Fuzzing Bug undefined-behavior pubkey.cpp:210:38 #17729

issue JeremyRubin opened this issue on December 11, 2019
  1. JeremyRubin commented at 11:43 PM on December 11, 2019: contributor

    Saw the following failure on travis:

    cc @practicalswift

    travis_fold:start:fuzz-tests
Fuzz targets found: ['address_deserialize', 'addrman_deserialize', 'banentry_deserialize', 'bech32', 'block_deserialize', 'blockheader_deserialize', 'blocklocator_deserialize', 'blockmerkleroot', 'blocktransactions_deserialize', 'blocktransactionsrequest_deserialize', 'blockundo_deserialize', 'bloomfilter_deserialize', 'coins_deserialize', 'descriptor_parse', 'diskblockindex_deserialize', 'eval_script', 'inv_deserialize', 'messageheader_deserialize', 'netaddr_deserialize', 'parse_iso8601', 'psbt', 'script', 'script_flags', 'service_deserialize', 'spanparsing', 'transaction', 'txoutcompressor_deserialize', 'txundo_deserialize']
Fuzz targets selected: ['script_flags', 'txundo_deserialize', 'messageheader_deserialize', 'blockmerkleroot', 'psbt', 'banentry_deserialize', 'txoutcompressor_deserialize', 'blockundo_deserialize', 'address_deserialize', 'inv_deserialize', 'spanparsing', 'diskblockindex_deserialize', 'coins_deserialize', 'bloomfilter_deserialize', 'script', 'block_deserialize', 'netaddr_deserialize', 'transaction', 'service_deserialize', 'blocktransactionsrequest_deserialize', 'parse_iso8601', 'addrman_deserialize', 'bech32', 'blocklocator_deserialize', 'blocktransactions_deserialize', 'eval_script', 'descriptor_parse', 'blockheader_deserialize']
Run script_flags with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/script_flags', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/script_flags']
Output: INFO: Seed: 4254530489
INFO: Loaded 1 modules   (517467 inline 8-bit counters): 517467 [0x55a95bea34b8, 0x55a95bf21a13), 
INFO: Loaded 1 PC tables (517467 PCs): 517467 [0x55a95bf21a18,0x55a95c706fc8), 
INFO:     2181 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/script_flags
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 62045 bytes
INFO: seed corpus: files: 2181 min: 2b max: 62045b total: 687855b rss: 104Mb
[#2048](/bitcoin-bitcoin/2048/)	pulse  cov: 4842 ft: 26317 corp: 1502/153Kb lim: 4 exec/s: 682 rss: 305Mb
[#2183](/bitcoin-bitcoin/2183/)	INITED cov: 4842 ft: 27955 corp: 1614/589Kb lim: 4 exec/s: 727 rss: 328Mb
[#2183](/bitcoin-bitcoin/2183/)	DONE   cov: 4842 ft: 27955 corp: 1614/589Kb lim: 4 exec/s: 727 rss: 328Mb
Done 2183 runs in 3 second(s)

Run txundo_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/txundo_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/txundo_deserialize']
Output: INFO: Seed: 4210861290
INFO: Loaded 1 modules   (517490 inline 8-bit counters): 517490 [0x55a6680f7618, 0x55a668175b8a), 
INFO: Loaded 1 PC tables (517490 PCs): 517490 [0x55a668175b90,0x55a66895b2b0), 
INFO:      231 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/txundo_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 231 min: 1b max: 16512b total: 98247b rss: 102Mb
[#232](/bitcoin-bitcoin/232/)	INITED cov: 879 ft: 3973 corp: 198/67Kb lim: 4 exec/s: 0 rss: 114Mb
[#232](/bitcoin-bitcoin/232/)	DONE   cov: 879 ft: 3973 corp: 198/67Kb lim: 4 exec/s: 0 rss: 114Mb
Done 232 runs in 0 second(s)

