fuzz: Add fuzzing harness for LoadMempool(…) and DumpMempool(…) #19259

pull practicalswift wants to merge 3 commits into bitcoin:master from practicalswift:fuzzers-mempool-io changing 5 files +67 −9
  1. practicalswift commented at 2:35 pm on June 12, 2020: contributor

    Add fuzzing harness for LoadMempool(...) and DumpMempool(...).

    See doc/fuzzing.md for information on how to fuzz Bitcoin Core. Don’t forget to contribute any coverage increasing inputs you find to the Bitcoin Core fuzzing corpus repo.

    Happy fuzzing :)

  2. DrahtBot added the label Build system on Jun 12, 2020
  3. DrahtBot added the label Tests on Jun 12, 2020
  4. DrahtBot added the label Validation on Jun 12, 2020
  5. practicalswift force-pushed on Jun 12, 2020
  6. MarcoFalke removed the label Build system on Jun 12, 2020
  7. MarcoFalke removed the label Validation on Jun 12, 2020
  8. DrahtBot commented at 2:51 am on June 13, 2020: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #21380 (versionbits: Refactor and add fuzzing harness by ajtowns)
    • #21377 (Speedy trial support for versionbits by ajtowns)
    • #21244 (Move GetDataDir to ArgsManager by kiminuo)
    • #21142 (fuzz: Add tx_pool fuzz target by MarcoFalke)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  9. DrahtBot added the label Needs rebase on Jul 11, 2020
  10. practicalswift force-pushed on Jul 11, 2020
  11. DrahtBot removed the label Needs rebase on Jul 11, 2020
  12. DrahtBot added the label Needs rebase on Jul 18, 2020
  13. practicalswift force-pushed on Jul 18, 2020
  14. practicalswift force-pushed on Jul 18, 2020
  15. DrahtBot removed the label Needs rebase on Jul 18, 2020
  16. Crypt-iQ commented at 1:48 pm on August 18, 2020: contributor

    I know this is sort of in-progress as there are outstanding UBSan warnings, but this won’t compile on my macOS v10.15.4, clang 10.0.1. Needs a rebase I think.

     0Making all in src
 1  CXX      test/fuzz/addition_overflow-addition_overflow.o
 2In file included from test/fuzz/addition_overflow.cpp:7:
 3./test/fuzz/util.h:347:13: error: no matching function for call to 'AdditionOverflow'
 4        if (AdditionOverflow((uint64_t)fuzzed_file->m_offset, random_bytes.size())) {
 5            ^~~~~~~~~~~~~~~~
 6./test/fuzz/util.h:201:16: note: candidate template ignored: deduced conflicting types for parameter 'T' ('unsigned long long' vs. 'unsigned long')
 7NODISCARD bool AdditionOverflow(const T i, const T j) noexcept
 8               ^
 9./test/fuzz/util.h:359:13: error: no matching function for call to 'AdditionOverflow'
10        if (AdditionOverflow(fuzzed_file->m_offset, n)) {
11            ^~~~~~~~~~~~~~~~
12./test/fuzz/util.h:201:16: note: candidate template ignored: deduced conflicting types for parameter 'T' ('long long' vs. 'long')
13NODISCARD bool AdditionOverflow(const T i, const T j) noexcept
14               ^
152 errors generated.
16make[2]: *** [test/fuzz/addition_overflow-addition_overflow.o] Error 1
17make[1]: *** [all-recursive] Error 1
18make: *** [all-recursive] Error 1
  17. practicalswift force-pushed on Aug 18, 2020
  18. practicalswift commented at 6:58 pm on August 18, 2020: contributor
    @Crypt-iQ Oh, thanks for letting me know. Now rebased and hopefully no compilation errors? :)
  19. Crypt-iQ commented at 2:34 am on August 19, 2020: contributor
    @practicalswift now builds on my macOS :)
  20. practicalswift force-pushed on Sep 17, 2020
  21. practicalswift commented at 1:30 pm on September 17, 2020: contributor

    Had to rebase also this one to make use of the new $(FUZZ_SUITE_LDFLAGS_COMMON).

    Review welcome :)

  22. Crypt-iQ commented at 3:25 pm on September 26, 2020: contributor
    Will review and run on DO while I figure out a better fuzzing setup!
  23. Crypt-iQ commented at 9:32 pm on October 4, 2020: contributor

    This input gives the following signed-integer-overflow on ubuntu with clang 10:

