fuzz: Ensure prevout is consensus-valid #21773

pull MarcoFalke wants to merge 1 commits into bitcoin:master from MarcoFalke:2104-fuzzScript changing 1 files +4 −0
  1. MarcoFalke commented at 8:38 am on April 25, 2021: member

    It shouldn’t be possible to create consensus-invalid prevouts, so there is no need to fuzz them.

    To reproduce:

     0$ echo 'AAAAAAEAAAAAAQF0Rw0SGsrit4+YZSEfpcQT/o+bJbjgVjATUHqrCfRE+QsBAAAXFgAUlsvXHgGV
 1ZxF3QXxitwe1tIOYdLj2NePHATl9CgAAAAAAGXapFOFHg1yqRFl7soeowwpIEOoe9G1NiKwCRzBE
 2AiAx6F2Q008gvJnok6JiyOn7lPqCJJmDiI2omRNXT1Q7XAIgCQP6WJizAqhnvImpQqYMJkqePGvx
 3Jy/pGRMy1iNL0ecDIQJr4tWomVTBfjpyMFMOD9aDAR5gkByOIYiaQOv8P/sRztP3pS8RDAAAEUUE
 4NQBwYAAAAAC5F6kUTLIzj/lKP2Hmpwyzukns2eweRkOH' | base64 --decode  > /tmp/a
 5
 6
 7$ FUZZ=script_flags ./src/test/fuzz/fuzz /tmp/a
 8INFO: Running with entropic power schedule (0xFF, 100).
 9INFO: Seed: 59714236
10INFO: Loaded 1 modules   (212532 inline 8-bit counters): 212532 [0x55987fb3f668, 0x55987fb7349c), 
11INFO: Loaded 1 PC tables (212532 PCs): 212532 [0x55987fb734a0,0x55987feb17e0), 
12./src/test/fuzz/fuzz: Running 1 inputs 1 time(s) each.
13Running: /tmp/a
14fuzz: script/interpreter.cpp:1495: bool HandleMissingData(MissingDataBehavior): Assertion `!"Missing data"' failed.
15==520092== ERROR: libFuzzer: deadly signal
16    [#0](/bitcoin-bitcoin/0/) 0x55987f111180 in __sanitizer_print_stack_trace (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x5ea180)
17    [#1](/bitcoin-bitcoin/1/) 0x55987f0ba828 in fuzzer::PrintStackTrace() fuzzer.o
18    [#2](/bitcoin-bitcoin/2/) 0x55987f09de43 in fuzzer::Fuzzer::CrashCallback() fuzzer.o
19    [#3](/bitcoin-bitcoin/3/) 0x7fd003d563bf  (/lib/x86_64-linux-gnu/libpthread.so.0+0x153bf)
20    [#4](/bitcoin-bitcoin/4/) 0x7fd00399a18a in raise (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
21    [#5](/bitcoin-bitcoin/5/) 0x7fd003979858 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
22    [#6](/bitcoin-bitcoin/6/) 0x7fd003979728  (/lib/x86_64-linux-gnu/libc.so.6+0x25728)
23    [#7](/bitcoin-bitcoin/7/) 0x7fd00398af35 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x36f35)
24    [#8](/bitcoin-bitcoin/8/) 0x55987f8ce194 in HandleMissingData(MissingDataBehavior) /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:1495:9
25    [#9](/bitcoin-bitcoin/9/) 0x55987f8ce194 in GenericTransactionSignatureChecker<CTransaction>::CheckECDSASignature(std::vector<unsigned char, std::allocator<unsigned char> > const&, std::vector<unsigned char, std::allocator<unsigned char> > const&, CScript const&, SigVersion) const /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:1685:68
26    [#10](/bitcoin-bitcoin/10/) 0x55987f8cbbc8 in EvalChecksigPreTapscript(std::vector<unsigned char, std::allocator<unsigned char> > const&, std::vector<unsigned char, std::allocator<unsigned char> > const&, prevector<28u, unsigned char, unsigned int, int>::const_iterator, prevector<28u, unsigned char, unsigned int, int>::const_iterator, unsigned int, BaseSignatureChecker const&, SigVersion, ScriptError_t*, bool&) /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:363:24
27    [#11](/bitcoin-bitcoin/11/) 0x55987f8cbbc8 in EvalChecksig(std::vector<unsigned char, std::allocator<unsigned char> > const&, std::vector<unsigned char, std::allocator<unsigned char> > const&, prevector<28u, unsigned char, unsigned int, int>::const_iterator, prevector<28u, unsigned char, unsigned int, int>::const_iterator, ScriptExecutionData&, unsigned int, BaseSignatureChecker const&, SigVersion, ScriptError_t*, bool&) /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:421:16
