tests: Fix bug in the descriptor parsing fuzzing harness (descriptor_parse) #17685

pull practicalswift wants to merge 1 commits into bitcoin:master from practicalswift:fix-descriptor_parse-fuzzing-harness changing 1 files +3 −0

practicalswift commented at 6:44 PM on December 6, 2019: contributor

Fix bug in the descriptor parsing fuzzing harness (descriptor_parse) by making sure secp256k1_context_verify is properly initialized (via ECCVerifyHandle).

Background:

When fuzzing Parse(…) with libFuzzer I eventually reached the test case combo(020000000000000000000000000000000000000000000000000000000000000000). That input triggers a call to CPubKey::IsFullyValid() which in turns requires an initialized secp256k1_context_verify.

The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :)

Before:

$ mkdir descriptors/
$ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input
$ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/
…
pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null
secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here
    [#0](/bitcoin-bitcoin/0/) 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12
    [#1](/bitcoin-bitcoin/1/) 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24
    [#2](/bitcoin-bitcoin/2/) 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42
    [#3](/bitcoin-bitcoin/3/) 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23
    [#4](/bitcoin-bitcoin/4/) 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16
    [#5](/bitcoin-bitcoin/5/) 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9
…
$

After:

$ mkdir descriptors/
$ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input
$ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/
…
Done 2 runs in 0 second(s)
$

tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) 6338c02034
fanquake added the label Tests on Dec 6, 2019
paymog commented at 9:17 AM on December 7, 2019: none

ACK
practicalswift commented at 9:26 AM on December 7, 2019: contributor
@paymog Thanks for reviewing! Don't forget to include the commit hash after your ACK to specify which version of the PR you are ACK:ing :)

Example:
```
ACK 123450203416a5f86e9422b6cd479da8af212345
```
paymog commented at 9:14 AM on December 8, 2019: none

@practicalswift got it. Thanks for the patience.

ACK 6338c0203416a5f86e9422b6cd479da8af277f2f
MarcoFalke commented at 6:11 PM on December 8, 2019: member

Added seed to repo https://github.com/bitcoin-core/qa-assets/commit/e4d36ec288eb279cfc94c1efad37d7f2e83a8f32
MarcoFalke commented at 6:15 PM on December 8, 2019: member

Reproduced locally and on travis: https://travis-ci.org/MarcoFalke/bitcoin-core/jobs/622111801#L2555

MarcoFalke commented at 6:16 PM on December 8, 2019: member

ACK 6338c0203416a5f86e9422b6cd479da8af277f2f 🕊

<details><summary>Show signature and timestamp</summary>

Signature:

Timestamp of file with hash 51bfacd787b0f6e2ea09de38dac6c9cb84ea0cfb076535f6fd318d6881cd01d7 -

</details>

MarcoFalke referenced this in commit bb03765e2d on Dec 8, 2019
MarcoFalke merged this on Dec 8, 2019
MarcoFalke closed this on Dec 8, 2019
sidhujag referenced this in commit 053430cbeb on Dec 9, 2019
jasonbcox referenced this in commit fed8c74652 on Jul 10, 2020
sidhujag referenced this in commit 4c313bc4c0 on Nov 10, 2020
practicalswift deleted the branch on Apr 10, 2021
kittywhiskers referenced this in commit bffafcaf10 on May 7, 2022
kittywhiskers referenced this in commit 1b3265e5a1 on May 7, 2022
knst referenced this in commit e571a107c3 on May 26, 2022
knst referenced this in commit 48aee47590 on May 27, 2022
knst referenced this in commit 166be67407 on May 30, 2022
UdjinM6 referenced this in commit ab3b4a520a on Jun 3, 2022
DrahtBot locked this on Aug 16, 2022

Contributors

Labels

Linked (view graph)

#1 JSON-RPC support for mobile devices ("ultra-lightweight" clients)#2 Long-term, safe, store-of-value #3 Encrypt wallet #4 Export/Import wallet in a human readable, future-proof format #5 Make the version number the protocol version and not the client version