     0txmempool.cpp:830:15: runtime error: signed integer overflow: -9223372036854775808 + -432345564227567616 cannot be represented in type 'long'
 1    [#0](/bitcoin-bitcoin/0/) 0x562feec1bfbb in CTxMemPool::PrioritiseTransaction(uint256 const&, long const&) /root/bitcoin/src/txmempool.cpp:830:15
 2    [#1](/bitcoin-bitcoin/1/) 0x562feed75db5 in LoadMempool(CTxMemPool&, std::function<_IO_FILE* (boost::filesystem::path const&, char const*)>) /root/bitcoin/src/validation.cpp:5074:22
 3    [#2](/bitcoin-bitcoin/2/) 0x562feebdfaf4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) /root/bitcoin/src/test/fuzz/validation_load_mempool.cpp:37:11
 4    [#3](/bitcoin-bitcoin/3/) 0x562fefda9bd1 in LLVMFuzzerTestOneInput /root/bitcoin/src/test/fuzz/fuzz.cpp:45:5
 5    [#4](/bitcoin-bitcoin/4/) 0x562feeae5331 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/bitcoin/src/test/fuzz/validation_load_mempool+0x1a50331)
 6    [#5](/bitcoin-bitcoin/5/) 0x562feead0aa2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/root/bitcoin/src/test/fuzz/validation_load_mempool+0x1a3baa2)
 7    [#6](/bitcoin-bitcoin/6/) 0x562feead6556 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/bitcoin/src/test/fuzz/validation_load_mempool+0x1a41556)
 8    [#7](/bitcoin-bitcoin/7/) 0x562feeaff212 in main (/root/bitcoin/src/test/fuzz/validation_load_mempool+0x1a6a212)
 9    [#8](/bitcoin-bitcoin/8/) 0x7f6de830db96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
10    [#9](/bitcoin-bitcoin/9/) 0x562feeaab149 in _start (/root/bitcoin/src/test/fuzz/validation_load_mempool+0x1a16149)
11
12SUMMARY: UndefinedBehaviorSanitizer: signed-integer-overflow txmempool.cpp:830:15 in

    The log is from an older commit before rebase, it occurs here . I think it happens because multiple identical transaction hashes are submitted to PrioritiseTransaction with different deltas, and then overflows due to the addition. Exact coverage of only this input run against the fuzzer here for more clarity.

  24. practicalswift commented at 7:35 pm on October 5, 2020: contributor
    @Crypt-iQ Thanks a lot for reviewing and reporting your finding. These signed integer overflows are covered in issue #19278 and fixed in PR #20089. Please consider reviewing the latter if you have time! :)
  25. Crypt-iQ commented at 9:59 pm on October 11, 2020: contributor
    Currently trying to manually construct inputs that populate the mempool. Since FuzzedFileProvider is used in place of an actual file, the format is a little different and it seems the fuzzer has a hard time creating a valid transaction. The data stream is read from both the front (ConsumeBytes) and the back (ConsumeIntegralInRange). Also this fuzzer won’t do anything on my Mac as _GNU_SOURCE isn’t defined.
  26. Crypt-iQ commented at 9:10 pm on October 17, 2020: contributor

    Code review ACK 08afafdfbaefba6a660436a3f94730f5976e69ae

    Still in the process of testing

  27. Crypt-iQ commented at 9:52 am on November 8, 2020: contributor

    Tested ACK 08afafdfbaefba6a660436a3f94730f5976e69ae

    Can view coverage here: https://crypt-iq.github.io/19259_review/c0c5177b_cov_run_ubuntu_3/ (The coverage above was run on a different commit, but the coverage hasn’t changed since then.)

    With more cores or time or a hand-crafted input, the transactions would actually be accepted into the mempool, but my fuzzed inputs always failed tx verification after about a week straight.

  28. practicalswift renamed this:
    tests: Add fuzzing harness for LoadMempool(...) and DumpMempool(...)
    test: Add fuzzing harness for LoadMempool(...) and DumpMempool(...)
    on Nov 24, 2020
  29. practicalswift renamed this:
    test: Add fuzzing harness for LoadMempool(...) and DumpMempool(...)
    fuzz: Add fuzzing harness for LoadMempool(...) and DumpMempool(...)
    on Nov 24, 2020
  30. in src/test/fuzz/validation_load_mempool.cpp:39 in 08afafdfba outdated 
    32+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
33+    FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
34+    fuzzed_file_provider_ptr = &fuzzed_file_provider;
35+
36+    CTxMemPool pool;
37+    (void)LoadMempool(pool, fuzzed_fopen);
    Crypt-iQ commented at 8:31 pm on November 27, 2020:
    Time could be mocked since in LoadMempool there is a call to GetTime. It could either be static or based on fuzz data. What do you think?
    practicalswift commented at 1:17 pm on December 1, 2020:
    Good point! Now fixed. Please re-review :)
  31. practicalswift force-pushed on Dec 1, 2020
  32. DrahtBot added the label Needs rebase on Dec 15, 2020
  33. practicalswift force-pushed on Dec 16, 2020
  34. DrahtBot removed the label Needs rebase on Dec 16, 2020
  35. Crypt-iQ commented at 1:51 am on January 8, 2021: contributor

    Tested ACK 8939196

    On arch Linux, clang-11 with UBSAN+ASAN Coverage: https://crypt-iq.github.io/19259_review/vlmcoverage_01072021/index.html

  36. DrahtBot added the label Needs rebase on Feb 8, 2021
  37. practicalswift force-pushed on Feb 8, 2021
  38. DrahtBot removed the label Needs rebase on Feb 8, 2021
  39. practicalswift force-pushed on Feb 11, 2021
  40. DrahtBot added the label Needs rebase on Feb 20, 2021
  41. practicalswift force-pushed on Feb 22, 2021
  42. practicalswift force-pushed on Feb 22, 2021
  43. DrahtBot removed the label Needs rebase on Feb 22, 2021
  44. practicalswift force-pushed on Mar 1, 2021
  45. practicalswift commented at 11:44 am on March 1, 2021: contributor

    Rebase number 12 completed :)

    Now using the recently introduced MakeNoLogFileContext which wasn’t around when this fuzz testing PR was submitted nine months ago.

