fuzz: Exclude too expensive inputs in descriptor_parse targets #34317

pull maflcko wants to merge 1 commits into bitcoin:master from maflcko:2601-fuzz-desc-parse changing 4 files +34 −30
  1. maflcko commented at 12:00 pm on January 16, 2026: member

    Accepting “expensive” fuzz inputs which have no real use-case is problematic, because it prevents the fuzz engine from spending time on the next useful fuzz input.

    For example, those will take several seconds (!) and the flamegraph shows that base58 encoding is the cause:

    0curl -fLO 'https://github.com/bitcoin-core/qa-assets/raw/b5ad78e070e4cf36beb415d7b490d948d70ba73f/fuzz_corpora/mocked_descriptor_parse/f5abf41608addcef3538da61d8096c2050235032'
1curl -fLO 'https://github.com/bitcoin-core/qa-assets/raw/b5ad78e070e4cf36beb415d7b490d948d70ba73f/fuzz_corpora/descriptor_parse/78cb3175467f53b467b949883ee6072e92dbb267'
2
3FUZZ=mocked_descriptor_parse ./bld-cmake/bin/fuzz ./f5abf41608addcef3538da61d8096c2050235032
4FUZZ=descriptor_parse ./bld-cmake/bin/fuzz ./78cb3175467f53b467b949883ee6072e92dbb267

    This will also break 32-bit fuzzing, see #34110 (comment).

    Fix all issues by checking for HasTooLargeLeafSize.

    Sorry for creating several pull requests to fix this class of issue, but I think this one should be the last one. :sweat_smile:

  2. DrahtBot added the label Fuzzing on Jan 16, 2026
  3. DrahtBot commented at 12:00 pm on January 16, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34317.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK brunoerg, frankomosh

    If your review is incorrectly listed, please copy-paste <!–meta-tag:bot-skip–> into the comment that the bot should ignore.

  4. maflcko force-pushed on Jan 16, 2026
  5. DrahtBot added the label CI failed on Jan 16, 2026
  6. DrahtBot removed the label CI failed on Jan 16, 2026
  7. in src/test/fuzz/util/descriptor.cpp:15 in fa3fe1d7f8 outdated 
     6@@ -7,12 +7,15 @@
 7 #include <key.h>
 8 #include <key_io.h>
 9 #include <pubkey.h>
10+#include <span.h>
11 #include <util/strencodings.h>
12 
13 #include <ranges>
14 #include <stack>
15+#include <vector>
    hebasto commented at 4:11 pm on January 16, 2026:

    https://github.com/bitcoin/bitcoin/actions/runs/21066056093/job/60583609633?pr=34317:

    0(/home/admin/actions-runner/_work/_temp/src/test/fuzz/util/descriptor.h has correct #includes/fwd-decls)
1
2(/home/admin/actions-runner/_work/_temp/src/test/fuzz/util/descriptor.cpp has correct #includes/fwd-decls)

    Mind appending src/test/fuzz/util/descriptor.cpp to the FILES_WITH_ENFORCED_IWYU variable in ci/test/03_test_script.sh?

    maflcko commented at 4:36 pm on January 16, 2026:
    This will create a conflict with other pulls, so I’ll leave this as-is for now.
  8. frankomosh commented at 5:23 am on January 19, 2026: contributor

    Code Review ACK fa3fe1d7f8d857112b8c5b1a991fe25b3ded9324

    Good refactor that effectively addresses the expensive input issue

  9. fanquake requested review from dergoegge on Jan 20, 2026
  10. maflcko requested review from brunoerg on Jan 22, 2026
  11. in src/test/fuzz/descriptor_parse.cpp:81 in fa3fe1d7f8 
    74@@ -75,21 +75,35 @@ void initialize_mocked_descriptor_parse()
75     MOCKED_DESC_CONVERTER.Init();
76 }
77 
78-FUZZ_TARGET(mocked_descriptor_parse, .init = initialize_mocked_descriptor_parse)
79+/// Deriving "expensive" descriptors will consume useful fuzz compute. The
80+/// compute is better spent on a smaller subset of descriptors, which still
81+/// covers all real end-user settings.
82+static bool IsTooExpensive(std::span<const uint8_t> buffer)
    brunoerg commented at 6:28 pm on January 22, 2026:
    fa3fe1d7f8d857112b8c5b1a991fe25b3ded9324: feel free to ignore: Perhaps we could move the IsTooExpensive function from fuzz/scriptpubkeyman.cpp to util and use it here? It would avoid some duplicated code.
    maflcko commented at 8:05 pm on January 22, 2026:

    The HasTooLargeLeafSize call needs to be done after expanding the mocked descriptor. So I guess my current patch is not fully correct anyway.

    I’ll push your suggestion and move the check after calling GetDescriptor.

  12. brunoerg approved
  13. brunoerg commented at 6:31 pm on January 22, 2026: contributor

    ACK fa3fe1d7f8d857112b8c5b1a991fe25b3ded9324

    Code lgtm and I verified the fix with the problematic inputs.

  14. fuzz: Exclude too expensive inputs in descriptor_parse targets 
    Also, fixup iwyu warnings in the util module.

Also, fixup a typo.

The moved part can be reviewed with the git option:
--color-moved=dimmed-zebra
    fab2f3df4b
  15. maflcko force-pushed on Jan 22, 2026
  16. brunoerg approved
  17. brunoerg commented at 8:05 pm on January 22, 2026: contributor

    reACK fab2f3df4beb230eef63bdcf5042b6417c0012dc

    fa3fe1d7f8d857112b8c5b1a991fe25b3ded9324..fab2f3df4beb230eef63bdcf5042b6417c0012dc:

    • IsTooExpensive has been moved to util.
    • edit: Also, verified that the call is done after expanding the descriptor in CreateWalletDescriptor.
  18. DrahtBot requested review from frankomosh on Jan 22, 2026
  19. frankomosh commented at 5:19 am on January 23, 2026: contributor
    re-ACK fab2f3df4beb230eef63bdcf5042b6417c0012dc
  20. fanquake merged this on Jan 23, 2026
  21. fanquake closed this on Jan 23, 2026
  22. maflcko deleted the branch on Jan 23, 2026


maflcko DrahtBot hebasto frankomosh brunoerg


dergoegge

Labels
Fuzzing

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-02-10 21:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me