fb291e7b07fdd33577ce4a3a078ca933246b511ebcb0e52a
2021-01-28 15:13:25 +01:00
..
addition_overflow.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
addrdb.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
addrman.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
asmap.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
asmap_direct.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
autofile.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
banman.cpp fuzz: Consolidate fuzzing TestingSetup initialization 2021-01-21 09:29:42 -05:00
base_encode_decode.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
bech32.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
block.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
block_header.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
blockfilter.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
bloom_filter.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
buffered_file.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
chain.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
checkqueue.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
coins_view.cpp fuzz: Initialize a full TestingSetup where appropriate 2021-01-21 09:29:42 -05:00
connman.cpp fuzz: Consolidate fuzzing TestingSetup initialization 2021-01-21 09:29:42 -05:00
crypto.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
crypto_aes256.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
crypto_aes256cbc.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
crypto_chacha20.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
crypto_chacha20_poly1305_aead.cpp fuzz: Avoid -fsanitize=integer warnings in fuzzing harnesses 2021-01-25 20:55:36 +00:00
crypto_common.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
crypto_hkdf_hmac_sha256_l32.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
crypto_poly1305.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
cuckoocache.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
danger_link_all.sh build: Add option --enable-danger-fuzz-link-all 2020-12-14 16:55:56 +01:00
data_stream.cpp fuzz: Consolidate fuzzing TestingSetup initialization 2021-01-21 09:29:42 -05:00
decode_tx.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
descriptor_parse.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
deserialize.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
eval_script.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
fee_rate.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
fees.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
flatfile.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
float.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
fuzz.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
fuzz.h scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
FuzzedDataProvider.h fuzz: Bump FuzzedDataProvider.h 2020-12-31 08:49:10 +01:00
golomb_rice.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
hex.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
http_request.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
integer.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
key.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
key_io.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
kitchen_sink.cpp refactor: Use C++17 std::array deduction for ALL_FEE_ESTIMATE_HORIZONS 2021-01-03 18:38:31 +01:00
load_external_block_file.cpp fuzz: Initialize a full TestingSetup where appropriate 2021-01-21 09:29:42 -05:00
locale.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
merkleblock.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
message.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
muhash.cpp fuzz: Add missing muhash registration 2021-01-08 09:40:50 +01:00
multiplication_overflow.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
net.cpp fuzz: Consolidate fuzzing TestingSetup initialization 2021-01-21 09:29:42 -05:00
net_permissions.cpp fuzz: Add ConsumeWeakEnum helper, Extract ALL_NET_PERMISSION_FLAGS 2021-01-02 15:07:07 +01:00
netaddress.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
node_eviction.cpp tests: Add fuzzing harness for node eviction logic 2020-12-16 13:00:47 +00:00
p2p_transport_deserializer.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
parse_hd_keypath.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
parse_iso8601.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
parse_numbers.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
parse_script.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
parse_univalue.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
policy_estimator.cpp fuzz: Consolidate fuzzing TestingSetup initialization 2021-01-21 09:29:42 -05:00
policy_estimator_io.cpp fuzz: Consolidate fuzzing TestingSetup initialization 2021-01-21 09:29:42 -05:00
pow.cpp fuzz: Avoid -fsanitize=integer warnings in fuzzing harnesses 2021-01-25 20:55:36 +00:00
prevector.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
primitives_transaction.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
process_message.cpp fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION 2021-01-23 20:04:37 +01:00
process_messages.cpp fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION 2021-01-23 20:04:37 +01:00
protocol.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
psbt.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
random.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
rbf.cpp Merge #20560: fuzz: Link all targets once 2020-12-15 19:00:36 +01:00
rolling_bloom_filter.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
script.cpp fuzz: Avoid -fsanitize=integer warnings in fuzzing harnesses 2021-01-25 20:55:36 +00:00
script_assets_test_minimizer.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
script_bitcoin_consensus.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
script_descriptor_cache.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
script_flags.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
script_interpreter.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
script_ops.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
script_sigcache.cpp Merge #20560: fuzz: Link all targets once 2020-12-15 19:00:36 +01:00
script_sign.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
scriptnum_ops.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
secp256k1_ec_seckey_import_export_der.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
secp256k1_ecdsa_signature_parse_der_lax.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
signature_checker.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
signet.cpp fuzz: Consolidate fuzzing TestingSetup initialization 2021-01-21 09:29:42 -05:00
span.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
spanparsing.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
string.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
strprintf.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
system.cpp fuzz: Introduce CallOneOf helper to replace switch-case 2021-01-11 10:37:16 +01:00
timedata.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
transaction.cpp Merge #20560: fuzz: Link all targets once 2020-12-15 19:00:36 +01:00
tx_in.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
tx_out.cpp scripted-diff: Bump copyright headers 2020-12-31 09:45:41 +01:00
txrequest.cpp fuzz: Link all targets once 2020-12-10 07:15:42 +01:00
util.cpp fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION 2021-01-23 20:04:37 +01:00
util.h Merge #20995: fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION 2021-01-28 15:13:25 +01:00