    At nine months PR pregnancy: is this fuzz testing PR baby getting ready to meet the world (master)? :)

  46. practicalswift force-pushed on Mar 3, 2021
  47. fanquake added this to the "Blockers" column in a project
  48. in src/validation.cpp:5036 in d9b0d15607 outdated 
    5033+bool LoadMempool(CTxMemPool& pool, CChainState& active_chainstate, std::function<FILE*(const fs::path&, const char*)> mockable_fopen_function)
5034 {
5035     const CChainParams& chainparams = Params();
5036     int64_t nExpiryTimeout = gArgs.GetArg("-mempoolexpiry", DEFAULT_MEMPOOL_EXPIRY) * 60 * 60;
5037-    FILE* filestr = fsbridge::fopen(GetDataDir() / "mempool.dat", "rb");
5038+    FILE* filestr = mockable_fopen_function(GetDataDir() / "mempool.dat", "rb");
    jonatack commented at 6:39 pm on March 11, 2021:

    style nit, while touching this line, can update to braced initialization (same for line 5140)

    0-    FILE* filestr = mockable_fopen_function(GetDataDir() / "mempool.dat", "rb");
1+    FILE* filestr{mockable_fopen_function(GetDataDir() / "mempool.dat", "rb")};
  49. in src/test/fuzz/util.h:265 in d9b0d15607 outdated 
    259@@ -260,6 +260,16 @@ void SetFuzzedErrNo(FuzzedDataProvider& fuzzed_data_provider, const std::array<T
260     errno = fuzzed_data_provider.PickValueInArray(errnos);
261 }
262 
263+/*
264+ * Sets a fuzzed errno in the range [0, 133 (EHWPOISON)]. Can be used from functions emulating
265+ * standard library functions that sets errno, or in other contexts where the value of errno
    jonatack commented at 6:40 pm on March 11, 2021: 
    0 * standard library functions that set errno, or in other contexts where the value of errno
  50. jonatack commented at 6:51 pm on March 11, 2021: member

    Light code review ACK d9b0d15607167cbfef52bcc73b964f1201b71796 and ran the fuzzer

     0$ FUZZ=validation_load_mempool src/test/fuzz/fuzz 
 1INFO: Seed: 2149651356
 2INFO: Loaded 1 modules   (643553 inline 8-bit counters): 643553 [0x5603d1a48d48, 0x5603d1ae5f29), 
 3INFO: Loaded 1 PC tables (643553 PCs): 643553 [0x5603d1ae5f30,0x5603d24b7d40), 
 4INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
 5INFO: A corpus is not provided, starting from an empty corpus
 6[#2](/bitcoin-bitcoin/2/)	INITED cov: 2470 ft: 2469 corp: 1/1b exec/s: 0 rss: 194Mb
 7[#5](/bitcoin-bitcoin/5/)	NEW    cov: 2470 ft: 2476 corp: 2/5b lim: 4 exec/s: 0 rss: 194Mb L: 4/4 MS: 3 CopyPart-CopyPart-CrossOver-
 8[#8](/bitcoin-bitcoin/8/)	NEW    cov: 2470 ft: 2483 corp: 3/7b lim: 4 exec/s: 0 rss: 195Mb L: 2/4 MS: 3 ChangeByte-ChangeBit-CopyPart-
 9.../...
10[#3035373](/bitcoin-bitcoin/3035373/)	REDUCE cov: 12335 ft: 46498 corp: 1039/729Kb lim: 4096 exec/s: 1489 rss: 518Mb L: 1711/4096 MS: 2 ChangeByte-EraseBytes-
11[#3036089](/bitcoin-bitcoin/3036089/)	REDUCE cov: 12335 ft: 46498 corp: 1039/729Kb lim: 4096 exec/s: 1489 rss: 518Mb L: 132/4096 MS: 1 EraseBytes-
12[#3036186](/bitcoin-bitcoin/3036186/)	REDUCE cov: 12335 ft: 46498 corp: 1039/729Kb lim: 4096 exec/s: 1489 rss: 518Mb L: 291/4096 MS: 2 ChangeByte-EraseBytes-

    I’m not sure if there is a recent regression (unrelated to this patch) in our fuzzing utils or in a recent apt update on Debian testing or if I’m just doing something wrong, but like with the I2P fuzzing PR, I’m seeing OOM with qa-assets.

