tests: Add key_io fuzzing harness. Fuzz additional functions in existing fuzzing harnesses. #17926

pull practicalswift wants to merge 5 commits into bitcoin:master from practicalswift:fuzzers-key_io-etc changing 7 files +142 −2
  1. practicalswift commented at 10:25 PM on January 14, 2020: contributor

    Add key_io fuzzing harness.

    Fuzz additional functions in the hex fuzzing harness.

    Fuzz additional functions in the integer fuzzing harness.

    Fuzz additional functions in the script fuzzing harness.

    Fuzz additional functions in the transaction fuzzing harness.

    How to test this PR

    $ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
      --with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/key_io
…
  2. fanquake added the label Tests on Jan 14, 2020
  3. practicalswift requested review from MarcoFalke on Jan 14, 2020
  4. DrahtBot commented at 3:00 AM on January 15, 2020: member

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #17972 (tests: Add fuzzing harness for CKey and key related functions by practicalswift)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  5. practicalswift force-pushed on Jan 16, 2020
  6. DrahtBot added the label Needs rebase on Jan 20, 2020
  7. practicalswift force-pushed on Jan 21, 2020
  8. practicalswift commented at 11:55 AM on January 21, 2020: contributor

    Rebased! :)

  9. DrahtBot removed the label Needs rebase on Jan 21, 2020
  10. practicalswift force-pushed on Jan 22, 2020
  11. in src/test/fuzz/integer.cpp:72 in 1d9c554c5e outdated 
      66 | @@ -65,11 +67,16 @@ void test_one_input(const std::vector<uint8_t>& buffer)
  67 |      (void)DecompressAmount(u64);
  68 |      (void)FormatISO8601Date(i64);
  69 |      (void)FormatISO8601DateTime(i64);
  70 | +    // FormatMoney(i) not defined when i == std::numeric_limits<int64_t>::min()
  71 | +    if (i64 != std::numeric_limits<int64_t>::min()) {
  72 | +        (void)FormatMoney(i64);
    MarcoFalke commented at 7:22 PM on March 5, 2020:

    Can test a roundtrip of FormatMoney<->ParseMoney?

    practicalswift commented at 1:41 PM on March 7, 2020:

    Very good idea! Thanks for the suggestion. Now added :)

  12. in src/test/fuzz/integer.cpp:108 in 1d9c554c5e outdated 
     101 | @@ -95,6 +102,11 @@ void test_one_input(const std::vector<uint8_t>& buffer)
 102 |      (void)SipHashUint256(u64, u64, u256);
 103 |      (void)SipHashUint256Extra(u64, u64, u256, u32);
 104 |      (void)ToLower(ch);
 105 | +    (void)ToUpper(ch);
 106 | +    // ValueFromAmount(i) not defined when i == std::numeric_limits<int64_t>::min()
 107 | +    if (i64 != std::numeric_limits<int64_t>::min()) {
 108 | +        (void)ValueFromAmount(i64);
    MarcoFalke commented at 7:25 PM on March 5, 2020:

    Can test a roundtrip of ValueFromAmount.getValStr<->ParseMoney?

    practicalswift commented at 1:41 PM on March 7, 2020:

    Another very good idea! Thanks! Now added :)

  13. in src/test/fuzz/key_io.cpp:43 in 1d9c554c5e outdated 
      38 | +        assert(ext_pub_key == DecodeExtPubKey(EncodeExtPubKey(ext_pub_key)));
  39 | +    }
  40 | +
  41 | +    const CTxDestination tx_destination = DecodeDestination(random_string);
  42 | +    (void)DescribeAddress(tx_destination);
  43 | +    (void)GetKeyForDestination({}, tx_destination);
    MarcoFalke commented at 7:27 PM on March 5, 2020: 
        (void)GetKeyForDestination(/* store */ {}, tx_destination);
    practicalswift commented at 1:41 PM on March 7, 2020:

    Fixed!

  14. in src/test/fuzz/transaction.cpp:102 in 1d9c554c5e outdated 
      97 | +    const CCoinsViewCache coins_view_cache(&coins_view);
  98 | +    (void)AreInputsStandard(tx, coins_view_cache);
  99 | +    (void)IsWitnessStandard(tx, coins_view_cache);
 100 | +
 101 | +    UniValue u(UniValue::VOBJ);
 102 | +    TxToUniv(tx, {}, u);
    MarcoFalke commented at 7:28 PM on March 5, 2020: 
        TxToUniv(tx, /* hashBlock */ {}, u);
    practicalswift commented at 1:41 PM on March 7, 2020:

    Fixed!

