FUZZ=psbt in musig2, runs into uninitialized read #33999

issue maflcko opened this issue on December 3, 2025
  1. maflcko commented at 1:26 PM on December 3, 2025: member

    (found by Murch in https://github.com/bitcoin-core/qa-assets/pull/246)

    Originally posted by @maflcko in #29675 (review)

    (needs a hardened libc++, msan, or valgrind)

    $ echo 'cHNidP8BAP0+AQIAAAAGy4dxGNHKAQgFPtEAoVgyMqb+N0ghgmdne5OjULYs2sUAAAr/AP3////L
fnEY0crZmwU+EVahszExpv43SCGCZ2d7k6NQtizaOwADAC4ABHwdAMt+cRjRytmbBT4RVqFYMTGm
/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXlTl39C5ZmAtOAI4+zy32vWLVnyQjw7IvQsBa6rYA
AAcAAP3//zKG/zqgb7JIwmli68xeUjUXVp+c4b/tvc55IsAI4yQAAAAAAAAA/f///8t/0cpxGNmb
BT4RVqFYMTOm/jdIIXj///8AAAAAgNo7AACAAAD9//3/AiHf9QUAAAAAFgAU9/Ykq9yiCFGnUpsi
RsS6FFGLkQEAAAAAAAABABYAFEEQliEApQAADCBABv78gsn+/////wAAAAAAAAAAACIagHQAAAAV
DLQyJycoAHNiKDIDAEIAAEEA/wEABgDI/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXAY9zeZ10
c/zcAAEBK2ECEWUrKwAAIlEgcPx0K2ICYgQkKwABAQEBAQsCAgAERUIADwADAAADmSsAAAA=' | base64 --decode > /tmp/crash.bin 


$ FUZZ=psbt ./bld-cmake/bin/fuzz -runs=1 /tmp/crash.bin 
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 494792800
INFO: Loaded 1 modules   (385403 inline 8-bit counters): 385403 [0x55c06b279420, 0x55c06b2d759b), 
INFO: Loaded 1 PC tables (385403 PCs): 385403 [0x55c06b2d75a0,0x55c06b8b8d50), 
./bld-cmake/bin/fuzz: Running 1 inputs 1 time(s) each.
Running: /tmp/crash.bin
/usr/bin/../include/c++/v1/span:512: assertion __offset <= size() failed: span<T>::subspan(offset, count): offset out of range

    A shorter input:

    $ echo 'cHNidP8BADMAAZJuAQAAAAAAAAAAAABMHQD/AAAAAAAAAAAA//////9BAB4AjIwAAAD5////AAAA
/NwAAQErYQIAAAAAAAAiUSBw/G0rYgJicCsrtgAA2P//+HN0AAIA+f//7gAF++8AACIaCAEAAP8A
cHNidP8BABMAAiEeAAEXDD4AAAEBAACCpP73IUL8j3+PjNNzYnT/AAAAAAAAlpb/AAAAAAAAAAYE
AisAAAA=' | base64 --decode > /tmp/crash.bin
  2. fanquake added the label Fuzzing on Dec 3, 2025
  3. fanquake commented at 1:28 PM on December 3, 2025: member

    cc @achow101 @fjahr @rkrux

  4. maflcko added this to the milestone 31.0 on Dec 3, 2025
  5. fanquake commented at 3:40 PM on December 4, 2025: member

    https://issues.oss-fuzz.com/issues/465913232.

  6. achow101 closed this on Jan 5, 2026
Contributors
maflckofanquake
Labels
Fuzzing

Milestone
31.0

Linked (view graph)
#29675 wallet: Be able to receive and spend inputs involving MuSig2 aggregate keys#34010 psbt: detect invalid MuSig2 pubkeys in deserialization#34219 psbt: validate pubkeys in MuSig2 pubnonce/partial sig deserialization
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-02 12:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me