Run messageheader_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/messageheader_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/messageheader_deserialize']
Output: INFO: Seed: 519663726
INFO: Loaded 1 modules   (517413 inline 8-bit counters): 517413 [0x5609be87be58, 0x5609be8fa37d), 
INFO: Loaded 1 PC tables (517413 PCs): 517413 [0x5609be8fa380,0x5609bf0df5d0), 
INFO:       39 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/messageheader_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 39 min: 1b max: 16512b total: 26740b rss: 101Mb
-----------------------------------------------------
Suppressions used:
  count      bytes template
      1       1648 GetRNGState
-----------------------------------------------------

-----------------------------------------------------
Suppressions used:
  count      bytes template
      2       3296 GetRNGState
-----------------------------------------------------

-----------------------------------------------------
Suppressions used:
  count      bytes template
      3       4944 GetRNGState
-----------------------------------------------------

[#43](/bitcoin-bitcoin/43/)	INITED cov: 998 ft: 1321 corp: 29/952b lim: 4 exec/s: 0 rss: 104Mb
[#43](/bitcoin-bitcoin/43/)	DONE   cov: 998 ft: 1321 corp: 29/952b lim: 4 exec/s: 0 rss: 104Mb
Done 43 runs in 0 second(s)
-----------------------------------------------------
Suppressions used:
  count      bytes template
      3       4944 GetRNGState
-----------------------------------------------------


Run blockmerkleroot with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/blockmerkleroot', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blockmerkleroot']
Output: INFO: Seed: 1560387991
INFO: Loaded 1 modules   (517414 inline 8-bit counters): 517414 [0x55e65ad06618, 0x55e65ad84b3e), 
INFO: Loaded 1 PC tables (517414 PCs): 517414 [0x55e65ad84b40,0x55e65b569da0), 
INFO:      393 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blockmerkleroot
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 77808 bytes
INFO: seed corpus: files: 393 min: 1b max: 77808b total: 1352904b rss: 101Mb
[#394](/bitcoin-bitcoin/394/)	INITED cov: 2769 ft: 16292 corp: 287/613Kb lim: 4 exec/s: 394 rss: 189Mb
[#394](/bitcoin-bitcoin/394/)	DONE   cov: 2769 ft: 16292 corp: 287/613Kb lim: 4 exec/s: 394 rss: 189Mb
Done 394 runs in 1 second(s)

Run psbt with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/psbt', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/psbt']
Output: INFO: Seed: 2843936337
INFO: Loaded 1 modules   (517600 inline 8-bit counters): 517600 [0x559b6fd28558, 0x559b6fda6b38), 
INFO: Loaded 1 PC tables (517600 PCs): 517600 [0x559b6fda6b38,0x559b7058c938), 
INFO:      314 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/psbt
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: seed corpus: files: 314 min: 1b max: 3491b total: 79568b rss: 102Mb
[#315](/bitcoin-bitcoin/315/)	INITED cov: 4786 ft: 14827 corp: 302/76Kb lim: 4 exec/s: 0 rss: 212Mb
[#315](/bitcoin-bitcoin/315/)	DONE   cov: 4786 ft: 14827 corp: 302/76Kb lim: 4 exec/s: 0 rss: 212Mb
Done 315 runs in 0 second(s)

Run banentry_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/banentry_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/banentry_deserialize']
Output: INFO: Seed: 4173645324
INFO: Loaded 1 modules   (517495 inline 8-bit counters): 517495 [0x560957786ed8, 0x56095780544f), 
INFO: Loaded 1 PC tables (517495 PCs): 517495 [0x560957805450,0x560957feabc0), 
INFO:       24 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/banentry_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 24 min: 1b max: 16512b total: 26323b rss: 100Mb
[#25](/bitcoin-bitcoin/25/)	INITED cov: 323 ft: 604 corp: 15/563b lim: 4 exec/s: 0 rss: 101Mb
[#25](/bitcoin-bitcoin/25/)	DONE   cov: 323 ft: 604 corp: 15/563b lim: 4 exec/s: 0 rss: 101Mb
Done 25 runs in 0 second(s)