  15. MarcoFalke approved
  16. MarcoFalke commented at 7:28 PM on March 5, 2020: member

    ACK. LGTM

  17. DrahtBot added the label Needs rebase on Mar 5, 2020
  18. tests: Add key_io fuzzing harness c7ea12d098
  19. tests: Fuzz additional functions in the hex fuzzing harness 4fe4de6364
  20. tests: Fuzz additional functions in the integer fuzzing harness 1d324ce922
  21. practicalswift commented at 1:42 PM on March 7, 2020: contributor

    @MarcoFalke Thanks for great feedback. All feedback addressed. Please re-review :)

  22. practicalswift force-pushed on Mar 7, 2020
  23. tests: Fuzz additional functions in the transaction fuzzing harness 5fc10f3cb5
  24. tests: Fuzz additional functions in the script fuzzing harness 52fed696d2
  25. in src/test/fuzz/transaction.cpp:102 in 4813d41447 outdated 
      97 | +    const CCoinsViewCache coins_view_cache(&coins_view);
  98 | +    (void)AreInputsStandard(tx, coins_view_cache);
  99 | +    (void)IsWitnessStandard(tx, coins_view_cache);
 100 | +
 101 | +    UniValue u(UniValue::VOBJ);
 102 | +    TxToUniv(tx, /* hashBlock */ {}, u);
    MarcoFalke commented at 2:19 PM on March 7, 2020: 
    core_write.cpp:21:29: runtime error: negation of -9223372036854775808 cannot be represented in type 'CAmount' (aka 'long'); cast to an unsigned type to negate this value to itself

    [#0](/bitcoin-bitcoin/0/) 0x5603b409bffb in ValueFromAmount(long const&) /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/core_write.cpp:21:29

    [#1](/bitcoin-bitcoin/1/) 0x5603b40a7304 in TxToUniv(CTransaction const&, uint256 const&, UniValue&, bool, int) /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/core_write.cpp:220:29

    [#2](/bitcoin-bitcoin/2/) 0x5603b3fcb99e in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction.cpp:102:5

    [#3](/bitcoin-bitcoin/3/) 0x5603b3fbf42a in LLVMFuzzerTestOneInput /home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz.cpp:38:5

    [#4](/bitcoin-bitcoin/4/) 0x5603b3ec510a in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction+0x1f5510a)

    [#5](/bitcoin-bitcoin/5/) 0x5603b3ec4905 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction+0x1f54905)

    [#6](/bitcoin-bitcoin/6/) 0x5603b3ec73ce in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction+0x1f573ce)

    [#7](/bitcoin-bitcoin/7/) 0x5603b3ec7965 in fuzzer::Fuzzer::Loop(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction+0x1f57965)

    [#8](/bitcoin-bitcoin/8/) 0x5603b3eba420 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction+0x1f4a420)

    [#9](/bitcoin-bitcoin/9/) 0x5603b3ee1342 in main (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction+0x1f71342)

    [#10](/bitcoin-bitcoin/10/) 0x7ff8c3d4cb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

    [#11](/bitcoin-bitcoin/11/) 0x5603b3eb2e29 in _start (/home/travis/build/bitcoin/bitcoin/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/transaction+0x1f42e29)
    practicalswift commented at 2:37 PM on March 7, 2020:

    Thanks. Now fixed. Happened to rebase on master too -- blaming muscle memory :)

  26. practicalswift force-pushed on Mar 7, 2020
  27. in src/test/fuzz/script.cpp:39 in 52fed696d2 
      35 | +    if (CompressScript(script, compressed)) {
  36 | +        const unsigned int size = compressed[0];
  37 | +        assert(size >= 0 && size <= 5);
  38 | +        CScript decompressed_script;
  39 | +        const bool ok = DecompressScript(decompressed_script, size, compressed);
  40 | +        assert(ok);
    MarcoFalke commented at 3:29 PM on March 7, 2020:

    Could also assert the roundtrip decompressed == script?

    practicalswift commented at 3:58 PM on March 7, 2020:

    I'm afraid not since that assertion is not guaranteed to hold :)

    Counter-example:

    $ xxd -p -r <<< "210220acacacffff6010b472a266d0bd89c13706a4132ccfb16f7c3b9fcbacacacacac" > counter-example
$ src/test/fuzz/script counter-example
…
script: test/fuzz/script.cpp:40: void test_one_input(const std::vector<uint8_t> &): Assertion `script == decompressed_script' failed.
…
    MarcoFalke commented at 10:00 PM on March 7, 2020:

    I am pretty sure that if it was not guaranteed to hold, we would be running into consensus failures pretty soon. Please take a look at #18292

    practicalswift commented at 11:44 PM on March 7, 2020:

    With #18292 it all makes sense. Thanks!