      0$ FUZZ=validation_load_mempool src/test/fuzz/fuzz ../qa-assets/fuzz_seed_corpus
  1INFO: Seed: 158284216
  2INFO: Loaded 1 modules   (643553 inline 8-bit counters): 643553 [0x5590b92c0d48, 0x5590b935df29), 
  3INFO: Loaded 1 PC tables (643553 PCs): 643553 [0x5590b935df30,0x5590b9d2fd40), 
  4INFO:   237105 files found in ../qa-assets/fuzz_seed_corpus
  5INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes
  6INFO: seed corpus: files: 237105 min: 1b max: 3986616b total: 4147898382b rss: 380Mb
  7[#4096](/bitcoin-bitcoin/4096/)	pulse  cov: 2471 ft: 2489 corp: 5/15b exec/s: 2048 rss: 497Mb
  8[#8192](/bitcoin-bitcoin/8192/)	pulse  cov: 2513 ft: 2578 corp: 14/83b exec/s: 2048 rss: 589Mb
  9[#16384](/bitcoin-bitcoin/16384/)	pulse  cov: 2712 ft: 3173 corp: 23/175b exec/s: 2730 rss: 655Mb
 10[#32768](/bitcoin-bitcoin/32768/)	pulse  cov: 2715 ft: 3207 corp: 32/307b exec/s: 2978 rss: 681Mb
 11[#65536](/bitcoin-bitcoin/65536/)	pulse  cov: 4935 ft: 6993 corp: 42/695b exec/s: 3120 rss: 681Mb
 12[#131072](/bitcoin-bitcoin/131072/)	pulse  cov: 5699 ft: 12269 corp: 53/1944b exec/s: 3196 rss: 681Mb
 13==13249== ERROR: libFuzzer: out-of-memory (used: 2160Mb; limit: 2048Mb)
 14   To change the out-of-memory limit use -rss_limit_mb=<N>
 15
 16Live Heap Allocations: 93237649 bytes in 253456 chunks; quarantined: 249855423 bytes in 15591 chunks; 1526469 other chunks; total chunks: 1795516; showing top 95% (at most 8 unique contexts)
 1722440640 byte(s) (24%) in 237105 allocation(s)
 18    [#0](/bitcoin-bitcoin/0/) 0x5590b517660d in malloc (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d5760d)
 19    [#1](/bitcoin-bitcoin/1/) 0x5590b5088ef7 in operator new(unsigned long) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c69ef7)
 20    [#2](/bitcoin-bitcoin/2/) 0x5590b50a0bbc in fuzzer::ReadCorpora(std::Fuzzer::vector<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> > > > const&, std::Fuzzer::vector<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> > > > const&) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c81bbc)
 21    [#3](/bitcoin-bitcoin/3/) 0x5590b50a0782 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c81782)
 22    [#4](/bitcoin-bitcoin/4/) 0x5590b50c9c22 in main (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2caac22)
 23    [#5](/bitcoin-bitcoin/5/) 0x7ff6cc2bbd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
 24
 2521499328 byte(s) (23%) in 12 allocation(s)
 26    [#0](/bitcoin-bitcoin/0/) 0x5590b517660d in malloc (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d5760d)
 27    [#1](/bitcoin-bitcoin/1/) 0x5590b5088ef7 in operator new(unsigned long) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c69ef7)
 28    [#2](/bitcoin-bitcoin/2/) 0x5590b50c9c22 in main (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2caac22)
 29    [#3](/bitcoin-bitcoin/3/) 0x7ff6cc2bbd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
 30
 3116777216 byte(s) (17%) in 1 allocation(s)
 32    [#0](/bitcoin-bitcoin/0/) 0x5590b51a5d4d in operator new(unsigned long) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d86d4d)
 33    [#1](/bitcoin-bitcoin/1/) 0x5590b52a03b5 in __gnu_cxx::new_allocator<uint256>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:115:27
 34    [#2](/bitcoin-bitcoin/2/) 0x5590b52a03b5 in std::allocator_traits<std::allocator<uint256> >::allocate(std::allocator<uint256>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:460:20
 35    [#3](/bitcoin-bitcoin/3/) 0x5590b52a03b5 in std::_Vector_base<uint256, std::allocator<uint256> >::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
 36    [#4](/bitcoin-bitcoin/4/) 0x5590b5bb7d1a in std::vector<uint256, std::allocator<uint256> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:635:34
 37    [#5](/bitcoin-bitcoin/5/) 0x5590b5bb7872 in std::vector<uint256, std::allocator<uint256> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:940:4
 38    [#6](/bitcoin-bitcoin/6/) 0x5590b5bb70c3 in CuckooCache::cache<uint256, SignatureCacheHasher>::setup(unsigned int) /home/jon/projects/bitcoin/bitcoin/src/./cuckoocache.h:344:15
 39    [#7](/bitcoin-bitcoin/7/) 0x5590b5ddce16 in CuckooCache::cache<uint256, SignatureCacheHasher>::setup_bytes(unsigned long) /home/jon/projects/bitcoin/bitcoin/src/./cuckoocache.h:368:16
 40    [#8](/bitcoin-bitcoin/8/) 0x5590b5ddce16 in InitScriptExecutionCache() /home/jon/projects/bitcoin/bitcoin/src/validation.cpp:1468:44
 41    [#9](/bitcoin-bitcoin/9/) 0x5590b64f7a5f in BasicTestingSetup::BasicTestingSetup(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/util/setup_common.cpp:110:5