Run txoutcompressor_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/txoutcompressor_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/txoutcompressor_deserialize']
Output: INFO: Seed: 130562097
INFO: Loaded 1 modules   (517427 inline 8-bit counters): 517427 [0x56264537af98, 0x5626453f94cb), 
INFO: Loaded 1 PC tables (517427 PCs): 517427 [0x5626453f94d0,0x562645bde800), 
INFO:       60 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/txoutcompressor_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 60 min: 1b max: 16512b total: 53521b rss: 101Mb
[#61](/bitcoin-bitcoin/61/)	INITED cov: 664 ft: 1121 corp: 48/27Kb lim: 4 exec/s: 0 rss: 104Mb
[#61](/bitcoin-bitcoin/61/)	DONE   cov: 664 ft: 1121 corp: 48/27Kb lim: 4 exec/s: 0 rss: 104Mb
Done 61 runs in 0 second(s)

Run blockundo_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/blockundo_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blockundo_deserialize']
Output: INFO: Seed: 428741345
INFO: Loaded 1 modules   (517547 inline 8-bit counters): 517547 [0x559231619b58, 0x559231698103), 
INFO: Loaded 1 PC tables (517547 PCs): 517547 [0x559231698108,0x559231e7dbb8), 
INFO:      295 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blockundo_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 66287 bytes
INFO: seed corpus: files: 295 min: 1b max: 66287b total: 585686b rss: 102Mb
[#296](/bitcoin-bitcoin/296/)	INITED cov: 1079 ft: 5391 corp: 232/403Kb lim: 4 exec/s: 0 rss: 132Mb
[#296](/bitcoin-bitcoin/296/)	DONE   cov: 1079 ft: 5391 corp: 232/403Kb lim: 4 exec/s: 0 rss: 132Mb
Done 296 runs in 0 second(s)

Run address_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/address_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/address_deserialize']
Output: INFO: Seed: 1356192197
INFO: Loaded 1 modules   (517425 inline 8-bit counters): 517425 [0x558d63364358, 0x558d633e2889), 
INFO: Loaded 1 PC tables (517425 PCs): 517425 [0x558d633e2890,0x558d63bc7ba0), 
INFO:       24 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/address_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 24 min: 1b max: 16512b total: 26309b rss: 100Mb
[#25](/bitcoin-bitcoin/25/)	INITED cov: 364 ft: 647 corp: 15/549b lim: 4 exec/s: 0 rss: 101Mb
[#25](/bitcoin-bitcoin/25/)	DONE   cov: 364 ft: 647 corp: 15/549b lim: 4 exec/s: 0 rss: 101Mb
Done 25 runs in 0 second(s)

Run inv_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/inv_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/inv_deserialize']
Output: INFO: Seed: 1602203246
INFO: Loaded 1 modules   (517437 inline 8-bit counters): 517437 [0x5617af3b9cb8, 0x5617af4381f5), 
INFO: Loaded 1 PC tables (517437 PCs): 517437 [0x5617af4381f8,0x5617afc1d5c8), 
INFO:       23 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/inv_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 23 min: 1b max: 16512b total: 26339b rss: 101Mb
[#24](/bitcoin-bitcoin/24/)	INITED cov: 307 ft: 558 corp: 14/579b lim: 4 exec/s: 0 rss: 103Mb
[#24](/bitcoin-bitcoin/24/)	DONE   cov: 307 ft: 558 corp: 14/579b lim: 4 exec/s: 0 rss: 103Mb
Done 24 runs in 0 second(s)

