Failure to run Fuzz tests when running with corpus #32089

issue Prabhat1308 opened this issue on March 18, 2025

Prabhat1308 commented at 9:05 AM on March 18, 2025: contributor

Is there an existing issue for this?

I have searched the existing issues

Current behaviour

When running the fuzz tests with fuzz corpus raises an error

FUZZ=process_message build_fuzz/bin/fuzz qa-assets/fuzz_corpora/process_message/                                               ─╯
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 64371175
INFO: Loaded 1 modules   (1252320 inline 8-bit counters): 1252320 [0x1061c8000, 0x1062f9be0), 
INFO: Loaded 1 PC tables (1252320 PCs): 1252320 [0x1062f9be0,0x1076159e0), 
=================================================================
==36574==ERROR: AddressSanitizer: container-overflow on address 0x60800002c268 at pc 0x000102074ef4 bp 0x00016ddd26e0 sp 0x00016ddd26d8
WRITE of size 8 at 0x60800002c268 thread T0
    [#0](/bitcoin-bitcoin/0/) 0x000102074ef0 in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::__init_copy_ctor_external(char const*, unsigned long)+0x1c4 (fuzz:arm64+0x100048ef0)
    [#1](/bitcoin-bitcoin/1/) 0x0001057b34f8 in fuzzer::ListFilesInDirRecursive(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, long*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>*, bool)+0x26c (fuzz:arm64+0x1037874f8)
    [#2](/bitcoin-bitcoin/2/) 0x0001057b27c0 in fuzzer::GetSizedFilesFromDir(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>*)+0x2c (fuzz:arm64+0x1037867c0)
    [#3](/bitcoin-bitcoin/3/) 0x0001057ae338 in fuzzer::ReadCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&)+0x4c (fuzz:arm64+0x103782338)
    [#4](/bitcoin-bitcoin/4/) 0x0001057ae1a0 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1dbc (fuzz:arm64+0x1037821a0)
    [#5](/bitcoin-bitcoin/5/) 0x0001057c1aa8 in main+0x24 (fuzz:arm64+0x103795aa8)
    [#6](/bitcoin-bitcoin/6/) 0x00018ce70270  (<unknown module>)
    [#7](/bitcoin-bitcoin/7/) 0xf3547ffffffffffc  (<unknown module>)

0x60800002c268 is located 72 bytes inside of 96-byte region [0x60800002c220,0x60800002c280)
allocated by thread T0 here:
    [#0](/bitcoin-bitcoin/0/) 0x0001094d92c4 in _Znwm+0x6c (libclang_rt.asan_osx_dynamic.dylib:arm64+0x612c4)
    [#1](/bitcoin-bitcoin/1/) 0x0001025f0a5c in std::__1::__split_buffer<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>&)+0xf0 (fuzz:arm64+0x1005c4a5c)
    [#2](/bitcoin-bitcoin/2/) 0x000102943a48 in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>* std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>::__push_back_slow_path<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&)+0x244 (fuzz:arm64+0x100917a48)
    [#3](/bitcoin-bitcoin/3/) 0x0001057b3468 in fuzzer::ListFilesInDirRecursive(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, long*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>*, bool)+0x1dc (fuzz:arm64+0x103787468)
    [#4](/bitcoin-bitcoin/4/) 0x0001057b27c0 in fuzzer::GetSizedFilesFromDir(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>*)+0x2c (fuzz:arm64+0x1037867c0)
    [#5](/bitcoin-bitcoin/5/) 0x0001057ae338 in fuzzer::ReadCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&)+0x4c (fuzz:arm64+0x103782338)
    [#6](/bitcoin-bitcoin/6/) 0x0001057ae1a0 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1dbc (fuzz:arm64+0x1037821a0)
    [#7](/bitcoin-bitcoin/7/) 0x0001057c1aa8 in main+0x24 (fuzz:arm64+0x103795aa8)
    [#8](/bitcoin-bitcoin/8/) 0x00018ce70270  (<unknown module>)
    [#9](/bitcoin-bitcoin/9/) 0xf3547ffffffffffc  (<unknown module>)

HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
SUMMARY: AddressSanitizer: container-overflow (fuzz:arm64+0x100048ef0) in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::__init_copy_ctor_external(char const*, unsigned long)+0x1c4
Shadow bytes around the buggy address:
  0x60800002bf80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x60800002c000: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c080: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x60800002c100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c180: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
=>0x60800002c200: fa fa fa fa 00 00 00 00 00 00 00 00 00[fc]fc fc
  0x60800002c280: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c300: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x60800002c380: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x60800002c480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==36574==ABORTING
[3]    36574 abort      FUZZ=process_message build_fuzz/bin/fuzz

when running with without corpus , the fuzz test runs fine.

 FUZZ=process_message build_fuzz/bin/fuzz                                                                                       ─╯
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 85124989
INFO: Loaded 1 modules   (1252320 inline 8-bit counters): 1252320 [0x10672c000, 0x10685dbe0), 
INFO: Loaded 1 PC tables (1252320 PCs): 1252320 [0x10685dbe0,0x107b799e0), 
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
[#2](/bitcoin-bitcoin/2/)      INITED cov: 2748 ft: 2747 corp: 1/1b exec/s: 0 rss: 193Mb
[#6](/bitcoin-bitcoin/6/)      NEW    cov: 2754 ft: 2848 corp: 2/2b lim: 4 exec/s: 0 rss: 193Mb L: 1/1 MS: 4 ChangeBinInt-ChangeBit-CopyPart-ChangeByte-
[#8](/bitcoin-bitcoin/8/)      NEW    cov: 2754 ft: 2851 corp: 3/4b lim: 4 exec/s: 0 rss: 194Mb L: 2/2 MS: 2 CopyPart-InsertByte-
[#11](/bitcoin-bitcoin/11/)     NEW    cov: 2757 ft: 2858 corp: 4/5b lim: 4 exec/s: 0 rss: 194Mb L: 1/2 MS: 3 ChangeBit-ChangeBinInt-ChangeBit-
[#26](/bitcoin-bitcoin/26/)     NEW    cov: 2757 ft: 2859 corp: 5/7b lim: 4 exec/s: 0 rss: 194Mb L: 2/2 MS: 5 CrossOver-ChangeBit-ChangeByte-CrossOver-CrossOver-
[#27](/bitcoin-bitcoin/27/)     NEW    cov: 2758 ft: 2878 corp: 6/8b lim: 4 exec/s: 0 rss: 194Mb L: 1/2 MS: 1 ChangeByte-
[#53](/bitcoin-bitcoin/53/)     NEW    cov: 2758 ft: 2879 corp: 7/12b lim: 4 exec/s: 0 rss: 195Mb L: 4/4 MS: 1 CopyPart-
[#278](/bitcoin-bitcoin/278/)    NEW    cov: 2759 ft: 2881 corp: 8/17b lim: 6 exec/s: 0 rss: 198Mb L: 5/5 MS: 5 ShuffleBytes-ChangeByte-EraseBytes-CrossOver-CrossOver-
[#364](/bitcoin-bitcoin/364/)    NEW    cov: 2759 ft: 2882 corp: 9/18b lim: 6 exec/s: 0 rss: 200Mb L: 1/5 MS: 1 ChangeByte-
[#615](/bitcoin-bitcoin/615/)    NEW    cov: 2759 ft: 2890 corp: 10/20b lim: 8 exec/s: 0 rss: 204Mb L: 2/5 MS: 1 InsertByte-
[#657](/bitcoin-bitcoin/657/)    NEW    cov: 2759 ft: 2892 corp: 11/27b lim: 8 exec/s: 0 rss: 204Mb L: 7/7 MS: 2 ChangeByte-CopyPart-
[#692](/bitcoin-bitcoin/692/)    NEW    cov: 2759 ft: 2893 corp: 12/34b lim: 8 exec/s: 0 rss: 205Mb L: 7/7 MS: 5 InsertRepeatedBytes-InsertByte-EraseBytes-ChangeBinInt-InsertRepeatedBytes-
[#1013](/bitcoin-bitcoin/1013/)   NEW    cov: 2759 ft: 2895 corp: 13/45b lim: 11 exec/s: 0 rss: 210Mb L: 11/11 MS: 1 InsertRepeatedBytes-
[#1341](/bitcoin-bitcoin/1341/)   NEW    cov: 2764 ft: 2901 corp: 14/58b lim: 14 exec/s: 0 rss: 215Mb L: 13/13 MS: 3 ChangeByte-InsertRepeatedBytes-InsertRepeatedBytes-
[#1347](/bitcoin-bitcoin/1347/)   NEW    cov: 2765 ft: 2902 corp: 15/61b lim: 14 exec/s: 0 rss: 215Mb L: 3/13 MS: 1 CrossOver-
[#1378](/bitcoin-bitcoin/1378/)   NEW    cov: 2765 ft: 2905 corp: 16/75b lim: 14 exec/s: 0 rss: 216Mb L: 14/14 MS: 1 InsertByte-
[#1716](/bitcoin-bitcoin/1716/)   NEW    cov: 2765 ft: 2908 corp: 17/91b lim: 17 exec/s: 0 rss: 221Mb L: 16/16 MS: 3 CrossOver-InsertRepeatedBytes-InsertRepeatedBytes-
[#1754](/bitcoin-bitcoin/1754/)   NEW    cov: 2765 ft: 2911 corp: 18/106b lim: 17 exec/s: 0 rss: 222Mb L: 15/16 MS: 3 InsertByte-ChangeBit-CopyPart-
[#1982](/bitcoin-bitcoin/1982/)   NEW    cov: 2766 ft: 2912 corp: 19/110b lim: 17 exec/s: 0 rss: 226Mb L: 4/16 MS: 3 ChangeBit-EraseBytes-ChangeBit-
[#2405](/bitcoin-bitcoin/2405/)   NEW    cov: 2767 ft: 2915 corp: 20/130b lim: 21 exec/s: 0 rss: 232Mb L: 20/20 MS: 3 InsertByte-InsertRepeatedBytes-InsertRepeatedBytes-
[#2418](/bitcoin-bitcoin/2418/)   NEW    cov: 2769 ft: 2917 corp: 21/151b lim: 21 exec/s: 0 rss: 233Mb L: 21/21 MS: 3 InsertRepeatedBytes-InsertByte-CrossOver-
[#2629](/bitcoin-bitcoin/2629/)   REDUCE cov: 2769 ft: 2917 corp: 21/150b lim: 21 exec/s: 0 rss: 236Mb L: 6/21 MS: 1 EraseBytes-
        NEW_FUNC[1/19]: 0x0001034cb5bc in CNetAddr::IsRFC1918() const+0x0 (fuzz:arm64+0x100f3b5bc)
        NEW_FUNC[2/19]: 0x0001034cbd94 in CNetAddr::IsRFC2544() const+0x0 (fuzz:arm64+0x100f3bd94)
[#3051](/bitcoin-bitcoin/3051/)   NEW    cov: 2881 ft: 3227 corp: 22/173b lim: 25 exec/s: 0 rss: 244Mb L: 23/23 MS: 2 InsertRepeatedBytes-InsertRepeatedBytes-
[#3071](/bitcoin-bitcoin/3071/)   REDUCE cov: 2881 ft: 3227 corp: 22/170b lim: 25 exec/s: 0 rss: 244Mb L: 3/23 MS: 5 ChangeBit-CrossOver-CMP-CrossOver-EraseBytes- DE: "\377\377\377\377"-
        NEW_FUNC[1/11]: 0x0001025a7a5c in std::__1::vector<unsigned char, std::__1::allocator<unsigned char>>::shrink_to_fit()+0x0 (fuzz:arm64+0x100017a5c)
        NEW_FUNC[2/11]: 0x0001025a8070 in std::__1::vector<unsigned char,

