Skip to content

Commit d2d0a04

Browse files
author
MarcoFalke
committed
Merge bitcoin#18353: tests: Add fuzzing harnesses for classes CBlockHeader, CFeeRate and various functions
44abf41 tests: Add fuzzing harness for various functions taking std::string as input (practicalswift) d69145a tests: Add fuzzing harness for MultiplicationOverflow(...) (practicalswift) 7726f3b tests: Add fuzzing harness for CFeeRate (practicalswift) 0579a27 tests: Add fuzzing harness for CBlockHeader (practicalswift) cb4eec1 tests: Add fuzzing harness for count_seconds(...) (practicalswift) Pull request description: Add fuzzing harnesses for classes `CBlockHeader`, `CFeeRate` and various functions. To test this PR: ``` $ make distclean $ ./autogen.sh $ CC=clang CXX=clang++ ./configure --enable-fuzz \ --with-sanitizers=address,fuzzer,undefined $ make $ src/test/fuzz/block_header ^c (ctrl-c) $ src/test/fuzz/fee_rate ^c (ctrl-c) $ src/test/fuzz/integer ^c (ctrl-c) $ src/test/fuzz/multiplication_overflow ^c (ctrl-c) $ src/test/fuzz/string ^c (ctrl-c) ``` ACKs for top commit: MarcoFalke: ACK 44abf41 🏉 Tree-SHA512: 2b382a7bc8efdcc6dd8b79f1637f194ecdca3e522c6618ae6c4b0bf6f86d2e79b1bb1c7160522083600616d1ed509b2f577f3a512ea3a7825a0a3794578d9d90
2 parents 1d64dfe + 44abf41 commit d2d0a04

File tree

7 files changed

+289
-6
lines changed

7 files changed

+289
-6
lines changed

src/Makefile.test.include

+34-6
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ FUZZ_TARGETS = \
1414
test/fuzz/block_deserialize \
1515
test/fuzz/block_file_info_deserialize \
1616
test/fuzz/block_filter_deserialize \
17+
test/fuzz/block_header \
1718
test/fuzz/block_header_and_short_txids_deserialize \
1819
test/fuzz/blockheader_deserialize \
1920
test/fuzz/blocklocator_deserialize \
@@ -28,6 +29,7 @@ FUZZ_TARGETS = \
2829
test/fuzz/descriptor_parse \
2930
test/fuzz/diskblockindex_deserialize \
3031
test/fuzz/eval_script \
32+
test/fuzz/fee_rate \
3133
test/fuzz/fee_rate_deserialize \
3234
test/fuzz/flat_file_pos_deserialize \
3335
test/fuzz/float \
@@ -40,6 +42,7 @@ FUZZ_TARGETS = \
4042
test/fuzz/locale \
4143
test/fuzz/merkle_block_deserialize \
4244
test/fuzz/messageheader_deserialize \
45+
test/fuzz/multiplication_overflow \
4346
test/fuzz/netaddr_deserialize \
4447
test/fuzz/netaddress \
4548
test/fuzz/out_point_deserialize \
@@ -90,6 +93,7 @@ FUZZ_TARGETS = \
9093
test/fuzz/service_deserialize \
9194
test/fuzz/snapshotmetadata_deserialize \
9295
test/fuzz/spanparsing \
96+
test/fuzz/string \
9397
test/fuzz/strprintf \
9498
test/fuzz/sub_net_deserialize \
9599
test/fuzz/transaction \
@@ -343,6 +347,12 @@ test_fuzz_block_filter_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
343347
test_fuzz_block_filter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
344348
test_fuzz_block_filter_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
345349

350+
test_fuzz_block_header_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
351+
test_fuzz_block_header_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
352+
test_fuzz_block_header_LDADD = $(FUZZ_SUITE_LD_COMMON)
353+
test_fuzz_block_header_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
354+
test_fuzz_block_header_SOURCES = $(FUZZ_SUITE) test/fuzz/block_header.cpp
355+
346356
test_fuzz_block_header_and_short_txids_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCK_HEADER_AND_SHORT_TXIDS_DESERIALIZE=1
347357
test_fuzz_block_header_and_short_txids_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
348358
test_fuzz_block_header_and_short_txids_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -427,6 +437,12 @@ test_fuzz_eval_script_LDADD = $(FUZZ_SUITE_LD_COMMON)
427437
test_fuzz_eval_script_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
428438
test_fuzz_eval_script_SOURCES = $(FUZZ_SUITE) test/fuzz/eval_script.cpp
429439

