fuzz: Exclude too expensive inputs in miniscript_string target #34288

pull maflcko wants to merge 2 commits into bitcoin:master from maflcko:2601-fuzz-ms-str changing 3 files +19 −8
  1. maflcko commented at 5:49 pm on January 14, 2026: member

    Fixes #30498

    Accepting “expensive” fuzz inputs which have no real use-case is problematic, because it prevents the fuzz engine from spending time on the next useful fuzz input.

    For example this one will take several seconds (the flamegraph shows the time is spent in minscipt NoDupCheck):

    0curl -fLO 'https://raw.githubusercontent.com/bitcoin-core/qa-assets/eac1c57614d7823bcd6079814749f72018aea438/fuzz_corpora/miniscript_string/41bae50cffd1741150a1b330d02ab09f46ff8cd1'
1FUZZ=miniscript_string /usr/bin/time   ./bld-cmake/bin/fuzz  ./41bae50cffd1741150a1b330d02ab09f46ff8cd1

    Inspecting the inputs shows that it has many sub frags, so rejecting based on HasTooManySubFrag should be sufficient.

  2. DrahtBot renamed this:
    fuzz: Exclude too expensive inputs in miniscript_string target
    fuzz: Exclude too expensive inputs in miniscript_string target
    on Jan 14, 2026
  3. DrahtBot added the label Fuzzing on Jan 14, 2026
  4. DrahtBot commented at 5:49 pm on January 14, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34288.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK darosior, brunoerg, dergoegge

    If your review is incorrectly listed, please copy-paste <!–meta-tag:bot-skip–> into the comment that the bot should ignore.

  5. maflcko force-pushed on Jan 14, 2026
  6. DrahtBot added the label CI failed on Jan 14, 2026
  7. iwyu: Fix includes for test/fuzz/util/descriptor module 
    Also, fix a typo.
    fa90786478
  8. maflcko force-pushed on Jan 14, 2026
  9. in src/test/fuzz/miniscript.cpp:23 in fa0a762a3a 
    18 
19 namespace {
20 
21+static bool IsTooExpensive(std::span<const uint8_t> buf)
22+{
23+    return HasDeepDerivPath(buf) || HasTooManySubFrag(buf) || HasTooManyWrappers(buf) || HasTooLargeLeafSize(buf);
    darosior commented at 6:32 pm on January 14, 2026:

    HasDeepDerivPath is not reachable here because the miniscript_string target only ever parses keys as two hex characters representing an id: https://github.com/bitcoin/bitcoin/blob/c0219f6beaa001e9bd58c0f0cbf0a1ee480151fd/src/test/fuzz/miniscript.cpp#L152-L158

    HasTooLargeLeafSize also does not apply here, since a Miniscript may only be part of a leaf itself. I think in this situation it would only ever return true on otherwise invalid fragments or if there is a too long suite of wrappers, which is already covered by HasTooManySubFrag with a lower bound. So this is probably also unreachable.

    If you choose to retouch for this, nit: could you update the name of the helper to make it clearer it applies only to miniscript strings?

  10. darosior approved
  11. darosior commented at 6:42 pm on January 14, 2026: member

    utACK fa0a762a3af6702d403c9dc1231ed9d442c0295e

    I’m fine with this being merged as is, this is an improvement. But as far as i can tell some of the checks here are unreachable and it would be better not to introduce them.

  12. fuzz: Exclude too expensive inputs in miniscript_string target fac70ea8b5
  13. maflcko force-pushed on Jan 14, 2026
  14. darosior approved
  15. darosior commented at 7:22 pm on January 14, 2026: member

    ACK fac70ea8b5bb33d05a47c36f2c5f1d79f119315c

    Thanks for fixing the slowness i introduced.

  16. DrahtBot removed the label CI failed on Jan 14, 2026
  17. brunoerg approved
  18. brunoerg commented at 0:35 am on January 15, 2026: contributor
    code review ACK fac70ea8b5bb33d05a47c36f2c5f1d79f119315c
  19. fanquake requested review from dergoegge on Jan 15, 2026
  20. dergoegge approved
  21. dergoegge commented at 1:24 pm on January 15, 2026: member
    utACK fac70ea8b5bb33d05a47c36f2c5f1d79f119315c
  22. fanquake merged this on Jan 15, 2026
  23. fanquake closed this on Jan 15, 2026
  24. in src/test/fuzz/util/descriptor.cpp:11 in fa90786478 
     3@@ -4,6 +4,11 @@
 4 
 5 #include <test/fuzz/util/descriptor.h>
 6 
 7+#include <key.h>
 8+#include <key_io.h>
 9+#include <pubkey.h>
10+#include <util/strencodings.h>
11+
    hebasto commented at 3:10 pm on January 15, 2026:

    fa907864786056258302a611bf4df0319138a71b:

    From https://github.com/bitcoin/bitcoin/actions/runs/21006379038/job/60389739627?pr=34288:

    02026-01-14T19:13:05.5733510Z /home/admin/actions-runner/_work/_temp/src/test/fuzz/util/descriptor.cpp should add these lines:
12026-01-14T19:13:05.5733920Z #include <span.h>               // for UCharCast
22026-01-14T19:13:05.5734082Z #include <vector>               // for vector
    maflcko commented at 12:01 pm on January 16, 2026:
    Fixed iwyu while touching in #34317 :sweat_smile:
  25. maflcko deleted the branch on Jan 16, 2026


maflcko DrahtBot darosior brunoerg dergoegge hebasto

Labels
Fuzzing

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-01-21 03:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me