Run spanparsing with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/spanparsing', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/spanparsing']
Output: INFO: Seed: 1842494746
INFO: Loaded 1 modules   (517460 inline 8-bit counters): 517460 [0x5622214413f8, 0x5622214bf94c), 
INFO: Loaded 1 PC tables (517460 PCs): 517460 [0x5622214bf950,0x562221ca4e90), 
INFO:       82 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/spanparsing
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: seed corpus: files: 82 min: 1b max: 314b total: 2902b rss: 100Mb
[#83](/bitcoin-bitcoin/83/)	INITED cov: 467 ft: 1383 corp: 78/2824b lim: 4 exec/s: 0 rss: 103Mb
[#83](/bitcoin-bitcoin/83/)	DONE   cov: 467 ft: 1383 corp: 78/2824b lim: 4 exec/s: 0 rss: 103Mb
Done 83 runs in 0 second(s)

Run diskblockindex_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/diskblockindex_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/diskblockindex_deserialize']
Output: INFO: Seed: 2170423889
INFO: Loaded 1 modules   (517412 inline 8-bit counters): 517412 [0x55d02b5efcd8, 0x55d02b66e1fc), 
INFO: Loaded 1 PC tables (517412 PCs): 517412 [0x55d02b66e200,0x55d02be53440), 
INFO:       46 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/diskblockindex_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 46 min: 1b max: 16512b total: 26597b rss: 101Mb
[#47](/bitcoin-bitcoin/47/)	INITED cov: 423 ft: 859 corp: 34/862b lim: 4 exec/s: 0 rss: 103Mb
[#47](/bitcoin-bitcoin/47/)	DONE   cov: 423 ft: 859 corp: 34/862b lim: 4 exec/s: 0 rss: 103Mb
Done 47 runs in 0 second(s)

Run coins_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/coins_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/coins_deserialize']
Output: INFO: Seed: 2449349074
INFO: Loaded 1 modules   (517413 inline 8-bit counters): 517413 [0x561a2127e098, 0x561a212fc5bd), 
INFO: Loaded 1 PC tables (517413 PCs): 517413 [0x561a212fc5c0,0x561a21ae1810), 
INFO:       63 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/coins_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 63 min: 1b max: 16512b total: 51252b rss: 101Mb
[#64](/bitcoin-bitcoin/64/)	INITED cov: 672 ft: 1139 corp: 50/24Kb lim: 4 exec/s: 0 rss: 104Mb
[#64](/bitcoin-bitcoin/64/)	DONE   cov: 672 ft: 1139 corp: 50/24Kb lim: 4 exec/s: 0 rss: 104Mb
Done 64 runs in 0 second(s)

Run bloomfilter_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/bloomfilter_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/bloomfilter_deserialize']
Output: INFO: Seed: 2765420145
INFO: Loaded 1 modules   (517431 inline 8-bit counters): 517431 [0x560ceaaa7458, 0x560ceab2598f), 
INFO: Loaded 1 PC tables (517431 PCs): 517431 [0x560ceab25990,0x560ceb30ad00), 
INFO:       34 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/bloomfilter_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 34 min: 1b max: 16512b total: 26381b rss: 101Mb
[#35](/bitcoin-bitcoin/35/)	INITED cov: 467 ft: 783 corp: 24/612b lim: 4 exec/s: 0 rss: 109Mb
[#35](/bitcoin-bitcoin/35/)	DONE   cov: 467 ft: 783 corp: 24/612b lim: 4 exec/s: 0 rss: 109Mb
Done 35 runs in 0 second(s)

Run script with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/script', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/script']
Output: INFO: Seed: 3034680357
INFO: Loaded 1 modules   (517419 inline 8-bit counters): 517419 [0x55f8fe35bb38, 0x55f8fe3da063), 
INFO: Loaded 1 PC tables (517419 PCs): 517419 [0x55f8fe3da068,0x55f8febbf318), 
INFO:      284 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/script
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: seed corpus: files: 284 min: 1b max: 3948b total: 56352b rss: 102Mb
[#286](/bitcoin-bitcoin/286/)	INITED cov: 4880 ft: 9436 corp: 263/54Kb lim: 4 exec/s: 0 rss: 122Mb
[#286](/bitcoin-bitcoin/286/)	DONE   cov: 4880 ft: 9436 corp: 263/54Kb lim: 4 exec/s: 0 rss: 122Mb
Done 286 runs in 0 second(s)