Expected behaviour

To run the fuzz tests without any error and relevant log output.

Steps to reproduce

git clone https://github.com/bitcoin-core/qa-assets
cmake --preset=libfuzzer \
   -DCMAKE_C_COMPILER="$(brew --prefix llvm)/bin/clang" \
   -DCMAKE_CXX_COMPILER="$(brew --prefix llvm)/bin/clang++" \
   -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld"

cmake --build build_fuzz -j$(sysctl -n hw.ncpu)
FUZZ=process_message build_fuzz/bin/fuzz qa-assets/fuzz_corpora/process_message/

Relevant log output

How did you obtain Bitcoin Core

Compiled from source

What version of Bitcoin Core are you using?

master @83a9e55ae1

Operating system and version

MacOS 15.3.1

Machine specifications

No response

Prabhat1308 commented at 9:08 AM on March 18, 2025: contributor

I tried running with the

ASAN_OPTIONS=detect_container_overflow=0 FUZZ=process_message build_fuzz/bin/fuzz qa-assets/fuzz_corpora/process_message/

It crashes with the following log

INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 917199606
INFO: Loaded 1 modules   (1252320 inline 8-bit counters): 1252320 [0x109024000, 0x109155be0), 
INFO: Loaded 1 PC tables (1252320 PCs): 1252320 [0x109155be0,0x10a4719e0), 
INFO:     4126 files found in qa-assets/fuzz_corpora/process_message/
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 981836 bytes
INFO: seed corpus: files: 4126 min: 1b max: 981836b total: 141648651b rss: 195Mb
libc++abi: terminating due to uncaught exception of type std::__1::ios_base::failure: DataStream::read(): end of data: unspecified iostream_category error
==36931== ERROR: libFuzzer: deadly signal
    [#0](/bitcoin-bitcoin/0/) 0x00010c34d248 in __sanitizer_print_stack_trace+0x28 (libclang_rt.asan_osx_dynamic.dylib:arm64+0x5d248)
    [#1](/bitcoin-bitcoin/1/) 0x00010861d0a4 in fuzzer::PrintStackTrace()+0x2c (fuzz:arm64+0x1037950a4)
    [#2](/bitcoin-bitcoin/2/) 0x000108610a58 in fuzzer::Fuzzer::CrashCallback()+0x54 (fuzz:arm64+0x103788a58)
    [#3](/bitcoin-bitcoin/3/) 0x00018d226de0 in _sigtramp+0x34 (libsystem_platform.dylib:arm64+0x3de0)
    [#4](/bitcoin-bitcoin/4/) 0x9e2380018d1eff6c  (<unknown module>)
    [#5](/bitcoin-bitcoin/5/) 0xc23900018d0fc904  (<unknown module>)
    [#6](/bitcoin-bitcoin/6/) 0x493e80018d1a6448  (<unknown module>)
    [#7](/bitcoin-bitcoin/7/) 0x166a80018d194a20  (<unknown module>)
    [#8](/bitcoin-bitcoin/8/) 0xfc5480018ce3d3f0  (<unknown module>)
    [#9](/bitcoin-bitcoin/9/) 0x135b80018d1a570c  (<unknown module>)
    [#10](/bitcoin-bitcoin/10/) 0xd05000018d1a8cd8  (<unknown module>)
    [#11](/bitcoin-bitcoin/11/) 0x633f80018d1a8c80  (<unknown module>)
    [#12](/bitcoin-bitcoin/12/) 0x9a7e0001050aac24  (<unknown module>)
    [#13](/bitcoin-bitcoin/13/) 0x0001050bf008 in unsigned long long ReadCompactSize<DataStream>(DataStream&, bool)+0x110 (fuzz:arm64+0x100237008)
    [#14](/bitcoin-bitcoin/14/) 0x000107720fbc in void VectorFormatter<DefaultFormatter>::Unser<DataStream, std::__1::vector<CInv, std::__1::allocator<CInv>>>(DataStream&, std::__1::vector<CInv, std::__1::allocator<CInv>>&)+0x1e8 (fuzz:arm64+0x102898fbc)
    [#15](/bitcoin-bitcoin/15/) 0x000107652d3c in (anonymous namespace)::PeerManagerImpl::ProcessMessage(CNode&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, DataStream&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000l>>, std::__1::atomic<bool> const&)+0x3cb4 (fuzz:arm64+0x1027cad3c)
    [#16](/bitcoin-bitcoin/16/) 0x00010767f794 in (anonymous namespace)::PeerManagerImpl::ProcessMessages(CNode*, std::__1::atomic<bool>&)+0x24b0 (fuzz:arm64+0x1027f7794)
    [#17](/bitcoin-bitcoin/17/) 0x000105647fa0 in process_message_fuzz_target(std::__1::span<unsigned char const, 18446744073709551615ul>)+0xaf8 (fuzz:arm64+0x1007bffa0)
    [#18](/bitcoin-bitcoin/18/) 0x000105b366ec in LLVMFuzzerTestOneInput+0x198 (fuzz:arm64+0x100cae6ec)
    [#19](/bitcoin-bitcoin/19/) 0x000108612004 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)+0x12c (fuzz:arm64+0x10378a004)
    [#20](/bitcoin-bitcoin/20/) 0x000108611884 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*)+0x3c (fuzz:arm64+0x103789884)
    [#21](/bitcoin-bitcoin/21/) 0x0001086133c4 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>&)+0x470 (fuzz:arm64+0x10378b3c4)
    [#22](/bitcoin-bitcoin/22/) 0x0001086137fc in fuzzer::Fuzzer::Loop(std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>&)+0x98 (fuzz:arm64+0x10378b7fc)
    [#23](/bitcoin-bitcoin/23/) 0x00010860a1b4 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1dd0 (fuzz:arm64+0x1037821b4)
    [#24](/bitcoin-bitcoin/24/) 0x00010861daa8 in main+0x24 (fuzz:arm64+0x103795aa8)
    [#25](/bitcoin-bitcoin/25/) 0x00018ce70270  (<unknown module>)
    [#26](/bitcoin-bitcoin/26/) 0x475cfffffffffffc  (<unknown module>)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 0 ; base unit: 0000000000000000000000000000000000000000
0x67,0x65,0x74,0x64,0x61,0x74,0x61,0x0,0x0,0x0,0x0,0x0,0x0,0x80,0x91,0x28,0x67,0x1,0x5c,0x9,0x5c,0x78,0x1,0x0,0x5e,0x78,0xc0,0x87,0x27,0xd8,0x9c,0xff,0xff,0xff,0xff,0x0,0xff,0xff,0x0,0x47,0x8b,0x0,0x82,0x7d,0x8b,0x7d,0x82,0x7d,0x82,0x1,0x0,0x0,0x0,0xa1,0x7d,0x82,0x7d,0xff,0xff,0xe9,0x7d,0x0,0x8b,0x8b,0x0,0x82,0xff,0xff,0x7d,0x7e,0x7d,0x82,0x1,0x0,0x0,0x0,0x73,0x65,0x6e,0x64,0x61,0x64,0x64,0x1c,0x0,0xb5,
getdata\000\000\000\000\000\000\200\221(g\001\\\011\\x\001\000^x\300\207'\330\234\377\377\377\377\000\377\377\000G\213\000\202}\213}\202}\202\001\000\000\000\241}\202}\377\377\351}\000\213\213\000\202\377\377}~}\202\001\000\000\000sendadd\034\000\265
artifact_prefix='./'; Test unit written to ./crash-88926609e7277110e77b9c19c108b9df4835d6e7
Base64: Z2V0ZGF0YQAAAAAAAICRKGcBXAlceAEAXnjAhyfYnP////8A//8AR4sAgn2LfYJ9ggEAAAChfYJ9///pfQCLiwCC//99fn2CAQAAAHNlbmRhZGQcALU=

however this seems to be specific to process_message target only . when I run it with tx_package_eval this works fine.