440+
test_fuzz_fee_rate_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
441+
test_fuzz_fee_rate_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
442+
test_fuzz_fee_rate_LDADD = $(FUZZ_SUITE_LD_COMMON)
443+
test_fuzz_fee_rate_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
444+
test_fuzz_fee_rate_SOURCES = $(FUZZ_SUITE) test/fuzz/fee_rate.cpp
445+
430446
test_fuzz_fee_rate_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DFEE_RATE_DESERIALIZE=1
431447
test_fuzz_fee_rate_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
432448
test_fuzz_fee_rate_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -499,6 +515,12 @@ test_fuzz_messageheader_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
499515
test_fuzz_messageheader_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
500516
test_fuzz_messageheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
501517

518+
test_fuzz_multiplication_overflow_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
519+
test_fuzz_multiplication_overflow_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
520+
test_fuzz_multiplication_overflow_LDADD = $(FUZZ_SUITE_LD_COMMON)
521+
test_fuzz_multiplication_overflow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
522+
test_fuzz_multiplication_overflow_SOURCES = $(FUZZ_SUITE) test/fuzz/multiplication_overflow.cpp
523+
502524
test_fuzz_netaddr_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DNETADDR_DESERIALIZE=1
503525
test_fuzz_netaddr_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
504526
test_fuzz_netaddr_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -787,12 +809,24 @@ test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
787809
test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
788810
test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
789811

812+
test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1
813+
test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
814+
test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
815+
test_fuzz_snapshotmetadata_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
816+
test_fuzz_snapshotmetadata_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
817+
790818
test_fuzz_spanparsing_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
791819
test_fuzz_spanparsing_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
792820
test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON)
793821
test_fuzz_spanparsing_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
794822
test_fuzz_spanparsing_SOURCES = $(FUZZ_SUITE) test/fuzz/spanparsing.cpp
795823

824+
test_fuzz_string_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
825+
test_fuzz_string_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
826+
test_fuzz_string_LDADD = $(FUZZ_SUITE_LD_COMMON)
827+
test_fuzz_string_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
828+
test_fuzz_string_SOURCES = $(FUZZ_SUITE) test/fuzz/string.cpp
829+
796830
test_fuzz_strprintf_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
797831
test_fuzz_strprintf_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
798832
test_fuzz_strprintf_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -805,12 +839,6 @@ test_fuzz_sub_net_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
805839
test_fuzz_sub_net_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
806840
test_fuzz_sub_net_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
807841

808-
test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1
809-
test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
810-
test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
811-
test_fuzz_snapshotmetadata_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
812-
test_fuzz_snapshotmetadata_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
813-
814842
test_fuzz_transaction_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
815843
test_fuzz_transaction_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
816844
test_fuzz_transaction_LDADD = $(FUZZ_SUITE_LD_COMMON)

src/test/fuzz/block_header.cpp

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
// Copyright (c) 2020 The Bitcoin Core developers
2+
// Distributed under the MIT software license, see the accompanying
3+
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4+
5+
#include <optional.h>
6+
#include <primitives/block.h>
7+
#include <test/fuzz/FuzzedDataProvider.h>
8+
#include <test/fuzz/fuzz.h>
9+
#include <test/fuzz/util.h>
10+
#include <uint256.h>
11+
12+
#include <cassert>
13+
#include <cstdint>
14+
#include <string>
15+
#include <vector>
16+
17+
void test_one_input(const std::vector<uint8_t>& buffer)
18+
{
19+
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
20+
const Optional<CBlockHeader> block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);
21+
if (!block_header) {
22+
return;
23+
}
24+
{
25+
const uint256 hash = block_header->GetHash();
26+
static const uint256 u256_max(uint256S("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"));
27+
assert(hash != u256_max);
28+
assert(block_header->GetBlockTime() == block_header->nTime);
29+
assert(block_header->IsNull() == (block_header->nBits == 0));
30+
}
31+
{
32+
CBlockHeader mut_block_header = *block_header;
33+
mut_block_header.SetNull();
34+
assert(mut_block_header.IsNull());
35+
CBlock block{*block_header};
36+
assert(block.GetBlockHeader().GetHash() == block_header->GetHash());
37+
(void)block.ToString();
38+
block.SetNull();
39+
assert(block.GetBlockHeader().GetHash() == mut_block_header.GetHash());
40+
}
41+
}