Run block_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/block_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/block_deserialize']
Output: INFO: Seed: 3778328646
INFO: Loaded 1 modules   (517413 inline 8-bit counters): 517413 [0x55806583d618, 0x5580658bbb3d), 
INFO: Loaded 1 PC tables (517413 PCs): 517413 [0x5580658bbb40,0x5580660a0d90), 
INFO:      378 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/block_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 73474 bytes
INFO: seed corpus: files: 378 min: 1b max: 73474b total: 1143731b rss: 101Mb
[#379](/bitcoin-bitcoin/379/)	INITED cov: 2348 ft: 14849 corp: 271/558Kb lim: 4 exec/s: 0 rss: 185Mb
[#379](/bitcoin-bitcoin/379/)	DONE   cov: 2348 ft: 14849 corp: 271/558Kb lim: 4 exec/s: 0 rss: 185Mb
Done 379 runs in 0 second(s)

Run netaddr_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/netaddr_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/netaddr_deserialize']
Output: INFO: Seed: 658296003
INFO: Loaded 1 modules   (517446 inline 8-bit counters): 517446 [0x5647c3baeaf8, 0x5647c3c2d03e), 
INFO: Loaded 1 PC tables (517446 PCs): 517446 [0x5647c3c2d040,0x5647c44124a0), 
INFO:       22 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/netaddr_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 22 min: 1b max: 16512b total: 26291b rss: 101Mb
[#23](/bitcoin-bitcoin/23/)	INITED cov: 294 ft: 523 corp: 13/531b lim: 4 exec/s: 0 rss: 103Mb
[#23](/bitcoin-bitcoin/23/)	DONE   cov: 294 ft: 523 corp: 13/531b lim: 4 exec/s: 0 rss: 103Mb
Done 23 runs in 0 second(s)

Run transaction with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/transaction']
Output: INFO: Seed: 900013246
INFO: Loaded 1 modules   (517505 inline 8-bit counters): 517505 [0x55edb2615f98, 0x55edb2694519), 
INFO: Loaded 1 PC tables (517505 PCs): 517505 [0x55edb2694520,0x55edb2e79d30), 
INFO:      295 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/transaction
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 52575 bytes
INFO: seed corpus: files: 295 min: 1b max: 52575b total: 491499b rss: 101Mb
[#296](/bitcoin-bitcoin/296/)	INITED cov: 4379 ft: 20032 corp: 256/419Kb lim: 4 exec/s: 0 rss: 172Mb
[#296](/bitcoin-bitcoin/296/)	DONE   cov: 4379 ft: 20032 corp: 256/419Kb lim: 4 exec/s: 0 rss: 172Mb
Done 296 runs in 0 second(s)

Run service_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/service_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/service_deserialize']
Output: INFO: Seed: 1992904253
INFO: Loaded 1 modules   (517427 inline 8-bit counters): 517427 [0x55d00632dcd8, 0x55d0063ac20b), 
INFO: Loaded 1 PC tables (517427 PCs): 517427 [0x55d0063ac210,0x55d006b91540), 
INFO:       24 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/service_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 24 min: 1b max: 16512b total: 26336b rss: 101Mb
[#25](/bitcoin-bitcoin/25/)	INITED cov: 305 ft: 557 corp: 15/576b lim: 4 exec/s: 0 rss: 103Mb
[#25](/bitcoin-bitcoin/25/)	DONE   cov: 305 ft: 557 corp: 15/576b lim: 4 exec/s: 0 rss: 103Mb
Done 25 runs in 0 second(s)