ASAN_OPTIONS=detect_container_overflow=0 FUZZ=tx_package_eval build_fuzz/bin/fuzz  qa-assets/fuzz_corpora/tx_package_eval

INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1122799189
INFO: Loaded 1 modules   (1252320 inline 8-bit counters): 1252320 [0x106cdc000, 0x106e0dbe0), 
INFO: Loaded 1 PC tables (1252320 PCs): 1252320 [0x106e0dbe0,0x1081299e0), 
INFO:     2435 files found in qa-assets/fuzz_corpora/tx_package_eval
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 999203 bytes
INFO: seed corpus: files: 2435 min: 1b max: 999203b total: 112736936b rss: 192Mb
[#1024](/bitcoin-bitcoin/1024/)   pulse  cov: 12171 ft: 64557 corp: 629/83Kb exec/s: 256 rss: 286Mb

brunoerg commented at 1:03 PM on March 18, 2025: contributor

I could reproduce it following the same steps on MacOS 14.3

FUZZ=process_message build_fuzz/bin/fuzz qa-assets/fuzz_corpora/process_message/
fuzz(56832,0x1e31a5c40) malloc: nano zone abandoned due to inability to reserve vm space.
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2192399851
INFO: Loaded 1 modules   (1252322 inline 8-bit counters): 1252322 [0x104c38000, 0x104d69be2),
INFO: Loaded 1 PC tables (1252322 PCs): 1252322 [0x104d69be8,0x106085a08),
=================================================================
==56832==ERROR: AddressSanitizer: container-overflow on address 0x60800002ca68 at pc 0x000100adcef4 bp 0x00016f36aa20 sp 0x00016f36aa18
WRITE of size 8 at 0x60800002ca68 thread T0
    [#0](/bitcoin-bitcoin/0/) 0x000100adcef0 in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::__init_copy_ctor_external(char const*, unsigned long)+0x1c4 (fuzz:arm64+0x100048ef0)
    [#1](/bitcoin-bitcoin/1/) 0x00010421b5bc in fuzzer::ListFilesInDirRecursive(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, long*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>*, bool)+0x26c (fuzz:arm64+0x1037875bc)
    [#2](/bitcoin-bitcoin/2/) 0x00010421a884 in fuzzer::GetSizedFilesFromDir(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>*)+0x2c (fuzz:arm64+0x103786884)
    [#3](/bitcoin-bitcoin/3/) 0x0001042163fc in fuzzer::ReadCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&)+0x4c (fuzz:arm64+0x1037823fc)
    [#4](/bitcoin-bitcoin/4/) 0x000104216264 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1dbc (fuzz:arm64+0x103782264)
    [#5](/bitcoin-bitcoin/5/) 0x000104229b6c in main+0x24 (fuzz:arm64+0x103795b6c)
    [#6](/bitcoin-bitcoin/6/) 0x00018c5590dc  (<unknown module>)
    [#7](/bitcoin-bitcoin/7/) 0x9f697ffffffffffc  (<unknown module>)

For reference: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow#false-positives

maflcko added the label macOS on Mar 18, 2025
maflcko added the label Tests on Mar 18, 2025
maflcko added the label Upstream on Mar 18, 2025
maflcko commented at 1:08 PM on March 18, 2025: member

I presume the libfuzzer-nosan preset works fine?

Prabhat1308 commented at 1:16 PM on March 18, 2025: contributor

I presume the libfuzzer-nosan preset works fine?

Works fine. I do get these warning though on the start of the run .

WARNING: Failed to find function "__sanitizer_acquire_crash_state". Reason dlsym(RTLD_DEFAULT, __sanitizer_acquire_crash_state): symbol not found.
WARNING: Failed to find function "__sanitizer_print_stack_trace". Reason dlsym(RTLD_DEFAULT, __sanitizer_print_stack_trace): symbol not found.
WARNING: Failed to find function "__sanitizer_set_death_callback". Reason dlsym(RTLD_DEFAULT, __sanitizer_set_death_callback): symbol not found.

brunoerg commented at 10:51 PM on March 18, 2025: contributor

Worth adding this "false positive" information to the documentation?
maflcko commented at 7:35 PM on March 19, 2025: member

libc++abi: terminating due to uncaught exception of type std::__1::ios_base::failure: DataStream::read(): end of data: unspecified iostream_category error

This looks like an upstream packaging bug or asan bug on your platform, given that it passes fine when asan is disabled on your platform.
maflcko commented at 7:24 AM on March 27, 2025: member

Does the issue happen with all clang versions from brew? (clang-16 to clang-20)?

Does the issue happen when compiling clang from source?

Prabhat1308 commented at 10:10 AM on March 27, 2025: contributor

I suspect this issue is because of the -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld" flag.

Other than my default llvm19 , I used llvm@18 downloaded via brew which comes with clang 18 I used 2 different configs

make --preset=libfuzzer \                                                                                                       
    -DCMAKE_C_COMPILER="$(brew --prefix llvm@18)/bin/clang" \
    -DCMAKE_CXX_COMPILER="$(brew --prefix llvm@18)/bin/clang++" \
    -DAPPEND_LDFLAGS="-Wl,-no_warn_duplicate_libraries" \
    -DCMAKE_EXE_LINKER_FLAGS="$LDFLAGS"

<details> <summary> Output </summary>


/opt/homebrew/opt/llvm@18/bin/../include/c++/v1/variant:495:12: runtime error: call to function decltype(auto) std::__1::__variant_detail::__visitation::__base::__dispatcher<0ul, 0ul>::__dispatch[abi:ne180100]<void std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>::__generic_construct[abi:ne180100]<std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>>(std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>&, std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&&)::'lambda'(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&, auto&&)&&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&>(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&) through pointer to incorrect function type 'void (*)((lambda at /opt/homebrew/opt/llvm@18/bin/../include/c++/v1/variant:814:11) &&, std::__variant_detail::__base<std::__variant_detail::_Trait::_Available, RPCArg::Optional, std::string, UniValue> &, std::__variant_detail::__base<std::__variant_detail::_Trait::_Available, RPCArg::Optional, std::string, UniValue> &&)'
variant:532: note: decltype(auto) std::__1::__variant_detail::__visitation::__base::__dispatcher<0ul, 0ul>::__dispatch[abi:ne180100]<void std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>::__generic_construct[abi:ne180100]<std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>>(std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>&, std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&&)::'lambda'(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&, auto&&)&&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&>(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&) defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /opt/homebrew/opt/llvm@18/bin/../include/c++/v1/variant:495:12 
/Users/prabhatverma/projects/bitcoin/src/rpc/server.h:100:15: runtime error: call to function getblockchaininfo() through pointer to incorrect function type 'RPCHelpMan (*)()'
blockchain.cpp:1291: note: getblockchaininfo() defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/prabhatverma/projects/bitcoin/src/rpc/server.h:100:15 
/Users/prabhatverma/projects/bitcoin/src/rpc/server.h:102:15: runtime error: call to function getblockchaininfo() through pointer to incorrect function type 'RPCHelpMan (*)()'
blockchain.cpp:1291: note: getblockchaininfo() defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/prabhatverma/projects/bitcoin/src/rpc/server.h:102:15 
/Users/prabhatverma/projects/bitcoin/src/tinyformat.h:544:13: runtime error: call to function void tinyformat::detail::FormatArg::formatImpl<char [13]>(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, char const*, char const*, int, void const*) through pointer to incorrect function type 'void (*)(std::ostream &, const char *, const char *, int, const void *)'
tinyformat.h:558: note: void tinyformat::detail::FormatArg::formatImpl<char [13]>(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, char const*, char const*, int, void const*) defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/prabhatverma/projects/bitcoin/src/tinyformat.h:544:13 
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1206976568
INFO: Loaded 1 modules   (1257184 inline 8-bit counters): 1257184 [0x103ed4a48, 0x104007928), 
INFO: Loaded 1 PC tables (1257184 PCs): 1257184 [0x104007928,0x105336728), 
INFO:     4374 files found in qa-assets/fuzz_corpora/process_message/
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 981836 bytes
INFO: seed corpus: files: 4374 min: 1b max: 981836b total: 152590538b rss: 195Mb
[#2048](/bitcoin-bitcoin/2048/)   pulse  cov: 14987 ft: 33197 corp: 969/143Kb exec/s: 1024 rss: 435Mb
[#4096](/bitcoin-bitcoin/4096/)   pulse  cov: 17387 ft: 57266 corp: 1814/795Kb exec/s: 1024 rss: 435Mb
^C==35105== libFuzzer: run interrupted; exiting

</details>

This is what the initial response was before this PR where the exe flag was added .

