fuzz: crash in psbt fuzzer #34000

issue fanquake openend this issue on December 3, 2025
  1. fanquake commented at 1:27 pm on December 3, 2025: member

    From: #29675 (review):

    looks like this line crashes:

     0$ echo 'cHNidP8BAP0+AQIAAAAGy4dxGNHKAQgFPtEAoVgyMqb+N0ghgmdne5OjULYs2sUAAAr/AP3////L
 1fnEY0crZmwU+EVahszExpv43SCGCZ2d7k6NQtizaOwADAC4ABHwdAMt+cRjRytmbBT4RVqFYMTGm
 2/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXlTl39C5ZmAtOAI4+zy32vWLVnyQjw7IvQsBa6rYA
 3AAcAAP3//zKG/zqgb7JIwmli68xeUjUXVp+c4b/tvc55IsAI4yQAAAAAAAAA/f///8t/0cpxGNmb
 4BT4RVqFYMTOm/jdIIXj///8AAAAAgNo7AACAAAD9//3/AiHf9QUAAAAAFgAU9/Ykq9yiCFGnUpsi
 5RsS6FFGLkQEAAAAAAAABABYAFEEQliEApQAADCBABv78gsn+/////wAAAAAAAAAAACIagHQAAAAV
 6DLQyJycoAHNiKDIDAEIAAEEA/wEABgDI/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXAY9zeZ10
 7c/zcAAEBK2ECEWUrKwAAIlEgcPx0K2ICYgQkKwABAQEBAQsCAgAERUIADwADAAADmSsAAAA=' | base64 --decode > /tmp/crash.bin 
 8
 9
10$ FUZZ=psbt ./bld-cmake/bin/fuzz -runs=1 /tmp/crash.bin 
11INFO: Running with entropic power schedule (0xFF, 100).
12INFO: Seed: 494792800
13INFO: Loaded 1 modules   (385403 inline 8-bit counters): 385403 [0x55c06b279420, 0x55c06b2d759b), 
14INFO: Loaded 1 PC tables (385403 PCs): 385403 [0x55c06b2d75a0,0x55c06b8b8d50), 
15./bld-cmake/bin/fuzz: Running 1 inputs 1 time(s) each.
16Running: /tmp/crash.bin
17/usr/bin/../include/c++/v1/span:512: assertion __offset <= size() failed: span<T>::subspan(offset, count): offset out of range

    (needs a hardened libc++, msan, or valgrind)

  2. fanquake closed this on Dec 3, 2025


fanquake

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-02 00:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me