src/test/fuzz/fee_rate.cpp

+40
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
// Copyright (c) 2020 The Bitcoin Core developers
2+
// Distributed under the MIT software license, see the accompanying
3+
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4+
5+
#include <amount.h>
6+
#include <policy/feerate.h>
7+
#include <test/fuzz/FuzzedDataProvider.h>
8+
#include <test/fuzz/fuzz.h>
9+
#include <test/fuzz/util.h>
10+
11+
#include <cstdint>
12+
#include <limits>
13+
#include <string>
14+
#include <vector>
15+
16+
void test_one_input(const std::vector<uint8_t>& buffer)
17+
{
18+
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
19+
const CAmount satoshis_per_k = ConsumeMoney(fuzzed_data_provider);
20+
const CFeeRate fee_rate{satoshis_per_k};
21+
22+
(void)fee_rate.GetFeePerK();
23+
const size_t bytes = fuzzed_data_provider.ConsumeIntegral<size_t>();
24+
if (!MultiplicationOverflow(static_cast<int64_t>(bytes), satoshis_per_k) && bytes <= static_cast<uint64_t>(std::numeric_limits<int64_t>::max())) {
25+
(void)fee_rate.GetFee(bytes);
26+
}
27+
(void)fee_rate.ToString();
28+
29+
const CAmount another_satoshis_per_k = ConsumeMoney(fuzzed_data_provider);
30+
CFeeRate larger_fee_rate{another_satoshis_per_k};
31+
larger_fee_rate += fee_rate;
32+
if (satoshis_per_k != 0 && another_satoshis_per_k != 0) {
33+
assert(fee_rate < larger_fee_rate);
34+
assert(!(fee_rate > larger_fee_rate));
35+
assert(!(fee_rate == larger_fee_rate));
36+
assert(fee_rate <= larger_fee_rate);
37+
assert(!(fee_rate >= larger_fee_rate));
38+
assert(fee_rate != larger_fee_rate);
39+
}
40+
}

src/test/fuzz/integer.cpp

+4
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
#include <streams.h>
2424
#include <test/fuzz/FuzzedDataProvider.h>
2525
#include <test/fuzz/fuzz.h>
26+
#include <time.h>
2627
#include <uint256.h>
2728
#include <util/moneystr.h>
2829
#include <util/strencodings.h>
@@ -31,6 +32,7 @@
3132
#include <version.h>
3233

3334
#include <cassert>
35+
#include <chrono>
3436
#include <limits>
3537
#include <vector>
3638

@@ -124,6 +126,8 @@ void test_one_input(const std::vector<uint8_t>& buffer)
124126
assert(parsed_money == i64);
125127
}
126128
}
129+
const std::chrono::seconds seconds{i64};
130+
assert(count_seconds(seconds) == i64);
127131

128132
const arith_uint256 au256 = UintToArith256(u256);
129133
assert(ArithToUint256(au256) == u256);

src/test/fuzz/multiplication_overflow.cpp

+42
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
// Copyright (c) 2020 The Bitcoin Core developers
2+
// Distributed under the MIT software license, see the accompanying
3+
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4+
5+
#include <test/fuzz/FuzzedDataProvider.h>
6+
#include <test/fuzz/fuzz.h>
7+
#include <test/fuzz/util.h>
8+
9+
#include <cstdint>
10+
#include <string>
11+
#include <vector>
12+
13+
namespace {
14+
template <typename T>
15+
void TestMultiplicationOverflow(FuzzedDataProvider& fuzzed_data_provider)
16+
{
17+
const T i = fuzzed_data_provider.ConsumeIntegral<T>();
18+
const T j = fuzzed_data_provider.ConsumeIntegral<T>();
19+
const bool is_multiplication_overflow_custom = MultiplicationOverflow(i, j);
20+
T result_builtin;
21+
const bool is_multiplication_overflow_builtin = __builtin_mul_overflow(i, j, &result_builtin);
22+
assert(is_multiplication_overflow_custom == is_multiplication_overflow_builtin);
23+
if (!is_multiplication_overflow_custom) {
24+
assert(i * j == result_builtin);
25+
}
26+
}
27+
} // namespace
28+
29+
void test_one_input(const std::vector<uint8_t>& buffer)
30+
{
31+
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
32+
TestMultiplicationOverflow<int64_t>(fuzzed_data_provider);
33+
TestMultiplicationOverflow<uint64_t>(fuzzed_data_provider);
34+
TestMultiplicationOverflow<int32_t>(fuzzed_data_provider);
35+
TestMultiplicationOverflow<uint32_t>(fuzzed_data_provider);
36+
TestMultiplicationOverflow<int16_t>(fuzzed_data_provider);
37+
TestMultiplicationOverflow<uint16_t>(fuzzed_data_provider);
38+
TestMultiplicationOverflow<char>(fuzzed_data_provider);
39+
TestMultiplicationOverflow<unsigned char>(fuzzed_data_provider);
40+
TestMultiplicationOverflow<signed char>(fuzzed_data_provider);
41+
TestMultiplicationOverflow<bool>(fuzzed_data_provider);
42+
}

