tests: Add fuzzing harnesses for various Base{32,58,64} and hex related functions

practicalswift commented at 3:27 pm on October 23, 2019: contributor

Add fuzzing harnesses for various Base{32,58,64} and hex related functions.

Testing this PR

Run:

0$ CC=clang CXX=clang++ ./configure --enable-fuzz \
1      --with-sanitizers=address,fuzzer,undefined
2$ make
3$ src/test/fuzz/base_encode_decode
4…
5$ src/test/fuzz/hex
6…

practicalswift force-pushed on Oct 23, 2019

fanquake added the label Tests on Oct 23, 2019

DrahtBot commented at 8:26 pm on October 23, 2019: member

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#17071 (tests: Add fuzzing harness for CheckBlock(…) and other CBlock related functions by practicalswift)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

practicalswift force-pushed on Nov 5, 2019

DrahtBot added the label Needs rebase on Nov 5, 2019

practicalswift force-pushed on Nov 6, 2019

DrahtBot removed the label Needs rebase on Nov 6, 2019

practicalswift force-pushed on Nov 7, 2019

practicalswift force-pushed on Nov 8, 2019

DrahtBot added the label Needs rebase on Dec 6, 2019

practicalswift force-pushed on Dec 6, 2019

practicalswift commented at 9:21 am on December 6, 2019: contributor

Rebased! :)

DrahtBot removed the label Needs rebase on Dec 6, 2019

in src/test/fuzz/base_encode_decode.cpp:23 in c6a20631dd outdated

18+
19+    std::vector<unsigned char> decoded;
20+    if (DecodeBase58(random_encoded_string, decoded)) {
21+        const std::string encoded_string = EncodeBase58(decoded);
22+        assert(encoded_string == SanitizeString(encoded_string, SAFE_CHARS_BASE58));
23+        const std::string sanitized_random_encoded_string = SanitizeString(random_encoded_string, SAFE_CHARS_BASE58);

MarcoFalke commented at 8:16 pm on December 9, 2019:

All this does is strip the whitespace? Seems overkill to extend the generic helper SanitizeString for this use case.

practicalswift commented at 4:33 pm on December 10, 2019:

No, random_encoded_string can contain all kinds of crap and still pass DecodeBase58 so it is not only for whitespace removal. To properly fuzz test this then knowledge of SAFE_CHARS_BASE58 is needed, but if you want I can make the sanitation machinery local to the this file?

MarcoFalke commented at 4:39 pm on December 10, 2019:

Can you explain what kind of crap makes it pass? And does that sound like a bug where it should return false instead?

practicalswift commented at 4:44 pm on December 10, 2019:

@MarcoFalke ~~Oh, I don’t think it is an indication of a bug –~~ sorry for using sloppy language :) With “all kinds of crap” I simply meant characters outside of SAFE_CHARS_BASE58. I’ll get back with a more specific code example :)

practicalswift commented at 11:10 pm on December 10, 2019:

Consider these cases:

str contains good → DecodeBase58(const std::string& str, …) == true (as expected)
str contains bad0IOl → DecodeBase58(const std::string& str, …) == false (as expected)
str contains good\x00bad0IOl → DecodeBase58(const std::string& str, …) == true(!)

The reason is that DecodeBase58(const std::string& str, …) calls DecodeBase58(const char* psz, …) which will only consider the string up to the first \x00.

MarcoFalke commented at 11:26 pm on December 10, 2019:

So instead of SanitizeString, the string could be shortened and trimmed of whitespace in the fuzzer?

practicalswift commented at 11:32 pm on December 10, 2019:

I’m not sure that is the way to go: \x00 is not whitespace :)

WDYT: shouldn’t DecodeBase58(const std::string& str, …) return false when passed a str which contains at least one character that is not any of the base58 characters (all alphanumeric characters except for “0”, “I”, “O”, and “l”) or the whitespace characters?

practicalswift commented at 3:14 pm on December 11, 2019:

Now adjusted fuzz tested code to make the invariant more sane :)

practicalswift force-pushed on Dec 9, 2019

practicalswift commented at 8:30 pm on December 9, 2019: contributor

Rebased! :)

practicalswift force-pushed on Dec 11, 2019

DrahtBot added the label Needs rebase on Dec 12, 2019

practicalswift force-pushed on Dec 12, 2019

DrahtBot removed the label Needs rebase on Dec 12, 2019

DrahtBot added the label Needs rebase on Dec 13, 2019

practicalswift force-pushed on Dec 13, 2019

DrahtBot removed the label Needs rebase on Dec 13, 2019

DrahtBot added the label Needs rebase on Dec 16, 2019

tests: Add corpora suppression (FUZZERS_MISSING_CORPORA) for fuzzers missing in https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus 22d9bae36f

util: Move TrimString(...). Introduce default pattern (trims whitespace). Add NODISCARD. 32e27129ff

tests: Add fuzzing harness for various Base{32,58,64} related functions 526dd78bed

tests: Add fuzzing harness for various hex related functions c18405732e

practicalswift force-pushed on Dec 16, 2019

DrahtBot removed the label Needs rebase on Dec 16, 2019

MarcoFalke commented at 0:10 am on December 17, 2019: member

ACK c18405732e38eadb2c47533c3f982f4605fbfd9a 🔁

Signature:

 0-----BEGIN PGP SIGNED MESSAGE-----
 1Hash: SHA512
 2
 3ACK c18405732e38eadb2c47533c3f982f4605fbfd9a 🔁
 4-----BEGIN PGP SIGNATURE-----
 5
 6iQGzBAEBCgAdFiEE+rVPoUahrI9sLGYTzit1aX5ppUgFAlwqrYAACgkQzit1aX5p
 7pUiRkQwAzifZDinuiY69gCNY7zItA/6qtOrQCr5xI9XT/cXhnmxujZ3kUOhV6Up4
 85TURghwN8nPvmhoGQGRUdLKcRIukT7fOpY4nm4ZUF1ixP+ptU76tqMRvbEvmW7+n
 9cJFiQdRf6orw4BQDmzs8Mn6bAzbDy0R6rZQaVOOWC3t8gm5GYxgyxF1GCaaCiObN
101RCHk7w/cPtECYtF/jn6mGQ+x1QjFTnM4jfE6eoZ4MK8ZQQH83KpPHFbaDkUdZVr
11JDDTgj36fvZDMG5lHwq3Kl1H4n6935gnn5scpg/RJDBWR/b6/OtDWbOgD5NKYeB0
12TxYzEOcvc2VZMHniZY+0U5QGG1V2E4b2i8VTXKprvS78HFFBHGBFaEs0x8Khw++y
136PiMm5pl5NNsrupqhFZjKok1ovcYhdW/R20UUenuoreBdNxn2gbxHusrby7fqyLU
14Mh1EjobV9+2j6hoq31RruhDhEEci9hGYQIkViGxp9WE30zIQnfMaydWK8WXqo2j9
15mzRQTJm4
16=fMYZ
17-----END PGP SIGNATURE-----

Timestamp of file with hash f74c2496a35f1208847a8485a6f49081e34fb06b514fa83512932463fc23f7a6 -

MarcoFalke referenced this in commit 03dfa36641 on Dec 17, 2019

MarcoFalke merged this on Dec 17, 2019

MarcoFalke closed this on Dec 17, 2019

sidhujag referenced this in commit 8376f36622 on Dec 17, 2019

jonatack commented at 10:17 am on December 18, 2019: member

ACK c18405732e38eadb2c47533c3f982f4605fbfd9a - code review and tested on master posthumously :running_man:

0bitcoin/bitcoin (master)$ src/test/fuzz/base_encode_decode
1INFO: Seed: 1034069505
2INFO: Loaded 1 modules   (5201 inline 8-bit counters): 5201 [0x559140d7b920, 0x559140d7cd71), 
3INFO: Loaded 1 PC tables (5201 PCs): 5201 [0x559140d7cd78,0x559140d91288), 
4INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
5INFO: A corpus is not provided, starting from an empty corpus
6[#2](/bitcoin-bitcoin/2/)	INITED cov: 451 ft: 452 corp: 1/1b lim: 4 exec/s: 0 rss: 41Mb
7[#3](/bitcoin-bitcoin/3/)	NEW    cov: 460 ft: 557 corp: 2/3b lim: 4 exec/s: 0 rss: 41Mb L: 2/2 MS: 1 InsertByte-
8[#5](/bitcoin-bitcoin/5/)	NEW    cov: 460 ft: 559 corp: 3/5b lim: 4 exec/s: 0 rss: 41Mb L: 2/2 MS: 2 ShuffleBytes-CopyPart-
9[#7](/bitcoin-bitcoin/7/)	NEW    cov: 461 ft: 560 corp: 4/7b lim: 4 exec/s: 0 rss: 41Mb L: 2/2 MS: 2 ShuffleBytes-ChangeBit-

0bitcoin/bitcoin (master)$ src/test/fuzz/hex
1INFO: Seed: 1110008671
2INFO: Loaded 1 modules   (3630 inline 8-bit counters): 3630 [0x5602274bbe40, 0x5602274bcc6e), 
3INFO: Loaded 1 PC tables (3630 PCs): 3630 [0x5602274bcc70,0x5602274caf50), 
4INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
5INFO: A corpus is not provided, starting from an empty corpus
6[#2](/bitcoin-bitcoin/2/)	INITED cov: 176 ft: 177 corp: 1/1b lim: 4 exec/s: 0 rss: 41Mb
7[#5](/bitcoin-bitcoin/5/)	NEW    cov: 183 ft: 197 corp: 2/3b lim: 4 exec/s: 0 rss: 41Mb L: 2/2 MS: 3 ShuffleBytes-ShuffleBytes-InsertByte-
8[#6](/bitcoin-bitcoin/6/)	NEW    cov: 183 ft: 198 corp: 3/5b lim: 4 exec/s: 0 rss: 41Mb L: 2/2 MS: 1 InsertByte-
9[#7](/bitcoin-bitcoin/7/)	NEW    cov: 184 ft: 212 corp: 4/7b lim: 4 exec/s: 0 rss: 41Mb L: 2/2 MS: 1 ShuffleBytes-

MarkLTZ referenced this in commit 3ec6a5c547 on Apr 9, 2020

jasonbcox referenced this in commit 8d2bf01c5c on Oct 28, 2020

sidhujag referenced this in commit 47fb077cca on Nov 10, 2020

practicalswift deleted the branch on Apr 10, 2021

kittywhiskers referenced this in commit 894d29bf9c on May 25, 2021

UdjinM6 referenced this in commit 45b894103b on May 28, 2021

kittywhiskers referenced this in commit 9f0b8ad0ef on Feb 27, 2022

kittywhiskers referenced this in commit 2d707aada4 on Feb 27, 2022

kittywhiskers referenced this in commit c731fbea06 on Feb 28, 2022

kittywhiskers referenced this in commit 71e3f90a61 on Feb 28, 2022

kittywhiskers referenced this in commit f5d39352e8 on Feb 28, 2022

kittywhiskers referenced this in commit 841a19b4f0 on Mar 13, 2022

kittywhiskers referenced this in commit 933efc36fc on Mar 24, 2022

gades referenced this in commit 0f34b01820 on Apr 26, 2022

DrahtBot locked this on Aug 16, 2022

tests: Add fuzzing harnesses for various Base{32,58,64} and hex related functions #17229

Conflicts