From 546a0764f3b701ee07f5a8d168e2a58fed6b46d5 Mon Sep 17 00:00:00 2001 From: practicalswift Date: Thu, 12 Nov 2020 15:06:45 +0000 Subject: [PATCH 1/2] fuzz: Fill various small fuzzing gaps --- src/test/fuzz/kitchen_sink.cpp | 47 +++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/src/test/fuzz/kitchen_sink.cpp b/src/test/fuzz/kitchen_sink.cpp index 0656ddc54764f..5b8ae5d4fbdcc 100644 --- a/src/test/fuzz/kitchen_sink.cpp +++ b/src/test/fuzz/kitchen_sink.cpp @@ -2,6 +2,8 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. +#include +#include #include #include #include @@ -9,9 +11,37 @@ #include #include +#include #include #include +namespace { +constexpr TransactionError ALL_TRANSACTION_ERROR[] = { + TransactionError::OK, + TransactionError::MISSING_INPUTS, + TransactionError::ALREADY_IN_CHAIN, + TransactionError::P2P_DISABLED, + TransactionError::MEMPOOL_REJECTED, + TransactionError::MEMPOOL_ERROR, + TransactionError::INVALID_PSBT, + TransactionError::PSBT_MISMATCH, + TransactionError::SIGHASH_MISMATCH, + TransactionError::MAX_FEE_EXCEEDED, +}; + +constexpr FeeEstimateHorizon ALL_FEE_EST_HORIZON[] = { + FeeEstimateHorizon::SHORT_HALFLIFE, + FeeEstimateHorizon::MED_HALFLIFE, + FeeEstimateHorizon::LONG_HALFLIFE, +}; + +constexpr OutputType ALL_OUTPUT_TYPE[] = { + OutputType::LEGACY, + OutputType::P2SH_SEGWIT, + OutputType::BECH32, +}; +}; // namespace + // The fuzzing kitchen sink: Fuzzing harness for functions that need to be // fuzzed but a.) don't belong in any existing fuzzing harness file, and // b.) are not important enough to warrant their own fuzzing harness file. @@ -19,8 +49,23 @@ FUZZ_TARGET(kitchen_sink) { FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); - const TransactionError transaction_error = fuzzed_data_provider.PickValueInArray({TransactionError::OK, TransactionError::MISSING_INPUTS, TransactionError::ALREADY_IN_CHAIN, TransactionError::P2P_DISABLED, TransactionError::MEMPOOL_REJECTED, TransactionError::MEMPOOL_ERROR, TransactionError::INVALID_PSBT, TransactionError::PSBT_MISMATCH, TransactionError::SIGHASH_MISMATCH, TransactionError::MAX_FEE_EXCEEDED}); + const TransactionError transaction_error = fuzzed_data_provider.PickValueInArray(ALL_TRANSACTION_ERROR); (void)JSONRPCTransactionError(transaction_error); (void)RPCErrorFromTransactionError(transaction_error); (void)TransactionErrorString(transaction_error); + + (void)StringForFeeEstimateHorizon(fuzzed_data_provider.PickValueInArray(ALL_FEE_EST_HORIZON)); + + const OutputType output_type = fuzzed_data_provider.PickValueInArray(ALL_OUTPUT_TYPE); + const std::string& output_type_string = FormatOutputType(output_type); + OutputType output_type_parsed; + const bool parsed = ParseOutputType(output_type_string, output_type_parsed); + assert(parsed); + assert(output_type == output_type_parsed); + (void)ParseOutputType(fuzzed_data_provider.ConsumeRandomLengthString(64), output_type_parsed); + + const std::vector bytes = ConsumeRandomLengthByteVector(fuzzed_data_provider); + const std::vector bits = BytesToBits(bytes); + const std::vector bytes_decoded = BitsToBytes(bits); + assert(bytes == bytes_decoded); } From 4ddbcd0d9abe40cd387e63d8c4817e0fe36004dc Mon Sep 17 00:00:00 2001 From: practicalswift Date: Thu, 12 Nov 2020 15:07:53 +0000 Subject: [PATCH 2/2] fuzz: Add coverage for CDataStream consumer --- src/Makefile.test.include | 1 + src/test/fuzz/data_stream.cpp | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 src/test/fuzz/data_stream.cpp diff --git a/src/Makefile.test.include b/src/Makefile.test.include index cbfe93df0a827..54e18f6920f28 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -210,6 +210,7 @@ test_fuzz_fuzz_SOURCES = \ test/fuzz/crypto_hkdf_hmac_sha256_l32.cpp \ test/fuzz/crypto_poly1305.cpp \ test/fuzz/cuckoocache.cpp \ + test/fuzz/data_stream.cpp \ test/fuzz/decode_tx.cpp \ test/fuzz/descriptor_parse.cpp \ test/fuzz/deserialize.cpp \ diff --git a/src/test/fuzz/data_stream.cpp b/src/test/fuzz/data_stream.cpp new file mode 100644 index 0000000000000..28fc528cebc96 --- /dev/null +++ b/src/test/fuzz/data_stream.cpp @@ -0,0 +1,25 @@ +// Copyright (c) 2020 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include +#include +#include +#include +#include + +#include +#include + +void initialize_data_stream_addr_man() +{ + InitializeFuzzingContext(); +} + +FUZZ_TARGET_INIT(data_stream_addr_man, initialize_data_stream_addr_man) +{ + FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; + CDataStream data_stream = ConsumeDataStream(fuzzed_data_provider); + CAddrMan addr_man; + CAddrDB::Read(addr_man, data_stream); +}