 42    [#10](/bitcoin-bitcoin/10/) 0x5590b64f9599 in ChainTestingSetup::ChainTestingSetup(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/util/setup_common.cpp:130:7
 43    [#11](/bitcoin-bitcoin/11/) 0x5590b64fbd3f in TestingSetup::TestingSetup(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/util/setup_common.cpp:169:7
 44    [#12](/bitcoin-bitcoin/12/) 0x5590b52e7bf7 in std::_MakeUniq<TestingSetup const>::__single_object std::make_unique<TestingSetup const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/unique_ptr.h:962:34
 45    [#13](/bitcoin-bitcoin/13/) 0x5590b52dde12 in std::unique_ptr<TestingSetup const, std::default_delete<TestingSetup const> > MakeNoLogFileContext<TestingSetup const>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/./test/util/setup_common.h:170:12
 46    [#14](/bitcoin-bitcoin/14/) 0x5590b5665353 in initialize_validation_load_mempool() /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/validation_load_mempool.cpp:28:39
 47    [#15](/bitcoin-bitcoin/15/) 0x5590b51ac91c in void std::__invoke_impl<void, void (*&)()>(std::__invoke_other, void (*&)()) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:60:14
 48    [#16](/bitcoin-bitcoin/16/) 0x5590b51ac91c in std::enable_if<is_invocable_r_v<void, void (*&)()>, void>::type std::__invoke_r<void, void (*&)()>(void (*&)()) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:110:2
 49    [#17](/bitcoin-bitcoin/17/) 0x5590b51ac91c in std::_Function_handler<void (), void (*)()>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:291:9
 50    [#18](/bitcoin-bitcoin/18/) 0x5590b579287c in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:622:14
 51    [#19](/bitcoin-bitcoin/19/) 0x5590b6b2b312 in initialize() /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz.cpp:44:5
 52    [#20](/bitcoin-bitcoin/20/) 0x5590b6b2c84d in LLVMFuzzerInitialize /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz.cpp:70:5
 53    [#21](/bitcoin-bitcoin/21/) 0x5590b509e9bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c7f9bc)
 54    [#22](/bitcoin-bitcoin/22/) 0x5590b50c9c22 in main (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2caac22)
 55    [#23](/bitcoin-bitcoin/23/) 0x7ff6cc2bbd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
 56
 5716777216 byte(s) (17%) in 1 allocation(s)
 58    [#0](/bitcoin-bitcoin/0/) 0x5590b51a5d4d in operator new(unsigned long) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d86d4d)
 59    [#1](/bitcoin-bitcoin/1/) 0x5590b52a03b5 in __gnu_cxx::new_allocator<uint256>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:115:27
 60    [#2](/bitcoin-bitcoin/2/) 0x5590b52a03b5 in std::allocator_traits<std::allocator<uint256> >::allocate(std::allocator<uint256>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:460:20
 61    [#3](/bitcoin-bitcoin/3/) 0x5590b52a03b5 in std::_Vector_base<uint256, std::allocator<uint256> >::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
 62    [#4](/bitcoin-bitcoin/4/) 0x5590b5bb7d1a in std::vector<uint256, std::allocator<uint256> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:635:34
 63    [#5](/bitcoin-bitcoin/5/) 0x5590b5bb7872 in std::vector<uint256, std::allocator<uint256> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:940:4
 64    [#6](/bitcoin-bitcoin/6/) 0x5590b5bb70c3 in CuckooCache::cache<uint256, SignatureCacheHasher>::setup(unsigned int) /home/jon/projects/bitcoin/bitcoin/src/./cuckoocache.h:344:15
 65    [#7](/bitcoin-bitcoin/7/) 0x5590b5bb4862 in CuckooCache::cache<uint256, SignatureCacheHasher>::setup_bytes(unsigned long) /home/jon/projects/bitcoin/bitcoin/src/./cuckoocache.h:368:16
 66    [#8](/bitcoin-bitcoin/8/) 0x5590b5bb4862 in (anonymous namespace)::CSignatureCache::setup_bytes(unsigned long) /home/jon/projects/bitcoin/bitcoin/src/script/sigcache.cpp:80:25
 67    [#9](/bitcoin-bitcoin/9/) 0x5590b5bb4862 in InitSignatureCache() /home/jon/projects/bitcoin/bitcoin/src/script/sigcache.cpp:100:36
 68    [#10](/bitcoin-bitcoin/10/) 0x5590b64f7a4f in BasicTestingSetup::BasicTestingSetup(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/util/setup_common.cpp:109:5
 69    [#11](/bitcoin-bitcoin/11/) 0x5590b64f9599 in ChainTestingSetup::ChainTestingSetup(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/util/setup_common.cpp:130:7
 70    [#12](/bitcoin-bitcoin/12/) 0x5590b64fbd3f in TestingSetup::TestingSetup(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/util/setup_common.cpp:169:7
 71    [#13](/bitcoin-bitcoin/13/) 0x5590b52e7bf7 in std::_MakeUniq<TestingSetup const>::__single_object std::make_unique<TestingSetup const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/unique_ptr.h:962:34