Using the new config with llvm@18

cmake --preset=libfuzzer \
    -DCMAKE_C_COMPILER="$(brew --prefix llvm@18)/bin/clang" \
    -DCMAKE_CXX_COMPILER="$(brew --prefix llvm@18)/bin/clang++" \
    -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld"

<details> <summary>Output</summary>


/opt/homebrew/opt/llvm@18/bin/../include/c++/v1/variant:495:12: runtime error: call to function decltype(auto) std::__1::__variant_detail::__visitation::__base::__dispatcher<0ul, 0ul>::__dispatch[abi:ne180100]<void std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>::__generic_construct[abi:ne180100]<std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>>(std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>&, std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&&)::'lambda'(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&, auto&&)&&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&>(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&) through pointer to incorrect function type 'void (*)((lambda at /opt/homebrew/opt/llvm@18/bin/../include/c++/v1/variant:814:11) &&, std::__variant_detail::__base<std::__variant_detail::_Trait::_Available, RPCArg::Optional, std::string, UniValue> &, std::__variant_detail::__base<std::__variant_detail::_Trait::_Available, RPCArg::Optional, std::string, UniValue> &&)'
(fuzz:arm64+0x101536194): note: decltype(auto) std::__1::__variant_detail::__visitation::__base::__dispatcher<0ul, 0ul>::__dispatch[abi:ne180100]<void std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>::__generic_construct[abi:ne180100]<std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>>(std::__1::__variant_detail::__ctor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>>&, std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&&)::'lambda'(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>&, auto&&)&&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&>(std::__1::__variant_detail::__move_constructor<std::__1::__variant_detail::__traits<RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>, (std::__1::__variant_detail::_Trait)1>, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&, std::__1::__variant_detail::__base<(std::__1::__variant_detail::_Trait)1, RPCArg::Optional, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, UniValue>&&) defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /opt/homebrew/opt/llvm@18/bin/../include/c++/v1/variant:495:12 
/Users/prabhatverma/projects/bitcoin/src/rpc/server.h:100:15: runtime error: call to function getblockchaininfo() through pointer to incorrect function type 'RPCHelpMan (*)()'
(fuzz:arm64+0x1020d8d8c): note: getblockchaininfo() defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/prabhatverma/projects/bitcoin/src/rpc/server.h:100:15 
/Users/prabhatverma/projects/bitcoin/src/rpc/server.h:102:15: runtime error: call to function getblockchaininfo() through pointer to incorrect function type 'RPCHelpMan (*)()'
(fuzz:arm64+0x1020d8d8c): note: getblockchaininfo() defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/prabhatverma/projects/bitcoin/src/rpc/server.h:102:15 
/Users/prabhatverma/projects/bitcoin/src/tinyformat.h:544:13: runtime error: call to function void tinyformat::detail::FormatArg::formatImpl<char [13]>(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, char const*, char const*, int, void const*) through pointer to incorrect function type 'void (*)(std::ostream &, const char *, const char *, int, const void *)'
(fuzz:arm64+0x100b9c7cc): note: void tinyformat::detail::FormatArg::formatImpl<char [13]>(std::__1::basic_ostream<char, std::__1::char_traits<char>>&, char const*, char const*, int, void const*) defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/prabhatverma/projects/bitcoin/src/tinyformat.h:544:13 
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1461236862
INFO: Loaded 1 modules   (1257184 inline 8-bit counters): 1257184 [0x107780000, 0x1078b2ee0), 
INFO: Loaded 1 PC tables (1257184 PCs): 1257184 [0x1078b2ee0,0x108be1ce0), 
=================================================================
==41097==ERROR: AddressSanitizer: container-overflow on address 0x60800002c268 at pc 0x000104784be4 bp 0x00016b6c2710 sp 0x00016b6c2708
WRITE of size 8 at 0x60800002c268 thread T0
    [#0](/bitcoin-bitcoin/0/) 0x104784be0 in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::__init_copy_ctor_external(char const*, unsigned long)+0x2b4 (fuzz:arm64+0x100048be0)
    [#1](/bitcoin-bitcoin/1/) 0x106ed8d2c in fuzzer::ListFilesInDirRecursive(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, long*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>*, bool)+0x21c (fuzz:arm64+0x10279cd2c)
    [#2](/bitcoin-bitcoin/2/) 0x106ed80dc in fuzzer::GetSizedFilesFromDir(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>*)+0x2c (fuzz:arm64+0x10279c0dc)
    [#3](/bitcoin-bitcoin/3/) 0x106ed3848 in fuzzer::ReadCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&)+0x4c (fuzz:arm64+0x102797848)
    [#4](/bitcoin-bitcoin/4/) 0x106ed36b0 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1c80 (fuzz:arm64+0x1027976b0)
    [#5](/bitcoin-bitcoin/5/) 0x106ee7848 in main+0x24 (fuzz:arm64+0x1027ab848)
    [#6](/bitcoin-bitcoin/6/) 0x18ce70270  (<unknown module>)
    [#7](/bitcoin-bitcoin/7/) 0x1a2c7ffffffffffc  (<unknown module>)

0x60800002c268 is located 72 bytes inside of 96-byte region [0x60800002c220,0x60800002c280)
allocated by thread T0 here:
    [#0](/bitcoin-bitcoin/0/) 0x10a7ececc in _Znwm+0x6c (libclang_rt.asan_osx_dynamic.dylib:arm64+0x60ecc)
    [#1](/bitcoin-bitcoin/1/) 0x104cad68c in std::__1::__split_buffer<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>&)+0xf0 (fuzz:arm64+0x10057168c)
    [#2](/bitcoin-bitcoin/2/) 0x104f26814 in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>* std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>::__push_back_slow_path<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&>(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&)+0x230 (fuzz:arm64+0x1007ea814)
    [#3](/bitcoin-bitcoin/3/) 0x106ed8cb8 in fuzzer::ListFilesInDirRecursive(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, long*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>>*, bool)+0x1a8 (fuzz:arm64+0x10279ccb8)
    [#4](/bitcoin-bitcoin/4/) 0x106ed80dc in fuzzer::GetSizedFilesFromDir(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&, std::__1::vector<fuzzer::SizedFile, std::__1::allocator<fuzzer::SizedFile>>*)+0x2c (fuzz:arm64+0x10279c0dc)
    [#5](/bitcoin-bitcoin/5/) 0x106ed3848 in fuzzer::ReadCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>>> const&)+0x4c (fuzz:arm64+0x102797848)
    [#6](/bitcoin-bitcoin/6/) 0x106ed36b0 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1c80 (fuzz:arm64+0x1027976b0)
    [#7](/bitcoin-bitcoin/7/) 0x106ee7848 in main+0x24 (fuzz:arm64+0x1027ab848)
    [#8](/bitcoin-bitcoin/8/) 0x18ce70270  (<unknown module>)
    [#9](/bitcoin-bitcoin/9/) 0x1a2c7ffffffffffc  (<unknown module>)

HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_container_overflow=0.
If you suspect a false positive see also: https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow.
SUMMARY: AddressSanitizer: container-overflow (fuzz:arm64+0x100048be0) in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::__init_copy_ctor_external(char const*, unsigned long)+0x2b4
Shadow bytes around the buggy address:
  0x60800002bf80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x60800002c000: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c080: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x60800002c100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c180: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
=>0x60800002c200: fa fa fa fa 00 00 00 00 00 00 00 00 00[fc]fc fc
  0x60800002c280: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c300: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x60800002c380: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x60800002c400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x60800002c480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==41097==ABORTING
[2]    41097 abort      FUZZ=process_message build_fuzz/bin/fuzz

</details>

Although not completely sure if this is the right config since runtime errors still appears but the bug is introduced in llvm18 also because of this.

Can reproduce this with llvm16 too using

cmake --preset=libfuzzer \                                                                                                 
    -DCMAKE_C_COMPILER="$(brew --prefix llvm@16)/bin/clang" \
    -DCMAKE_CXX_COMPILER="$(brew --prefix llvm@16)/bin/clang++" \
    -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=lld"

Crypt-iQ commented at 5:18 PM on April 2, 2025: contributor
I was able to run the fuzz tests with sanitizers + corpus on macOS 15.4 with the following:
```
cmake -B build -DCMAKE_C_COMPILER="clang" -DCMAKE_CXX_COMPILER="clang++" -DBUILD_FOR_FUZZING=ON -DSANITIZERS="undefined,address,fuzzer"
cmake --build build -j8
FUZZ=process_message build/bin/fuzz process-message-corpus
```
I did get some ubsan errors before it started fuzzing, but then it worked smoothly after that. My clang is aliased to brew-installed clang and I didn't need to use -fuse-ld=lld.
Prabhat1308 commented at 5:34 PM on April 2, 2025: contributor

I was able to run the fuzz tests with sanitizers + corpus on macOS 15.4 with the following:

cmake -B build -DCMAKE_C_COMPILER="clang" -DCMAKE_CXX_COMPILER="clang++" -DBUILD_FOR_FUZZING=ON -DSANITIZERS="undefined,address,fuzzer" cmake --build build -j8 FUZZ=process_message build/bin/fuzz process-message-corpus I did get some ubsan errors before it started fuzzing, but then it worked smoothly after that. My clang is aliased to brew-installed clang and I didn't need to use -fuse-ld=lld.