src/test/fuzz/string.cpp

+89
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
// Copyright (c) 2020 The Bitcoin Core developers
2+
// Distributed under the MIT software license, see the accompanying
3+
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4+
5+
#include <blockfilter.h>
6+
#include <clientversion.h>
7+
#include <logging.h>
8+
#include <netbase.h>
9+
#include <outputtype.h>
10+
#include <rpc/client.h>
11+
#include <rpc/request.h>
12+
#include <rpc/server.h>
13+
#include <rpc/util.h>
14+
#include <script/descriptor.h>
15+
#include <test/fuzz/FuzzedDataProvider.h>
16+
#include <test/fuzz/fuzz.h>
17+
#include <test/fuzz/util.h>
18+
#include <util/error.h>
19+
#include <util/fees.h>
20+
#include <util/message.h>
21+
#include <util/settings.h>
22+
#include <util/strencodings.h>
23+
#include <util/string.h>
24+
#include <util/system.h>
25+
#include <util/translation.h>
26+
#include <util/url.h>
27+
28+
#include <cstdint>
29+
#include <string>
30+
#include <vector>
31+
32+
void test_one_input(const std::vector<uint8_t>& buffer)
33+
{
34+
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
35+
const std::string random_string_1 = fuzzed_data_provider.ConsumeRandomLengthString(32);
36+
const std::string random_string_2 = fuzzed_data_provider.ConsumeRandomLengthString(32);
37+
const std::vector<std::string> random_string_vector = ConsumeRandomLengthStringVector(fuzzed_data_provider);
38+
39+
(void)AmountErrMsg(random_string_1, random_string_2);
40+
(void)AmountHighWarn(random_string_1);
41+
BlockFilterType block_filter_type;
42+
(void)BlockFilterTypeByName(random_string_1, block_filter_type);
43+
(void)Capitalize(random_string_1);
44+
(void)CopyrightHolders(random_string_1);
45+
FeeEstimateMode fee_estimate_mode;
46+
(void)FeeModeFromString(random_string_1, fee_estimate_mode);
47+
(void)FormatParagraph(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000));
48+
(void)FormatSubVersion(random_string_1, fuzzed_data_provider.ConsumeIntegral<int>(), random_string_vector);
49+
(void)GetDescriptorChecksum(random_string_1);
50+
(void)HelpExampleCli(random_string_1, random_string_2);
51+
(void)HelpExampleRpc(random_string_1, random_string_2);
52+
(void)HelpMessageGroup(random_string_1);
53+
(void)HelpMessageOpt(random_string_1, random_string_2);
54+
(void)IsDeprecatedRPCEnabled(random_string_1);
55+
(void)Join(random_string_vector, random_string_1);
56+
(void)JSONRPCError(fuzzed_data_provider.ConsumeIntegral<int>(), random_string_1);
57+
const util::Settings settings;
58+
(void)OnlyHasDefaultSectionSetting(settings, random_string_1, random_string_2);
59+
(void)ParseNetwork(random_string_1);
60+
try {
61+
(void)ParseNonRFCJSONValue(random_string_1);
62+
} catch (const std::runtime_error&) {
63+
}
64+
OutputType output_type;
65+
(void)ParseOutputType(random_string_1, output_type);
66+
(void)ResolveErrMsg(random_string_1, random_string_2);
67+
try {
68+
(void)RPCConvertNamedValues(random_string_1, random_string_vector);
69+
} catch (const std::runtime_error&) {
70+
}
71+
try {
72+
(void)RPCConvertValues(random_string_1, random_string_vector);
73+
} catch (const std::runtime_error&) {
74+
}
75+
(void)SanitizeString(random_string_1);
76+
(void)SanitizeString(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 3));
77+
(void)ShellEscape(random_string_1);
78+
int port_out;
79+
std::string host_out;
80+
SplitHostPort(random_string_1, port_out, host_out);
81+
(void)TimingResistantEqual(random_string_1, random_string_2);
82+
(void)ToLower(random_string_1);
83+
(void)ToUpper(random_string_1);
84+
(void)TrimString(random_string_1);
85+
(void)TrimString(random_string_1, random_string_2);
86+
(void)urlDecode(random_string_1);
87+
(void)ValidAsCString(random_string_1);
88+
(void)_(random_string_1.c_str());
89+
}

0 commit comments

Comments
 (0)