 72    [#14](/bitcoin-bitcoin/14/) 0x5590b52dde12 in std::unique_ptr<TestingSetup const, std::default_delete<TestingSetup const> > MakeNoLogFileContext<TestingSetup const>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/./test/util/setup_common.h:170:12
 73    [#15](/bitcoin-bitcoin/15/) 0x5590b5665353 in initialize_validation_load_mempool() /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/validation_load_mempool.cpp:28:39
 74    [#16](/bitcoin-bitcoin/16/) 0x5590b51ac91c in void std::__invoke_impl<void, void (*&)()>(std::__invoke_other, void (*&)()) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:60:14
 75    [#17](/bitcoin-bitcoin/17/) 0x5590b51ac91c in std::enable_if<is_invocable_r_v<void, void (*&)()>, void>::type std::__invoke_r<void, void (*&)()>(void (*&)()) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:110:2
 76    [#18](/bitcoin-bitcoin/18/) 0x5590b51ac91c in std::_Function_handler<void (), void (*)()>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:291:9
 77    [#19](/bitcoin-bitcoin/19/) 0x5590b579287c in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:622:14
 78    [#20](/bitcoin-bitcoin/20/) 0x5590b6b2b312 in initialize() /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz.cpp:44:5
 79    [#21](/bitcoin-bitcoin/21/) 0x5590b6b2c84d in LLVMFuzzerInitialize /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz.cpp:70:5
 80    [#22](/bitcoin-bitcoin/22/) 0x5590b509e9bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c7f9bc)
 81    [#23](/bitcoin-bitcoin/23/) 0x5590b50c9c22 in main (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2caac22)
 82    [#24](/bitcoin-bitcoin/24/) 0x7ff6cc2bbd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
 83
 848388608 byte(s) (8%) in 1 allocation(s)
 85    [#0](/bitcoin-bitcoin/0/) 0x5590b517660d in malloc (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d5760d)
 86    [#1](/bitcoin-bitcoin/1/) 0x5590b5088ef7 in operator new(unsigned long) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c69ef7)
 87    [#2](/bitcoin-bitcoin/2/) 0x5590b50ac917 in fuzzer::GetSizedFilesFromDir(std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> > const&, std::Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >*) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c8d917)
 88    [#3](/bitcoin-bitcoin/3/) 0x5590b50a0bbc in fuzzer::ReadCorpora(std::Fuzzer::vector<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> > > > const&, std::Fuzzer::vector<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> >, fuzzer::fuzzer_allocator<std::Fuzzer::basic_string<char, std::Fuzzer::char_traits<char>, std::Fuzzer::allocator<char> > > > const&) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c81bbc)
 89    [#4](/bitcoin-bitcoin/4/) 0x5590b50a0782 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c81782)
 90    [#5](/bitcoin-bitcoin/5/) 0x5590b50c9c22 in main (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2caac22)
 91    [#6](/bitcoin-bitcoin/6/) 0x7ff6cc2bbd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
 92
 931294000 byte(s) (1%) in 1 allocation(s)
 94    [#0](/bitcoin-bitcoin/0/) 0x5590b51a5d4d in operator new(unsigned long) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d86d4d)
 95    [#1](/bitcoin-bitcoin/1/) 0x5590b5376cf5 in __gnu_cxx::new_allocator<unsigned long>::allocate(unsigned long, void const*) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/ext/new_allocator.h:115:27
 96    [#2](/bitcoin-bitcoin/2/) 0x5590b5376cf5 in std::allocator_traits<std::allocator<unsigned long> >::allocate(std::allocator<unsigned long>&, unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/alloc_traits.h:460:20
 97    [#3](/bitcoin-bitcoin/3/) 0x5590b5376cf5 in std::_Vector_base<unsigned long, std::allocator<unsigned long> >::_M_allocate(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:346:20
 98    [#4](/bitcoin-bitcoin/4/) 0x5590b60f606b in std::vector<unsigned long, std::allocator<unsigned long> >::_M_default_append(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/vector.tcc:635:34
 99    [#5](/bitcoin-bitcoin/5/) 0x5590b60f3042 in std::vector<unsigned long, std::allocator<unsigned long> >::resize(unsigned long) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/stl_vector.h:940:4
100    [#6](/bitcoin-bitcoin/6/) 0x5590b60f2c2b in CRollingBloomFilter::CRollingBloomFilter(unsigned int, double) /home/jon/projects/bitcoin/bitcoin/src/bloom.cpp:196:10
101    [#7](/bitcoin-bitcoin/7/) 0x5590b66056cb in (anonymous namespace)::PeerManagerImpl::PeerManagerImpl(CChainParams const&, CConnman&, BanMan*, CScheduler&, ChainstateManager&, CTxMemPool&, bool) /home/jon/projects/bitcoin/bitcoin/src/net_processing.cpp:1229:29