I am running on macOS with 15.3.1 and running your command I get linker error while building. Can you share more about your clang versions and other dependencies ?

Crypt-iQ commented at 5:55 PM on April 2, 2025: contributor

I am running on macOS with 15.3.1 and running your command I get linker error while building. Can you share more about your clang versions and other dependencies ?

I'm using clang 18.1.8, what linker errors are you getting?

<details> <summary>Output of the `cmake -B build` step </summary> <br>

eugenesiegel@Eugenes-MacBook-Air-2 bitcoin % cmake -B build -DCMAKE_C_COMPILER="clang" -DCMAKE_CXX_COMPILER="clang++" -DBUILD_FOR_FUZZING=ON -DSANITIZERS="undefined,address,fuzzer"
CMake Warning at CMakeLists.txt:216 (message):
  BUILD_FOR_FUZZING=ON will disable all other targets and force
  BUILD_FUZZ_BINARY=ON.


-- Performing Test CXX_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK
-- Performing Test CXX_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK - Success
-- Performing Test LINKER_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK_6231
-- Performing Test LINKER_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK_6231 - Success
-- Could NOT find Python3 (missing: Python3_EXECUTABLE Interpreter) (Required is at least version "3.10")
    Reason given by package: 
        Interpreter: Wrong version for the interpreter "/usr/bin/python3"

-- Could NOT find Doxygen (missing: DOXYGEN_EXECUTABLE dot) 

Configuring secp256k1 subtree...
-- Could NOT find Valgrind (missing: Valgrind_INCLUDE_DIR Valgrind_WORKS) 


secp256k1 configure summary
===========================
Build artifacts:
  library type ........................ Static
Optional modules:
  ECDH ................................ OFF
  ECDSA pubkey recovery ............... ON
  extrakeys ........................... ON
  schnorrsig .......................... ON
  musig ............................... OFF
  ElligatorSwift ...................... ON
Parameters:
  ecmult window size .................. 15
  ecmult gen table size ............... 86 KiB
Optional features:
  assembly ............................ OFF
  external callbacks .................. OFF
Optional binaries:
  benchmark ........................... OFF
  noverify_tests ...................... OFF
  tests ............................... OFF
  exhaustive tests .................... OFF
  ctime_tests ......................... OFF
  examples ............................ OFF

Cross compiling ....................... FALSE
Valgrind .............................. OFF
Preprocessor defined macros ........... ENABLE_MODULE_ELLSWIFT=1 ENABLE_MODULE_SCHNORRSIG=1 ENABLE_MODULE_EXTRAKEYS=1 ENABLE_MODULE_RECOVERY=1 ECMULT_WINDOW_SIZE=15 COMB_BLOCKS=43 COMB_TEETH=6
C compiler ............................ Clang 18.1.8, /opt/homebrew/Cellar/llvm@18/18.1.8/bin/clang
CFLAGS ................................ 
Compile options ....................... -pedantic -Wall -Wcast-align -Wconditional-uninitialized -Wextra -Wnested-externs -Wno-long-long -Wno-overlength-strings -Wno-unused-function -Wreserved-identifier -Wshadow -Wstrict-prototypes -Wundef
Build type:
 - CMAKE_BUILD_TYPE ................... RelWithDebInfo
 - CFLAGS ............................. -O2 -g 
 - LDFLAGS for executables ............ 
 - LDFLAGS for shared libraries ....... 
SECP256K1_APPEND_CFLAGS ............... -fsanitize=undefined,address,fuzzer-no-link
SECP256K1_APPEND_LDFLAGS .............. -fsanitize=undefined,address,fuzzer-no-link



Configure summary
=================
Executables:
  bitcoind ............................ OFF
  bitcoin-node (multiprocess) ......... OFF
  bitcoin-qt (GUI) .................... OFF
  bitcoin-gui (GUI, multiprocess) ..... OFF
  bitcoin-cli ......................... OFF
  bitcoin-tx .......................... OFF
  bitcoin-util ........................ OFF
  bitcoin-wallet ...................... OFF
  bitcoin-chainstate (experimental) ... OFF
  libbitcoinkernel (experimental) ..... OFF
Optional features:
  wallet support ...................... ON
   - legacy wallets (Berkeley DB) ..... OFF
  external signer ..................... OFF
  ZeroMQ .............................. OFF
  USDT tracing ........................ OFF
  QR code (GUI) ....................... OFF
  DBus (GUI, Linux only) .............. OFF
Tests:
  test_bitcoin ........................ OFF
  test_bitcoin-qt ..................... OFF
  bench_bitcoin ....................... OFF
  fuzz binary ......................... ON

Cross compiling ....................... FALSE
C++ compiler .......................... Clang 18.1.8, /opt/homebrew/Cellar/llvm@18/18.1.8/bin/clang++
CMAKE_BUILD_TYPE ...................... RelWithDebInfo
Preprocessor defined macros ........... FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION OBJC_OLD_DISPATCH_PROTOTYPES=0
C++ compiler flags .................... -O2 -g -std=c++20 -fPIC -fdebug-prefix-map=/Users/eugenesiegel/btc/bitcoin/src=. -fmacro-prefix-map=/Users/eugenesiegel/btc/bitcoin/src=. -fsanitize=undefined,address,fuzzer-no-link -Wall -Wextra -Wgnu -Wformat -Wformat-security -Wvla -Wshadow-field -Wthread-safety -Wloop-analysis -Wredundant-decls -Wunused-member-function -Wdate-time -Wconditional-uninitialized -Woverloaded-virtual -Wsuggest-override -Wimplicit-fallthrough -Wunreachable-code -Wdocumentation -Wself-assign -Wundef -Wno-unused-parameter -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -Wstack-protector -fstack-protector-all -mbranch-protection=bti
Linker flags .......................... -O2 -g -Wl,-dead_strip -Wl,-dead_strip_dylibs -Wl,-headerpad_max_install_names -fsanitize=undefined,address,fuzzer-no-link -fstack-protector-all -Wl,-fixup_chains -fPIE -Xlinker -pie

NOTE: The summary above may not exactly match the final applied build flags
      if any additional CMAKE_* or environment variables have been modified.
      To see the exact flags applied, build with the --verbose option.

Attempt to harden executables ......... ON
Treat compiler warnings as errors ..... OFF
Use ccache for compiling .............. OFF


  ******

CMake Warning at CMakeLists.txt:702 (message):
  Minimum required Python not found.  Utils and rpcauth tests are disabled.


  ******

-- Configuring done (0.6s)
-- Generating done (0.1s)
-- Build files have been written to: /Users/eugenesiegel/btc/bitcoin/build

</details>

Prabhat1308 commented at 6:02 PM on April 2, 2025: contributor

I am running on macOS with 15.3.1 and running your command I get linker error while building. Can you share more about your clang versions and other dependencies ?

I'm using clang 18.1.8, what linker errors are you getting?

Output of the cmake -B build step

The error is when I run cmake --build build -j$(sysctl -n hw.ncpu)

