fuzz: crash in psbt fuzzer #34000

issue fanquake opened this issue on December 3, 2025
  1. fanquake commented at 1:27 PM on December 3, 2025: member

    From: #29675 (review):

    looks like this line crashes:

    $ echo 'cHNidP8BAP0+AQIAAAAGy4dxGNHKAQgFPtEAoVgyMqb+N0ghgmdne5OjULYs2sUAAAr/AP3////L
fnEY0crZmwU+EVahszExpv43SCGCZ2d7k6NQtizaOwADAC4ABHwdAMt+cRjRytmbBT4RVqFYMTGm
/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXlTl39C5ZmAtOAI4+zy32vWLVnyQjw7IvQsBa6rYA
AAcAAP3//zKG/zqgb7JIwmli68xeUjUXVp+c4b/tvc55IsAI4yQAAAAAAAAA/f///8t/0cpxGNmb
BT4RVqFYMTOm/jdIIXj///8AAAAAgNo7AACAAAD9//3/AiHf9QUAAAAAFgAU9/Ykq9yiCFGnUpsi
RsS6FFGLkQEAAAAAAAABABYAFEEQliEApQAADCBABv78gsn+/////wAAAAAAAAAAACIagHQAAAAV
DLQyJycoAHNiKDIDAEIAAEEA/wEABgDI/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXAY9zeZ10
c/zcAAEBK2ECEWUrKwAAIlEgcPx0K2ICYgQkKwABAQEBAQsCAgAERUIADwADAAADmSsAAAA=' | base64 --decode > /tmp/crash.bin 


$ FUZZ=psbt ./bld-cmake/bin/fuzz -runs=1 /tmp/crash.bin 
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 494792800
INFO: Loaded 1 modules   (385403 inline 8-bit counters): 385403 [0x55c06b279420, 0x55c06b2d759b), 
INFO: Loaded 1 PC tables (385403 PCs): 385403 [0x55c06b2d75a0,0x55c06b8b8d50), 
./bld-cmake/bin/fuzz: Running 1 inputs 1 time(s) each.
Running: /tmp/crash.bin
/usr/bin/../include/c++/v1/span:512: assertion __offset <= size() failed: span<T>::subspan(offset, count): offset out of range

    (needs a hardened libc++, msan, or valgrind)

  2. fanquake closed this on Dec 3, 2025
Contributors
fanquake
Linked (view graph)
#29675 wallet: Be able to receive and spend inputs involving MuSig2 aggregate keys
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-26 06:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me