102    [#8](/bitcoin-bitcoin/8/) 0x5590b66056cb in std::_MakeUniq<(anonymous namespace)::PeerManagerImpl>::__single_object std::make_unique<(anonymous namespace)::PeerManagerImpl, CChainParams const&, CConnman&, BanMan*&, CScheduler&, ChainstateManager&, CTxMemPool&, bool&>(CChainParams const&, CConnman&, BanMan*&, CScheduler&, ChainstateManager&, CTxMemPool&, bool&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/unique_ptr.h:962:34
103    [#9](/bitcoin-bitcoin/9/) 0x5590b660412f in PeerManager::make(CChainParams const&, CConnman&, BanMan*, CScheduler&, ChainstateManager&, CTxMemPool&, bool) /home/jon/projects/bitcoin/bitcoin/src/net_processing.cpp:1213:12
104    [#10](/bitcoin-bitcoin/10/) 0x5590b64fc949 in TestingSetup::TestingSetup(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/test/util/setup_common.cpp:193:22
105    [#11](/bitcoin-bitcoin/11/) 0x5590b52e7bf7 in std::_MakeUniq<TestingSetup const>::__single_object std::make_unique<TestingSetup const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/unique_ptr.h:962:34
106    [#12](/bitcoin-bitcoin/12/) 0x5590b52dde12 in std::unique_ptr<TestingSetup const, std::default_delete<TestingSetup const> > MakeNoLogFileContext<TestingSetup const>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<char const*, std::allocator<char const*> > const&) /home/jon/projects/bitcoin/bitcoin/src/./test/util/setup_common.h:170:12
107    [#13](/bitcoin-bitcoin/13/) 0x5590b5665353 in initialize_validation_load_mempool() /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/validation_load_mempool.cpp:28:39
108    [#14](/bitcoin-bitcoin/14/) 0x5590b51ac91c in void std::__invoke_impl<void, void (*&)()>(std::__invoke_other, void (*&)()) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:60:14
109    [#15](/bitcoin-bitcoin/15/) 0x5590b51ac91c in std::enable_if<is_invocable_r_v<void, void (*&)()>, void>::type std::__invoke_r<void, void (*&)()>(void (*&)()) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/invoke.h:110:2
110    [#16](/bitcoin-bitcoin/16/) 0x5590b51ac91c in std::_Function_handler<void (), void (*)()>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:291:9
111    [#17](/bitcoin-bitcoin/17/) 0x5590b579287c in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h:622:14
112    [#18](/bitcoin-bitcoin/18/) 0x5590b6b2b312 in initialize() /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz.cpp:44:5
113    [#19](/bitcoin-bitcoin/19/) 0x5590b6b2c84d in LLVMFuzzerInitialize /home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz.cpp:70:5
114    [#20](/bitcoin-bitcoin/20/) 0x5590b509e9bc in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c7f9bc)
115    [#21](/bitcoin-bitcoin/21/) 0x5590b50c9c22 in main (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2caac22)
116    [#22](/bitcoin-bitcoin/22/) 0x7ff6cc2bbd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
117
1181049024 byte(s) (1%) in 2 allocation(s)
119    [#0](/bitcoin-bitcoin/0/) 0x5590b517660d in malloc (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d5760d)
120    [#1](/bitcoin-bitcoin/1/) 0x5590b6d71072 in checked_malloc /home/jon/projects/bitcoin/bitcoin/src/secp256k1/./src/util.h:92:17
121    [#2](/bitcoin-bitcoin/2/) 0x5590b6d71072 in secp256k1_context_create /home/jon/projects/bitcoin/bitcoin/src/secp256k1/src/secp256k1.c:153:50
122
1231048576 byte(s) (1%) in 1 allocation(s)
124    [#0](/bitcoin-bitcoin/0/) 0x5590b517660d in malloc (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2d5760d)
125    [#1](/bitcoin-bitcoin/1/) 0x5590b5088ef7 in operator new(unsigned long) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c69ef7)
126    [#2](/bitcoin-bitcoin/2/) 0x5590b50b2669 in fuzzer::Fuzzer::Loop(std::Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c93669)
127    [#3](/bitcoin-bitcoin/3/) 0x5590b50a07d8 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2c817d8)
128    [#4](/bitcoin-bitcoin/4/) 0x5590b50c9c22 in main (/home/jon/projects/bitcoin/bitcoin/src/test/fuzz/fuzz+0x2caac22)
129    [#5](/bitcoin-bitcoin/5/) 0x7ff6cc2bbd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26d09)
130
131MS: 0 ; base unit: 0000000000000000000000000000000000000000
132
133
134artifact_prefix='./'; Test unit written to ./oom-da39a3ee5e6b4b0d3255bfef95601890afd80709
135Base64: 
136SUMMARY: libFuzzer: out-of-memory
  51. tests: Set errno in FuzzedFileProvider. Implement seek(..., ..., SEEK_END). af322c7494
  52. validation: Make DumpMempool(...) and LoadMempool(...) easier to test/fuzz/mock 91af6b97c9
  53. practicalswift force-pushed on Mar 11, 2021
  54. practicalswift commented at 10:46 pm on March 11, 2021: contributor