<details> <summary>Output</summary>

[  0%] Building CXX object src/crypto/CMakeFiles/bitcoin_crypto.dir/aes.cpp.o
...
...
...
[100%] Linking CXX executable ../../../bin/fuzz
ld: warning: ignoring duplicate libraries: '-lc++', '../../../lib/libbitcoin_common.a', '../../../lib/libbitcoin_util.a', '../../libleveldb.a', '../../libminisketch.a', '../../secp256k1/lib/libsecp256k1.a', '../../univalue/libunivalue.a'
ld: multiple errors: invalid r_symbolnum=1 in '/Users/prabhatverma/projects/bitcoin/build/src/test/fuzz/CMakeFiles/fuzz.dir/overflow.cpp.o'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_cli.a[2](stdin.cpp.o)'; invalid r_symbolnum=1 in '../../libcrc32c.a[4](crc32c_arm64.cc.o)'; invalid r_symbolnum=1 in '../../libcrc32c.a[3](crc32c_portable.cc.o)'; invalid r_symbolnum=1 in '../../libcrc32c.a[2](crc32c.cc.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_consensus.a[11](script_error.cpp.o)'; invalid r_symbolnum=18 in '../../../lib/libbitcoin_crypto.a[19](sha256_arm_shani.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_crypto.a[15](sha3.cpp.o)'; invalid r_symbolnum=1 in '../../libleveldb.a[37](logging.cc.o)'; invalid r_symbolnum=1 in '../../libleveldb.a[35](hash.cc.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_crypto.a[10](poly1305.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_crypto.a[5](hex_base.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[29](randomenv.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libtest_util.a[13](str.cpp.o)'; invalid r_symbolnum=1 in '../../libleveldb.a[31](crc32c.cc.o)'; invalid r_symbolnum=1 in '../../libleveldb.a[27](bloom.cc.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_consensus.a[5](hash.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[27](logging.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[24](threadnames.cpp.o)'; invalid r_symbolnum=1 in '../../libleveldb.a[8](filename.cc.o)'; invalid r_symbolnum=1 in '../../../lib/libtest_util.a[5](index.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[16](serfloat.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libtest_util.a[3](coins.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[15](readwritefile.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[14](rbf.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[48](parsing.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[9](feefrac.cpp.o)'; invalid r_symbolnum=1 in '../../libleveldb.a[2](builder.cc.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_util.a[6](chaintype.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[43](request.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[39](pow.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[85](torcontrol.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[31](merkleblock.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[25](deploymentinfo.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[22](compressor.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[21](url.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_common.a[17](run_command.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[64](fees_args.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[53](peerman_args.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[50](miner.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[49](mempool_persist_args.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[42](database_args.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[40](connection_types.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[39](coins_view_args.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[38](coin.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[37](chainstatemanager_args.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[35](caches.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[33](blockmanager_args.cpp.o)'; invalid r_symbolnum=3 in '../../../lib/libbitcoin_node.a[30](net_processing.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[27](mempool_removal_reason.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[22](checks.cpp.o)'; invalid r_symbolnum=1 in '../../../lib/libbitcoin_node.a[21](chain.cpp.o)'
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [bin/fuzz] Error 1
make[1]: *** [src/test/fuzz/CMakeFiles/fuzz.dir/all] Error 2
make: *** [all] Error 2

</details>

Crypt-iQ commented at 1:29 PM on April 3, 2025: contributor

What version of ld are you using?
Prabhat1308 commented at 3:08 PM on April 3, 2025: contributor

What version of ld are you using?

16.0.0
Crypt-iQ commented at 3:43 PM on April 3, 2025: contributor

16.0.0

This matches my ld -- can you share the output of the configure step when running the above command?

Prabhat1308 commented at 3:49 PM on April 3, 2025: contributor

Running

cmake -B build -DCMAKE_C_COMPILER="clang" -DCMAKE_CXX_COMPILER="clang++" -DBUILD_FOR_FUZZING=ON -DSANITIZERS="undefined,address,fuzzer"

<details> <summary>Output</summary>


-- The CXX compiler identification is Clang 19.1.7
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /opt/homebrew/opt/llvm/bin/clang++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Setting build type to "RelWithDebInfo" as none was specified
-- Performing Test CXX_SUPPORTS__WERROR
-- Performing Test CXX_SUPPORTS__WERROR - Success
-- Performing Test CXX_SUPPORTS__G3
-- Performing Test CXX_SUPPORTS__G3 - Success
-- Performing Test LINKER_SUPPORTS__G3
-- Performing Test LINKER_SUPPORTS__G3 - Success
-- Performing Test CXX_SUPPORTS__FTRAPV
-- Performing Test CXX_SUPPORTS__FTRAPV - Success
-- Performing Test LINKER_SUPPORTS__FTRAPV
-- Performing Test LINKER_SUPPORTS__FTRAPV - Success
-- Found SQLite3: /Library/Developer/CommandLineTools/SDKs/MacOSX15.2.sdk/usr/include (found suitable version "3.43.2", minimum required is "3.7.17")
CMake Warning at CMakeLists.txt:216 (message):
  BUILD_FOR_FUZZING=ON will disable all other targets and force
  BUILD_FUZZ_BINARY=ON.