Run blocktransactionsrequest_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/blocktransactionsrequest_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blocktransactionsrequest_deserialize']
Output: INFO: Seed: 2237631239
INFO: Loaded 1 modules   (517411 inline 8-bit counters): 517411 [0x55bec9ca3a78, 0x55bec9d21f9b), 
INFO: Loaded 1 PC tables (517411 PCs): 517411 [0x55bec9d21fa0,0x55beca5071d0), 
INFO:       77 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blocktransactionsrequest_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 77 min: 1b max: 16512b total: 74603b rss: 101Mb
[#78](/bitcoin-bitcoin/78/)	INITED cov: 509 ft: 1601 corp: 66/47Kb lim: 4 exec/s: 0 rss: 107Mb
[#78](/bitcoin-bitcoin/78/)	DONE   cov: 509 ft: 1601 corp: 66/47Kb lim: 4 exec/s: 0 rss: 107Mb
Done 78 runs in 0 second(s)

Run parse_iso8601 with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/parse_iso8601', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/parse_iso8601']
Output: INFO: Seed: 2577430042
INFO: Loaded 1 modules   (517455 inline 8-bit counters): 517455 [0x55e2ad628f98, 0x55e2ad6a74e7), 
INFO: Loaded 1 PC tables (517455 PCs): 517455 [0x55e2ad6a74e8,0x55e2ade8c9d8), 
INFO:      106 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/parse_iso8601
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: seed corpus: files: 106 min: 1b max: 253b total: 3896b rss: 101Mb
[#107](/bitcoin-bitcoin/107/)	INITED cov: 1721 ft: 4345 corp: 103/3726b lim: 4 exec/s: 0 rss: 108Mb
[#107](/bitcoin-bitcoin/107/)	DONE   cov: 1721 ft: 4345 corp: 103/3726b lim: 4 exec/s: 0 rss: 108Mb
Done 107 runs in 0 second(s)

Run addrman_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/addrman_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/addrman_deserialize']
Output: INFO: Seed: 3166400253
INFO: Loaded 1 modules   (517954 inline 8-bit counters): 517954 [0x55bdc00f2ad8, 0x55bdc017121a), 
INFO: Loaded 1 PC tables (517954 PCs): 517954 [0x55bdc0171220,0x55bdc0958640), 
INFO:      335 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/addrman_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 335 min: 1b max: 16512b total: 549744b rss: 100Mb
[#336](/bitcoin-bitcoin/336/)	INITED cov: 3266 ft: 17133 corp: 280/388Kb lim: 4 exec/s: 168 rss: 124Mb
[#336](/bitcoin-bitcoin/336/)	DONE   cov: 3266 ft: 17133 corp: 280/388Kb lim: 4 exec/s: 168 rss: 124Mb
Done 336 runs in 2 second(s)

Run bech32 with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/bech32', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/bech32']
Output: INFO: Seed: 1470274695
INFO: Loaded 1 modules   (517518 inline 8-bit counters): 517518 [0x5613dcd6c038, 0x5613dcdea5c6), 
INFO: Loaded 1 PC tables (517518 PCs): 517518 [0x5613dcdea5c8,0x5613dd5cfea8), 
INFO:       31 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/bech32
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: seed corpus: files: 31 min: 1b max: 641b total: 2313b rss: 98Mb
[#32](/bitcoin-bitcoin/32/)	INITED cov: 857 ft: 2286 corp: 29/2212b lim: 4 exec/s: 0 rss: 100Mb
[#32](/bitcoin-bitcoin/32/)	DONE   cov: 857 ft: 2286 corp: 29/2212b lim: 4 exec/s: 0 rss: 100Mb
Done 32 runs in 0 second(s)

Run blocklocator_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/blocklocator_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blocklocator_deserialize']
Output: INFO: Seed: 1792252864
INFO: Loaded 1 modules   (517410 inline 8-bit counters): 517410 [0x55accdb65b38, 0x55accdbe405a), 
INFO: Loaded 1 PC tables (517410 PCs): 517410 [0x55accdbe4060,0x55acce3c9280), 
INFO:       48 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blocklocator_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 16512 bytes
INFO: seed corpus: files: 48 min: 1b max: 16512b total: 43641b rss: 101Mb
[#49](/bitcoin-bitcoin/49/)	INITED cov: 499 ft: 1011 corp: 39/17Kb lim: 4 exec/s: 0 rss: 114Mb
[#49](/bitcoin-bitcoin/49/)	DONE   cov: 499 ft: 1011 corp: 39/17Kb lim: 4 exec/s: 0 rss: 114Mb
Done 49 runs in 0 second(s)