28    [#12](/bitcoin-bitcoin/12/) 0x55987f8c5a01 in EvalScript(std::vector<std::vector<unsigned char, std::allocator<unsigned char> >, std::allocator<std::vector<unsigned char, std::allocator<unsigned char> > > >&, CScript const&, unsigned int, BaseSignatureChecker const&, SigVersion, ScriptExecutionData&, ScriptError_t*) /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:1094:26
29    [#13](/bitcoin-bitcoin/13/) 0x55987f8d6d6e in ExecuteWitnessScript(Span<std::vector<unsigned char, std::allocator<unsigned char> > const> const&, CScript const&, unsigned int, SigVersion, BaseSignatureChecker const&, ScriptExecutionData&, ScriptError_t*) /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:1843:10
30    [#14](/bitcoin-bitcoin/14/) 0x55987f8d48fc in VerifyWitnessProgram(CScriptWitness const&, int, std::vector<unsigned char, std::allocator<unsigned char> > const&, unsigned int, BaseSignatureChecker const&, ScriptError_t*, bool) /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:1904:20
31    [#15](/bitcoin-bitcoin/15/) 0x55987f8d3d8b in VerifyScript(CScript const&, CScript const&, CScriptWitness const*, unsigned int, BaseSignatureChecker const&, ScriptError_t*) /root/fuzz_dir/scratch/fuzz_gen/code/src/script/interpreter.cpp:2045:22
32    [#16](/bitcoin-bitcoin/16/) 0x55987f201d47 in script_flags_fuzz_target(Span<unsigned char const>) /root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/script_flags.cpp:54:30
33    [#17](/bitcoin-bitcoin/17/) 0x55987f11447f in std::_Function_handler<void (Span<unsigned char const>), void (*)(Span<unsigned char const>)>::_M_invoke(std::_Any_data const&, Span<unsigned char const>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:300:2
34    [#18](/bitcoin-bitcoin/18/) 0x55987f8aed17 in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14
35    [#19](/bitcoin-bitcoin/19/) 0x55987f8aed17 in LLVMFuzzerTestOneInput /root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz.cpp:63:5
36    [#20](/bitcoin-bitcoin/20/) 0x55987f09f5e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
37    [#21](/bitcoin-bitcoin/21/) 0x55987f0894e2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
38    [#22](/bitcoin-bitcoin/22/) 0x55987f08f2da in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
39    [#23](/bitcoin-bitcoin/23/) 0x55987f0bb002 in main (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x594002)
40    [#24](/bitcoin-bitcoin/24/) 0x7fd00397b0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
41    [#25](/bitcoin-bitcoin/25/) 0x55987f06420d in _start (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x53d20d)
42
43NOTE: libFuzzer has rudimentary signal handlers.
44      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
45SUMMARY: libFuzzer: deadly signal
  2. fuzz: Ensure prevout is consensus-valid fa1fdeb230
  3. fanquake added the label Tests on Apr 25, 2021
  4. practicalswift commented at 10:00 am on April 25, 2021: contributor
    Tested ACK fa1fdeb2306ab86eb0ae7e8b9764bc37b1b5f04b
  5. adamjonas commented at 8:25 pm on April 26, 2021: member

    Fuzzed on master - immediately failed as described. No crashes on fa1fdeb.

    ACK

  6. MarcoFalke merged this on Apr 28, 2021
  7. MarcoFalke closed this on Apr 28, 2021
  8. MarcoFalke deleted the branch on Apr 28, 2021
  9. sidhujag referenced this in commit f679792107 on Apr 28, 2021
  10. PastaPastaPasta referenced this in commit a4ba8c32db on Oct 20, 2021
  11. PastaPastaPasta referenced this in commit 6d06ff069c on Oct 21, 2021
  12. pravblockc referenced this in commit a76973b2ad on Nov 18, 2021
  13. gwillen referenced this in commit d9730235a4 on Jun 1, 2022
  14. DrahtBot locked this on Aug 18, 2022


MarcoFalke practicalswift adamjonas

Labels
Tests

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-23 21:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me