-- Performing Test LINKER_SUPPORTS__WL__FATAL_WARNINGS
-- Performing Test LINKER_SUPPORTS__WL__FATAL_WARNINGS - Success
-- Performing Test LINKER_SUPPORTS__WL__DEAD_STRIP
-- Performing Test LINKER_SUPPORTS__WL__DEAD_STRIP - Success
-- Performing Test LINKER_SUPPORTS__WL__DEAD_STRIP_DYLIBS
-- Performing Test LINKER_SUPPORTS__WL__DEAD_STRIP_DYLIBS - Success
-- Performing Test LINKER_SUPPORTS__WL__HEADERPAD_MAX_INSTALL_NAMES
-- Performing Test LINKER_SUPPORTS__WL__HEADERPAD_MAX_INSTALL_NAMES - Success
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD
-- Performing Test CMAKE_HAVE_LIBC_PTHREAD - Success
-- Found Threads: TRUE
-- Performing Test CXX_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK
-- Performing Test CXX_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK - Success
-- Performing Test LINKER_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK_6231
-- Performing Test LINKER_SUPPORTS__FSANITIZE_UNDEFINED_ADDRESS_FUZZER_NO_LINK_6231 - Success
-- Performing Test FUZZ_BINARY_LINKS_WITHOUT_MAIN_FUNCTION
-- Performing Test FUZZ_BINARY_LINKS_WITHOUT_MAIN_FUNCTION - Success
-- Found Boost: /opt/homebrew/include (found suitable version "1.87.0", minimum required is "1.73.0")
-- Performing Test NO_DIAGNOSTICS_BOOST_NO_CXX98_FUNCTION_BASE
-- Performing Test NO_DIAGNOSTICS_BOOST_NO_CXX98_FUNCTION_BASE - Failed
-- Found PkgConfig: /opt/homebrew/bin/pkg-config (found version "2.3.0")
-- Found Libevent: /opt/homebrew/Cellar/libevent/2.1.12_1/lib (found suitable version "2.1.12-stable", minimum required is "2.1.8")
-- Performing Test HAVE_EVHTTP_CONNECTION_GET_PEER_CONST_CHAR
-- Performing Test HAVE_EVHTTP_CONNECTION_GET_PEER_CONST_CHAR - Failed
-- Looking for C++ include sys/prctl.h
-- Looking for C++ include sys/prctl.h - not found
-- Looking for C++ include sys/resources.h
-- Looking for C++ include sys/resources.h - not found
-- Looking for C++ include sys/vmmeter.h
-- Looking for C++ include sys/vmmeter.h - found
-- Looking for C++ include vm/vm_param.h
-- Looking for C++ include vm/vm_param.h - not found
-- Looking for O_CLOEXEC
-- Looking for O_CLOEXEC - found
-- Looking for fdatasync
-- Looking for fdatasync - not found
-- Looking for fork
-- Looking for fork - found
-- Looking for pipe2
-- Looking for pipe2 - not found
-- Looking for setsid
-- Looking for setsid - found
-- Looking for C++ include sys/types.h
-- Looking for C++ include sys/types.h - found
-- Looking for C++ include ifaddrs.h
-- Looking for C++ include ifaddrs.h - found
-- Performing Test IFADDR_LINKS_WITHOUT_LIBSOCKET
-- Performing Test IFADDR_LINKS_WITHOUT_LIBSOCKET - Success
-- Performing Test STD_ATOMIC_LINKS_WITHOUT_LIBATOMIC
-- Performing Test STD_ATOMIC_LINKS_WITHOUT_LIBATOMIC - Success
-- Looking for std::system
-- Looking for std::system - found
-- Looking for ::_wsystem
-- Looking for ::_wsystem - not found
-- Performing Test STRERROR_R_CHAR_P
-- Performing Test STRERROR_R_CHAR_P - Failed
-- Looking for malloc_info
-- Looking for malloc_info - not found
-- Performing Test HAVE_MALLOPT_ARENA_MAX
-- Performing Test HAVE_MALLOPT_ARENA_MAX - Failed
-- Performing Test HAVE_POSIX_FALLOCATE
-- Performing Test HAVE_POSIX_FALLOCATE - Failed
-- Performing Test HAVE_STRONG_GETAUXVAL
-- Performing Test HAVE_STRONG_GETAUXVAL - Failed
-- Performing Test HAVE_SOCKADDR_UN
-- Performing Test HAVE_SOCKADDR_UN - Success
-- Performing Test HAVE_GETRANDOM
-- Performing Test HAVE_GETRANDOM - Failed
-- Performing Test HAVE_GETENTROPY_RAND
-- Performing Test HAVE_GETENTROPY_RAND - Success
-- Performing Test HAVE_SYSCTL
-- Performing Test HAVE_SYSCTL - Success
-- Performing Test HAVE_SYSCTL_ARND
-- Performing Test HAVE_SYSCTL_ARND - Failed
-- Performing Test HAVE_SSE41
-- Performing Test HAVE_SSE41 - Failed
-- Performing Test HAVE_AVX2
-- Performing Test HAVE_AVX2 - Failed
-- Performing Test HAVE_X86_SHANI
-- Performing Test HAVE_X86_SHANI - Failed
-- Performing Test HAVE_ARM_SHANI
-- Performing Test HAVE_ARM_SHANI - Success
-- Performing Test CXX_SUPPORTS__WALL
-- Performing Test CXX_SUPPORTS__WALL - Success
-- Performing Test CXX_SUPPORTS__WEXTRA
-- Performing Test CXX_SUPPORTS__WEXTRA - Success
-- Performing Test CXX_SUPPORTS__WGNU
-- Performing Test CXX_SUPPORTS__WGNU - Success
-- Performing Test CXX_SUPPORTS__WFORMAT__WFORMAT_SECURITY
-- Performing Test CXX_SUPPORTS__WFORMAT__WFORMAT_SECURITY - Success
-- Performing Test CXX_SUPPORTS__WVLA
-- Performing Test CXX_SUPPORTS__WVLA - Success
-- Performing Test CXX_SUPPORTS__WSHADOW_FIELD
-- Performing Test CXX_SUPPORTS__WSHADOW_FIELD - Success
-- Performing Test CXX_SUPPORTS__WTHREAD_SAFETY
-- Performing Test CXX_SUPPORTS__WTHREAD_SAFETY - Success
-- Performing Test CXX_SUPPORTS__WLOOP_ANALYSIS
-- Performing Test CXX_SUPPORTS__WLOOP_ANALYSIS - Success
-- Performing Test CXX_SUPPORTS__WREDUNDANT_DECLS
-- Performing Test CXX_SUPPORTS__WREDUNDANT_DECLS - Success
-- Performing Test CXX_SUPPORTS__WUNUSED_MEMBER_FUNCTION
-- Performing Test CXX_SUPPORTS__WUNUSED_MEMBER_FUNCTION - Success
-- Performing Test CXX_SUPPORTS__WDATE_TIME
-- Performing Test CXX_SUPPORTS__WDATE_TIME - Success
-- Performing Test CXX_SUPPORTS__WCONDITIONAL_UNINITIALIZED
-- Performing Test CXX_SUPPORTS__WCONDITIONAL_UNINITIALIZED - Success
-- Performing Test CXX_SUPPORTS__WDUPLICATED_BRANCHES
-- Performing Test CXX_SUPPORTS__WDUPLICATED_BRANCHES - Failed
-- Performing Test CXX_SUPPORTS__WDUPLICATED_COND
-- Performing Test CXX_SUPPORTS__WDUPLICATED_COND - Failed
-- Performing Test CXX_SUPPORTS__WLOGICAL_OP
-- Performing Test CXX_SUPPORTS__WLOGICAL_OP - Failed
-- Performing Test CXX_SUPPORTS__WOVERLOADED_VIRTUAL
-- Performing Test CXX_SUPPORTS__WOVERLOADED_VIRTUAL - Success
-- Performing Test CXX_SUPPORTS__WSUGGEST_OVERRIDE
-- Performing Test CXX_SUPPORTS__WSUGGEST_OVERRIDE - Success
-- Performing Test CXX_SUPPORTS__WIMPLICIT_FALLTHROUGH
-- Performing Test CXX_SUPPORTS__WIMPLICIT_FALLTHROUGH - Success
-- Performing Test CXX_SUPPORTS__WUNREACHABLE_CODE
-- Performing Test CXX_SUPPORTS__WUNREACHABLE_CODE - Success
-- Performing Test CXX_SUPPORTS__WDOCUMENTATION
-- Performing Test CXX_SUPPORTS__WDOCUMENTATION - Success
-- Performing Test CXX_SUPPORTS__WSELF_ASSIGN
-- Performing Test CXX_SUPPORTS__WSELF_ASSIGN - Success
-- Performing Test CXX_SUPPORTS__WBIDI_CHARS_ANY
-- Performing Test CXX_SUPPORTS__WBIDI_CHARS_ANY - Failed
-- Performing Test CXX_SUPPORTS__WUNDEF
-- Performing Test CXX_SUPPORTS__WUNDEF - Success
-- Performing Test CXX_SUPPORTS__WUNUSED_PARAMETER
-- Performing Test CXX_SUPPORTS__WUNUSED_PARAMETER - Success
-- Performing Test CXX_SUPPORTS__FNO_EXTENDED_IDENTIFIERS
-- Performing Test CXX_SUPPORTS__FNO_EXTENDED_IDENTIFIERS - Failed
-- Performing Test CXX_SUPPORTS__FDEBUG_PREFIX_MAP_A_B
-- Performing Test CXX_SUPPORTS__FDEBUG_PREFIX_MAP_A_B - Success
-- Performing Test CXX_SUPPORTS__FMACRO_PREFIX_MAP_A_B
-- Performing Test CXX_SUPPORTS__FMACRO_PREFIX_MAP_A_B - Success
-- Performing Test CXX_SUPPORTS__FSTACK_REUSE_NONE
-- Performing Test CXX_SUPPORTS__FSTACK_REUSE_NONE - Failed
-- Performing Test CXX_SUPPORTS__U_FORTIFY_SOURCE__D_FORTIFY_SOURCE_3_cc10
-- Performing Test CXX_SUPPORTS__U_FORTIFY_SOURCE__D_FORTIFY_SOURCE_3_cc10 - Success
-- Performing Test LINKER_SUPPORTS__U_FORTIFY_SOURCE__D_FORTIFY_SOURCE_3_cc10
-- Performing Test LINKER_SUPPORTS__U_FORTIFY_SOURCE__D_FORTIFY_SOURCE_3_cc10 - Success
-- Performing Test CXX_SUPPORTS__WSTACK_PROTECTOR
-- Performing Test CXX_SUPPORTS__WSTACK_PROTECTOR - Success
-- Performing Test CXX_SUPPORTS__FSTACK_PROTECTOR_ALL
-- Performing Test CXX_SUPPORTS__FSTACK_PROTECTOR_ALL - Success
-- Performing Test LINKER_SUPPORTS__FSTACK_PROTECTOR_ALL
-- Performing Test LINKER_SUPPORTS__FSTACK_PROTECTOR_ALL - Success
-- Performing Test CXX_SUPPORTS__FCF_PROTECTION_FULL
-- Performing Test CXX_SUPPORTS__FCF_PROTECTION_FULL - Failed
-- Performing Test CXX_SUPPORTS__FSTACK_CLASH_PROTECTION
-- Performing Test CXX_SUPPORTS__FSTACK_CLASH_PROTECTION - Failed
-- Performing Test CXX_SUPPORTS__MBRANCH_PROTECTION_BTI
-- Performing Test CXX_SUPPORTS__MBRANCH_PROTECTION_BTI - Success
-- Performing Test LINKER_SUPPORTS__WL___ENABLE_RELOC_SECTION
-- Performing Test LINKER_SUPPORTS__WL___ENABLE_RELOC_SECTION - Failed
-- Performing Test LINKER_SUPPORTS__WL___DYNAMICBASE
-- Performing Test LINKER_SUPPORTS__WL___DYNAMICBASE - Failed
-- Performing Test LINKER_SUPPORTS__WL___NXCOMPAT
-- Performing Test LINKER_SUPPORTS__WL___NXCOMPAT - Failed
-- Performing Test LINKER_SUPPORTS__WL___HIGH_ENTROPY_VA
-- Performing Test LINKER_SUPPORTS__WL___HIGH_ENTROPY_VA - Failed
-- Performing Test LINKER_SUPPORTS__WL__Z_RELRO
-- Performing Test LINKER_SUPPORTS__WL__Z_RELRO - Failed
-- Performing Test LINKER_SUPPORTS__WL__Z_NOW
-- Performing Test LINKER_SUPPORTS__WL__Z_NOW - Failed
-- Performing Test LINKER_SUPPORTS__WL__Z_SEPARATE_CODE
-- Performing Test LINKER_SUPPORTS__WL__Z_SEPARATE_CODE - Failed
-- Performing Test LINKER_SUPPORTS__WL__FIXUP_CHAINS
-- Performing Test LINKER_SUPPORTS__WL__FIXUP_CHAINS - Success
-- Found Python3: /opt/homebrew/bin/python3 (found suitable version "3.13.2", minimum required is "3.10") found components: Interpreter
-- Could NOT find Doxygen (missing: DOXYGEN_EXECUTABLE) 
-- Performing Test HAVE_BUILTIN_PREFETCH
-- Performing Test HAVE_BUILTIN_PREFETCH - Success
-- Performing Test HAVE_MM_PREFETCH
-- Performing Test HAVE_MM_PREFETCH - Failed
-- Performing Test HAVE_SSE42
-- Performing Test HAVE_SSE42 - Failed
-- Performing Test HAVE_ARM64_CRC32C
-- Performing Test HAVE_ARM64_CRC32C - Success
-- Looking for F_FULLFSYNC
-- Looking for F_FULLFSYNC - found
-- Performing Test HAVE_CLMUL
-- Performing Test HAVE_CLMUL - Failed