Run blocktransactions_deserialize with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/blocktransactions_deserialize', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blocktransactions_deserialize']
Output: INFO: Seed: 2108290745
INFO: Loaded 1 modules   (517417 inline 8-bit counters): 517417 [0x558e1ceebf18, 0x558e1cf6a441), 
INFO: Loaded 1 PC tables (517417 PCs): 517417 [0x558e1cf6a448,0x558e1d74f6d8), 
INFO:      346 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/blocktransactions_deserialize
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 63552 bytes
INFO: seed corpus: files: 346 min: 1b max: 63552b total: 659053b rss: 103Mb
[#347](/bitcoin-bitcoin/347/)	INITED cov: 2291 ft: 13969 corp: 269/402Kb lim: 4 exec/s: 0 rss: 167Mb
[#347](/bitcoin-bitcoin/347/)	DONE   cov: 2291 ft: 13969 corp: 269/402Kb lim: 4 exec/s: 0 rss: 167Mb
Done 347 runs in 0 second(s)

Run eval_script with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/eval_script', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/eval_script']
Output: INFO: Seed: 3131166713
INFO: Loaded 1 modules   (517612 inline 8-bit counters): 517612 [0x55907b59d518, 0x55907b61bb04), 
INFO: Loaded 1 PC tables (517612 PCs): 517612 [0x55907b61bb08,0x55907be019c8), 
INFO:     1506 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/eval_script
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 10047 bytes
INFO: seed corpus: files: 1506 min: 1b max: 10047b total: 76501b rss: 103Mb
[#1507](/bitcoin-bitcoin/1507/)	INITED cov: 3056 ft: 20011 corp: 1482/73Kb lim: 4 exec/s: 753 rss: 247Mb
[#1507](/bitcoin-bitcoin/1507/)	DONE   cov: 3056 ft: 20011 corp: 1482/73Kb lim: 4 exec/s: 753 rss: 247Mb
Done 1507 runs in 2 second(s)

Run descriptor_parse with args ['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/descriptor_parse']
Output: INFO: Seed: 1713217537
INFO: Loaded 1 modules   (517496 inline 8-bit counters): 517496 [0x5653c150b4b8, 0x5653c1589a30), 
INFO: Loaded 1 PC tables (517496 PCs): 517496 [0x5653c1589a30,0x5653c1d6f1b0), 
INFO:      368 files found in /home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/descriptor_parse
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: seed corpus: files: 368 min: 1b max: 1467b total: 27259b rss: 102Mb
pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null
secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here
    [#0](/bitcoin-bitcoin/0/) 0x5653bf6e74b0 in CPubKey::IsFullyValid() const /home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/pubkey.cpp:210:12
    [#1](/bitcoin-bitcoin/1/) 0x5653bf4d8ec5 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/script/descriptor.cpp:674:24
    [#2](/bitcoin-bitcoin/2/) 0x5653bf4cc76a in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/script/descriptor.cpp:730:42
    [#3](/bitcoin-bitcoin/3/) 0x5653bf4c504f in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/script/descriptor.cpp:774:23
    [#4](/bitcoin-bitcoin/4/) 0x5653bf4c4238 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) /home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/script/descriptor.cpp:994:16
    [#5](/bitcoin-bitcoin/5/) 0x5653be48c8f4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse.cpp:20:9
    [#6](/bitcoin-bitcoin/6/) 0x5653be40ba3a in LLVMFuzzerTestOneInput /home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz.cpp:32:5
    [#7](/bitcoin-bitcoin/7/) 0x5653be31173a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse+0x1e8873a)
    [#8](/bitcoin-bitcoin/8/) 0x5653be310f35 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse+0x1e87f35)
    [#9](/bitcoin-bitcoin/9/) 0x5653be3139fe in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse+0x1e8a9fe)
    [#10](/bitcoin-bitcoin/10/) 0x5653be313f95 in fuzzer::Fuzzer::Loop(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse+0x1e8af95)
    [#11](/bitcoin-bitcoin/11/) 0x5653be306a50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse+0x1e7da50)
    [#12](/bitcoin-bitcoin/12/) 0x5653be32d972 in main (/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse+0x1ea4972)
    [#13](/bitcoin-bitcoin/13/) 0x7f4edf0f1b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    [#14](/bitcoin-bitcoin/14/) 0x5653be2ff459 in _start (/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse+0x1e76459)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior pubkey.cpp:210:38 in 
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0x63,0x6f,0x6d,0x62,0x6f,0x28,0x30,0x32,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x29,
combo(020000000000000000000000000000000000000000000000000000000000000000)
artifact_prefix='./'; Test unit written to ./crash-feaeed14894e76a5c2a0d252fd53be68d9eaf1c1
Base64: Y29tYm8oMDIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwKQ==