  28. in src/test/fuzz/script.cpp:47 in 52fed696d2 
      43 | +    for (unsigned int size = 0; size < 6; ++size) {
  44 | +        std::vector<unsigned char> vch(GetSpecialScriptSize(size), 0x00);
  45 | +        vch.insert(vch.end(), buffer.begin(), buffer.end());
  46 | +        CScript decompressed_script;
  47 | +        (void)DecompressScript(decompressed_script, size, vch);
  48 | +    }
    MarcoFalke commented at 3:29 PM on March 7, 2020:

    Looks like you accidentally added a unit test here? This does not depend on any fuzz input.

    practicalswift commented at 3:46 PM on March 7, 2020:

    @MarcoFalke Are you sure about that? vch is built from buffer which is built from fuzz input, no? :)

    MarcoFalke commented at 10:01 PM on March 7, 2020:

    buffer is only appened to vch, but pratically never read. Only the beginning of vch (20 or 32 bytes) are read, and they are all constant (zero). So this does never read any fuzz input, except for copying into the vector.

    I suggest to remove this for loop and content.

    MarcoFalke commented at 3:19 PM on March 9, 2020:

    ping @practicalswift

    practicalswift commented at 3:24 PM on March 9, 2020:

    I'll fix. Thanks for the ping :)

  29. DrahtBot removed the label Needs rebase on Mar 7, 2020
  30. MarcoFalke approved
  31. MarcoFalke commented at 3:35 PM on March 7, 2020: member

    ACK 52fed696d251dc38211eb2fa7f144b6a989dd479 🛫

    <details><summary>Show signature and timestamp</summary>

    Signature:

    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ACK 52fed696d251dc38211eb2fa7f144b6a989dd479 🛫
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEE+rVPoUahrI9sLGYTzit1aX5ppUgFAlwqrYAACgkQzit1aX5p
pUjJ3Av9FMRINKzkOdtiO6hfUiEY9evAs+3IVzuGJxrFAbS1j2HGPK1lgpw9QXPX
I7QMERrzBEMuV7Rz+i38qS26YMGfZAaUadFfg/BMyuwNh4z1DjhPR9Uas/JBkXjZ
yE/mZ4tT8mX4iKR/UXmQBEGzRkVFug8HEWVax1iQcwiKWbx4vAaJwuvfd3DhfROv
Cb1Qb1qM0z4RDivnXpOhwfpBL/8jrDikLM7vHWY2TzSQq3GJ8acvAOVXg60LqxmL
xtrjY8sNE13aowtElHuOUplHh43GLJXPj3ZkxOV0OyBgnYl8iP2cN4ns9UnUX+EQ
4c9d6U17cePisqsOVtw0BaKskAtwFA9A2o3VeGaOGb3wYOzfaB02oIqEbQ1lH1Ii
gG+2O6Lr5c3oMtBS8dCU+YXnHsu0pHfHzw+VQ+YZRpeH829Brq6M0UUqFErBDfY6
9L4DamTLo/ROVX/BT7zzBbgMLveLXjRnH8Zzx7SM7xepVjuO8QTTdAzl9IDf6lC0
UWm8QYGJ
=rsX8
-----END PGP SIGNATURE-----
  32. MarcoFalke merged this on Mar 7, 2020
  33. MarcoFalke closed this on Mar 7, 2020
  34. MarcoFalke referenced this in commit be00ef2aca on Mar 9, 2020
  35. sidhujag referenced this in commit 42c534a99f on Mar 9, 2020
  36. deadalnix referenced this in commit 1905a44c56 on Nov 5, 2020
  37. sidhujag referenced this in commit 0b19c9ade7 on Nov 10, 2020
  38. practicalswift deleted the branch on Apr 10, 2021
  39. kittywhiskers referenced this in commit c82dc9b839 on May 7, 2022
  40. kittywhiskers referenced this in commit 36067c018b on May 7, 2022
  41. kittywhiskers referenced this in commit 766611d553 on Jun 14, 2022
  42. kittywhiskers referenced this in commit 9783547b4c on Jun 14, 2022
  43. kittywhiskers referenced this in commit 098a494387 on Jun 18, 2022
  44. kittywhiskers referenced this in commit 6eab00de0e on Jul 4, 2022
  45. kittywhiskers referenced this in commit c32d28f156 on Jul 4, 2022
  46. kittywhiskers referenced this in commit d807cc7a8a on Jul 6, 2022
  47. PastaPastaPasta referenced this in commit eefdae1a53 on Jul 12, 2022
  48. PastaPastaPasta referenced this in commit 305637e6a9 on Jul 17, 2022
  49. knst referenced this in commit dd4705e740 on Jul 21, 2022
  50. DrahtBot locked this on Aug 18, 2022
Contributors
practicalswiftDrahtBotMarcoFalke
Labels
Tests
Linked (view graph)
#18292 fuzz: Add assert(script == decompressed_script)
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-15 09:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me