Configuring secp256k1 subtree...
-- The C compiler identification is Clang 19.1.7
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /opt/homebrew/opt/llvm/bin/clang - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Performing Test HAVE_X86_64_ASM
-- Performing Test HAVE_X86_64_ASM - Failed
-- Could NOT find Valgrind (missing: Valgrind_INCLUDE_DIR Valgrind_WORKS) 
-- Performing Test C_SUPPORTS__PEDANTIC
-- Performing Test C_SUPPORTS__PEDANTIC - Success
-- Performing Test C_SUPPORTS__WALL
-- Performing Test C_SUPPORTS__WALL - Success
-- Performing Test C_SUPPORTS__WCAST_ALIGN
-- Performing Test C_SUPPORTS__WCAST_ALIGN - Success
-- Performing Test C_SUPPORTS__WCAST_ALIGN_STRICT
-- Performing Test C_SUPPORTS__WCAST_ALIGN_STRICT - Failed
-- Performing Test C_SUPPORTS__WCONDITIONAL_UNINITIALIZED
-- Performing Test C_SUPPORTS__WCONDITIONAL_UNINITIALIZED - Success
-- Performing Test C_SUPPORTS__WEXTRA
-- Performing Test C_SUPPORTS__WEXTRA - Success
-- Performing Test C_SUPPORTS__WNESTED_EXTERNS
-- Performing Test C_SUPPORTS__WNESTED_EXTERNS - Success
-- Performing Test C_SUPPORTS__WNO_LONG_LONG
-- Performing Test C_SUPPORTS__WNO_LONG_LONG - Success
-- Performing Test C_SUPPORTS__WNO_OVERLENGTH_STRINGS
-- Performing Test C_SUPPORTS__WNO_OVERLENGTH_STRINGS - Success
-- Performing Test C_SUPPORTS__WNO_UNUSED_FUNCTION
-- Performing Test C_SUPPORTS__WNO_UNUSED_FUNCTION - Success
-- Performing Test C_SUPPORTS__WRESERVED_IDENTIFIER
-- Performing Test C_SUPPORTS__WRESERVED_IDENTIFIER - Success
-- Performing Test C_SUPPORTS__WSHADOW
-- Performing Test C_SUPPORTS__WSHADOW - Success
-- Performing Test C_SUPPORTS__WSTRICT_PROTOTYPES
-- Performing Test C_SUPPORTS__WSTRICT_PROTOTYPES - Success
-- Performing Test C_SUPPORTS__WUNDEF
-- Performing Test C_SUPPORTS__WUNDEF - Success


secp256k1 configure summary
===========================
Build artifacts:
  library type ........................ Static
Optional modules:
  ECDH ................................ OFF
  ECDSA pubkey recovery ............... ON
  extrakeys ........................... ON
  schnorrsig .......................... ON
  musig ............................... OFF
  ElligatorSwift ...................... ON
Parameters:
  ecmult window size .................. 15
  ecmult gen table size ............... 86 KiB
Optional features:
  assembly ............................ OFF
  external callbacks .................. OFF
Optional binaries:
  benchmark ........................... OFF
  noverify_tests ...................... OFF
  tests ............................... OFF
  exhaustive tests .................... OFF
  ctime_tests ......................... OFF
  examples ............................ OFF

Cross compiling ....................... FALSE
Valgrind .............................. OFF
Preprocessor defined macros ........... ENABLE_MODULE_ELLSWIFT=1 ENABLE_MODULE_SCHNORRSIG=1 ENABLE_MODULE_EXTRAKEYS=1 ENABLE_MODULE_RECOVERY=1 ECMULT_WINDOW_SIZE=15 COMB_BLOCKS=43 COMB_TEETH=6
C compiler ............................ Clang 19.1.7, /opt/homebrew/opt/llvm/bin/clang
CFLAGS ................................ 
Compile options ....................... -pedantic -Wall -Wcast-align -Wconditional-uninitialized -Wextra -Wnested-externs -Wno-long-long -Wno-overlength-strings -Wno-unused-function -Wreserved-identifier -Wshadow -Wstrict-prototypes -Wundef
Build type:
 - CMAKE_BUILD_TYPE ................... RelWithDebInfo
 - CFLAGS ............................. -O2 -g 
 - LDFLAGS for executables ............ 
 - LDFLAGS for shared libraries ....... 
SECP256K1_APPEND_CFLAGS ............... -fsanitize=undefined,address,fuzzer-no-link
SECP256K1_APPEND_LDFLAGS .............. -fsanitize=undefined,address,fuzzer-no-link



Configure summary
=================
Executables:
  bitcoind ............................ OFF
  bitcoin-node (multiprocess) ......... OFF
  bitcoin-qt (GUI) .................... OFF
  bitcoin-gui (GUI, multiprocess) ..... OFF
  bitcoin-cli ......................... OFF
  bitcoin-tx .......................... OFF
  bitcoin-util ........................ OFF
  bitcoin-wallet ...................... OFF
  bitcoin-chainstate (experimental) ... OFF
  libbitcoinkernel (experimental) ..... OFF
Optional features:
  wallet support ...................... ON
   - legacy wallets (Berkeley DB) ..... OFF
  external signer ..................... OFF
  ZeroMQ .............................. OFF
  USDT tracing ........................ OFF
  QR code (GUI) ....................... OFF
  DBus (GUI, Linux only) .............. OFF
Tests:
  test_bitcoin ........................ OFF
  test_bitcoin-qt ..................... OFF
  bench_bitcoin ....................... OFF
  fuzz binary ......................... ON

Cross compiling ....................... FALSE
C++ compiler .......................... Clang 19.1.7, /opt/homebrew/opt/llvm/bin/clang++
CMAKE_BUILD_TYPE ...................... RelWithDebInfo
Preprocessor defined macros ........... FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION OBJC_OLD_DISPATCH_PROTOTYPES=0
C++ compiler flags .................... -O2 -g -std=c++20 -fPIC -fdebug-prefix-map=/Users/prabhatverma/projects/bitcoin/src=. -fmacro-prefix-map=/Users/prabhatverma/projects/bitcoin/src=. -fsanitize=undefined,address,fuzzer-no-link -Wall -Wextra -Wgnu -Wformat -Wformat-security -Wvla -Wshadow-field -Wthread-safety -Wloop-analysis -Wredundant-decls -Wunused-member-function -Wdate-time -Wconditional-uninitialized -Woverloaded-virtual -Wsuggest-override -Wimplicit-fallthrough -Wunreachable-code -Wdocumentation -Wself-assign -Wundef -Wno-unused-parameter -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -Wstack-protector -fstack-protector-all -mbranch-protection=bti
Linker flags .......................... -O2 -g -Wl,-dead_strip -Wl,-dead_strip_dylibs -Wl,-headerpad_max_install_names -fsanitize=undefined,address,fuzzer-no-link -fstack-protector-all -Wl,-fixup_chains -fPIE -Xlinker -pie

NOTE: The summary above may not exactly match the final applied build flags
      if any additional CMAKE_* or environment variables have been modified.
      To see the exact flags applied, build with the --verbose option.

Attempt to harden executables ......... ON
Treat compiler warnings as errors ..... OFF
Use ccache for compiling .............. OFF


-- Configuring done (10.6s)
-- Generating done (0.1s)
-- Build files have been written to: /Users/prabhatverma/projects/bitcoin/build

</details>

Crypt-iQ commented at 4:00 PM on April 3, 2025: contributor

Does the issue occur with clang 18?
Prabhat1308 commented at 4:15 PM on April 3, 2025: contributor

Does the issue occur with clang 18?

works with clang 18 but its bringing back https://github.com/bitcoin/bitcoin/issues/31591
Crypt-iQ commented at 6:14 PM on April 8, 2025: contributor

works with clang 18 but its bringing back #31591

Ahh, I see. That's annoying. I'm just ignoring the errors for now and it seems to work as expected. I've historically had a bit of trouble with macOS fuzzing and sometimes things just tend to break.
fanquake added the label Fuzzing on Oct 30, 2025
maflcko commented at 2:41 PM on November 21, 2025: member

Closing for now. If someone finds this to be working at some point, they are welcome to add docs for it. In the meantime, please use libfuzzer-nosan, or other stuff, mentioned in https://github.com/bitcoin/bitcoin/pull/33921
maflcko closed this on Nov 21, 2025

Contributors

Labels

macOS Tests Upstream Fuzzing

Linked (view graph)

#1 JSON-RPC support for mobile devices ("ultra-lightweight" clients)#2 Long-term, safe, store-of-value #3 Encrypt wallet #4 Export/Import wallet in a human readable, future-proof format #5 Make the version number the protocol version and not the client version #6 Treat wallet as a generic keystore #7 Block-header-only, faster startup client #8 RPC command to sign text with wallet private key #9 Fix for GUI on Macs and latest wxWidgets #11 Nolisten patch #26 Confirmations not appearing for sent coins after recovering wallet from archive #27 listaccounts with minconf param was broken!#53 Testnet difficulty #278 Update to openssl-1.0.0d and enable RPC-SSL on Win32 #364 fix check for USE_UPNP in makefile.unix #615 Crash editing label not in address book #657 Copy amount to clipboard #692 "minimize to tray" has strange behaviour on Ubuntu 11.10 #1013 remove old an unused mining code #1341 AlreadyAskedFor -> WaitingFor rename, for reasons of least surprise.#1347 mapAlreadyAskedFor gets additions when AlreadyHave()#1378 Correct debug.log output to show correct function the debug is coming from.#1716 Fix gitian win32 build #1754 Update strings for 0.7.0rc2 #1982 Add HTTP REST, wget(1)-friendly crypted key dump via GET /wallet-ckeys.json #2405 Crash on Mac with "Assertion failed: (pfork != NULL)"#2418 Use a uint256 for bnChainWork #2629 Specified base_uint component size #3051 rename bitcoin-res.rc to bitcoind-res.rc #3071 Remove include of windows.h from allocators.h #33731 RFC: Do we want to support fuzzing on MacOS?