Traceback (most recent call last):
  File "test/fuzz/test_runner.py", line 140, in <module>
    main()
  File "test/fuzz/test_runner.py", line 97, in main
    export_coverage=args.export_coverage,
  File "test/fuzz/test_runner.py", line 112, in run_once
    result.check_returncode()
  File "/usr/lib/python3.6/subprocess.py", line 389, in check_returncode
    self.stderr)
subprocess.CalledProcessError: Command '['/home/travis/build/JeremyRubin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/descriptor_parse', '-runs=1', '/home/travis/build/JeremyRubin/bitcoin/qa-assets/fuzz_seed_corpus/descriptor_parse']' returned non-zero exit status 1.
  2. JeremyRubin added the label Bug on Dec 11, 2019
  3. fanquake commented at 11:44 PM on December 11, 2019: member

    I think this was fixed by #17685.

  4. JeremyRubin commented at 12:34 AM on December 12, 2019: contributor

    Looks like it was! Hadn't rebased that one.

  5. JeremyRubin closed this on Dec 12, 2019
  6. DrahtBot locked this on Dec 16, 2021
Contributors
JeremyRubinfanquake
Labels
Bug
Linked (view graph)
#1 JSON-RPC support for mobile devices ("ultra-lightweight" clients)#2 Long-term, safe, store-of-value#3 Encrypt wallet#4 Export/Import wallet in a human readable, future-proof format#5 Make the version number the protocol version and not the client version#6 Treat wallet as a generic keystore#7 Block-header-only, faster startup client#8 RPC command to sign text with wallet private key#9 Fix for GUI on Macs and latest wxWidgets#10 Add address to listtransactions output#11 Nolisten patch#12 Monitor transactions and/or blocks#13 Messages with or about transactions#14 bitcoin: URI and/or bitcoin-request MIME type for click-to-pay#23 CORS support#24 Gettransaction#25 sum(getaccounts) != getbalance#32 Help output#35 Issue34simple fix for issue 34#43 vastly reduce unnecessary database writes#47 rpcallowip: use addr/netmask instead of wildcards#49 segfault in non-ascii directory#61 Timestamps in debug log#64 Accessibility issues#78 "bitcoin -server -tesnet" uses ~/.bitcoin/bitcoin.conf instead of ~/.bitcoin/testnet/bitcoin.conf#83 .gitignore#107 Intelligent run#232 Add wallet privkey encryption.#286 Static keypool (key cycling, dated files, isolated from config)#315 Consistent Bitcoin example address#336 Streamline the build process#347 Fix segfault when creating new wallet#379 Do not use comma as thousands separator#394 New option and configuration framework#1507 -debugnet missing in help message#2048 Add "checkpoints" option, to permit disabling of checkpoint logic.#2183 Don't pick up every transaction in entire history
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me