    @jonatack

    Thanks a lot for reviewing!

    All feedback addressed (+ added using FopenFn for readability): this PR should hopefully be ready for final review :)

  55. Crypt-iQ commented at 1:23 pm on March 12, 2021: contributor
    @jonatack libfuzzer is in-process fuzzing with an in-memory corpus and I have noticed on my Arch box, that more inputs and larger inputs will make rss increase significantly. In the crash log, I notice that the max length for inputs is 1MB. Just a thought.
  56. jonatack commented at 1:35 pm on March 12, 2021: member
    @Crypt-iQ yes, for me this is a new issue (after a couple years of testing fuzz patches on this project) and only with qa-assets.
  57. jonatack commented at 3:06 pm on March 12, 2021: member

    re-ACK f00061202867dd965fe8ca51253d1600776f8ab0 per git range-diff e0bc27a d9b0d15 f000612, looked over the changes again, fuzz build + ran fuzzer, debug non-fuzz build + ran/halted bitcoind a couple times on mainnet/signet, loading/dumping mempool seemed nominal

    Thanks for adding the FopenFn type alias. It’s a nice improvement.

  58. in src/test/fuzz/validation_load_mempool.cpp:24 in f000612028 outdated 
    19+
20+FILE* fuzzed_fopen(const fs::path&, const char*)
21+{
22+    return fuzzed_file_provider_ptr->open();
23+}
24+} // namespace
    MarcoFalke commented at 3:28 pm on March 12, 2021:
    Could avoid this namespace by making fuzzed_fopen a lambda with smallest scope possible?
    practicalswift commented at 3:49 pm on March 15, 2021:
    Good point! Now addressed.
  59. in src/test/fuzz/validation_load_mempool.cpp:32 in f000612028 outdated 
    34+    SetMockTime(ConsumeTime(fuzzed_data_provider));
35+    FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
36+    fuzzed_file_provider_ptr = &fuzzed_file_provider;
37+
38+    CTxMemPool pool{};
39+    (void)LoadMempool(pool, ::ChainstateActive(), fuzzed_fopen);
    MarcoFalke commented at 3:32 pm on March 12, 2021:
    would be nice to not introduce a new global
    practicalswift commented at 3:49 pm on March 15, 2021:
    Good point! Now addressed.
    MarcoFalke commented at 5:56 pm on March 15, 2021:

    Not addressed?

    nvm. @dongcarl will fix this :grimacing:

    practicalswift commented at 6:46 pm on March 15, 2021:
    I thought you meant the introduction of fuzzed_fopen? What did you mean? :)
    MarcoFalke commented at 7:25 pm on March 15, 2021:
    Oh, the ::ChainstateActive()
  60. tests: Add fuzzing harness for LoadMempool(...) and DumpMempool(...) 68afd3eeec
  61. practicalswift force-pushed on Mar 15, 2021
  62. jonatack commented at 5:22 pm on March 15, 2021: member

    Tested re-ACK 68afd3eeec27a270765ad26cd62d87cd0935e99f

    Nice improvement.

     0diff --git a/src/test/fuzz/validation_load_mempool.cpp b/src/test/fuzz/validation_load_mempool.cpp
 1index 97e705ef30..e1a21b6c53 100644
 2--- a/src/test/fuzz/validation_load_mempool.cpp
 3+++ b/src/test/fuzz/validation_load_mempool.cpp
 4@@ -14,15 +14,6 @@
 5 #include <cstdint>
 6 #include <vector>
 7 
 8-namespace {
 9-FuzzedFileProvider* fuzzed_file_provider_ptr = nullptr;
10-
11-FILE* fuzzed_fopen(const fs::path&, const char*)
12-{
13-    return fuzzed_file_provider_ptr->open();
14-}
15-} // namespace
16-
17 void initialize_validation_load_mempool()
18 {
19     static const auto testing_setup = MakeNoLogFileContext<const TestingSetup>();
20@@ -33,11 +24,11 @@ FUZZ_TARGET_INIT(validation_load_mempool, initialize_validation_load_mempool)
21     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
22     SetMockTime(ConsumeTime(fuzzed_data_provider));
23     FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
24-    fuzzed_file_provider_ptr = &fuzzed_file_provider;
25 
26     CTxMemPool pool{};
27+    auto fuzzed_fopen = [&](const fs::path&, const char*) {
28+        return fuzzed_file_provider.open();
29+    };
30     (void)LoadMempool(pool, ::ChainstateActive(), fuzzed_fopen);
31     (void)DumpMempool(pool, fuzzed_fopen, true);
32-
33-    fuzzed_file_provider_ptr = nullptr;
34 }
  63. MarcoFalke merged this on Mar 15, 2021
  64. MarcoFalke closed this on Mar 15, 2021
  65. fanquake removed this from the "Blockers" column in a project
  66. sidhujag referenced this in commit 800e038062 on Mar 16, 2021
  67. practicalswift deleted the branch on Apr 10, 2021
  68. DrahtBot locked this on Aug 16, 2022


practicalswift DrahtBot Crypt-iQ jonatack MarcoFalke

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-17 06:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me