Merge #17926: tests: Add key_io fuzzing harness. Fuzz additional functions in existing fuzzing harnesses.

52fed696d251dc38211eb2fa7f144b6a989dd479 tests: Fuzz additional functions in the script fuzzing harness (practicalswift)
5fc10f3cb5991684f10c589fa5ccf2d694ffa32a tests: Fuzz additional functions in the transaction fuzzing harness (practicalswift)
1d324ce92229f3557f6bb38a63873dea1677240e tests: Fuzz additional functions in the integer fuzzing harness (practicalswift)
4fe4de6364b05d2abde196b486b6e3f254d18026 tests: Fuzz additional functions in the hex fuzzing harness (practicalswift)
c7ea12d098ee292b78274671b698202c6551b075 tests: Add key_io fuzzing harness (practicalswift)

Pull request description:

  Add `key_io` fuzzing harness.

  Fuzz additional functions in the `hex` fuzzing harness.

  Fuzz additional functions in the `integer` fuzzing harness.

  Fuzz additional functions in the `script` fuzzing harness.

  Fuzz additional functions in the `transaction` fuzzing harness.

  **How to test this PR**

  ```
  $ make distclean
  $ ./autogen.sh
  $ CC=clang CXX=clang++ ./configure --enable-fuzz \
        --with-sanitizers=address,fuzzer,undefined
  $ make
  $ src/test/fuzz/key_io
  …
  ```

ACKs for top commit:
  MarcoFalke:
    ACK 52fed696d251dc38211eb2fa7f144b6a989dd479 🛫

Tree-SHA512: a57ab66c18d260c2e39d987cab9fa576f7a5520dc1ea7fd607d64d8e005e16558312ddb4c9f4d4f3147dc6194d8ae0b0fb86ed5e58ba6aef5383ea726463df97

7 files changed, 142 insertions, 2 deletions

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 66b9814759..ce9aa733dc 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -36,6 +36,7 @@ FUZZ_TARGETS = \
   test/fuzz/integer \
   test/fuzz/inv_deserialize \
   test/fuzz/key \
+  test/fuzz/key_io \
   test/fuzz/key_origin_info_deserialize \
   test/fuzz/locale \
   test/fuzz/merkle_block_deserialize \
@@ -438,6 +439,12 @@ test_fuzz_key_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_key_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_key_SOURCES = $(FUZZ_SUITE) test/fuzz/key.cpp
 
+test_fuzz_key_io_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_key_io_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_key_io_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_key_io_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_key_io_SOURCES = $(FUZZ_SUITE) test/fuzz/key_io.cpp
+
 test_fuzz_key_origin_info_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DKEY_ORIGIN_INFO_DESERIALIZE=1
 test_fuzz_key_origin_info_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_key_origin_info_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/hex.cpp b/src/test/fuzz/hex.cpp
index 54693180be..2de6100d7b 100644
--- a/src/test/fuzz/hex.cpp
+++ b/src/test/fuzz/hex.cpp
@@ -2,8 +2,12 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <core_io.h>
+#include <primitives/block.h>
+#include <rpc/util.h>
 #include <test/fuzz/fuzz.h>
-
+#include <uint256.h>
+#include <univalue.h>
 #include <util/strencodings.h>
 
 #include <cassert>
@@ -19,4 +23,14 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     if (IsHex(random_hex_string)) {
         assert(ToLower(random_hex_string) == hex_data);
     }
+    (void)IsHexNumber(random_hex_string);
+    uint256 result;
+    (void)ParseHashStr(random_hex_string, result);
+    (void)uint256S(random_hex_string);
+    try {
+        (void)HexToPubKey(random_hex_string);
+    } catch (const UniValue&) {
+    }
+    CBlockHeader block_header;
+    (void)DecodeHexBlockHeader(block_header, random_hex_string);
 }
diff --git a/src/test/fuzz/integer.cpp b/src/test/fuzz/integer.cpp
index 2d47c631cb..350d3d3331 100644
--- a/src/test/fuzz/integer.cpp
+++ b/src/test/fuzz/integer.cpp
@@ -23,6 +23,7 @@
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <uint256.h>
+#include <util/moneystr.h>
 #include <util/strencodings.h>
 #include <util/system.h>
 #include <util/time.h>
@@ -76,11 +77,19 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)DecompressAmount(u64);
     (void)FormatISO8601Date(i64);
     (void)FormatISO8601DateTime(i64);
+    // FormatMoney(i) not defined when i == std::numeric_limits<int64_t>::min()
+    if (i64 != std::numeric_limits<int64_t>::min()) {
+        int64_t parsed_money;
+        if (ParseMoney(FormatMoney(i64), parsed_money)) {
+            assert(parsed_money == i64);
+        }
+    }
     (void)GetSizeOfCompactSize(u64);
     (void)GetSpecialScriptSize(u32);
     // (void)GetVirtualTransactionSize(i64, i64); // function defined only for a subset of int64_t inputs
     // (void)GetVirtualTransactionSize(i64, i64, u32); // function defined only for a subset of int64_t/uint32_t inputs
     (void)HexDigit(ch);
+    (void)MoneyRange(i64);
     (void)i64tostr(i64);
     (void)IsDigit(ch);
     (void)IsSpace(ch);
@@ -106,6 +115,14 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)SipHashUint256(u64, u64, u256);
     (void)SipHashUint256Extra(u64, u64, u256, u32);
     (void)ToLower(ch);
+    (void)ToUpper(ch);
+    // ValueFromAmount(i) not defined when i == std::numeric_limits<int64_t>::min()
+    if (i64 != std::numeric_limits<int64_t>::min()) {
+        int64_t parsed_money;
+        if (ParseMoney(ValueFromAmount(i64).getValStr(), parsed_money)) {
+            assert(parsed_money == i64);
+        }
+    }
 
     const arith_uint256 au256 = UintToArith256(u256);
     assert(ArithToUint256(au256) == u256);
diff --git a/src/test/fuzz/key_io.cpp b/src/test/fuzz/key_io.cpp
new file mode 100644
index 0000000000..f44628b0f8
--- /dev/null
+++ b/src/test/fuzz/key_io.cpp
@@ -0,0 +1,48 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chainparams.h>
+#include <key_io.h>
+#include <rpc/util.h>
+#include <script/signingprovider.h>
+#include <script/standard.h>
+#include <test/fuzz/fuzz.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void initialize()
+{
+    SelectParams(CBaseChainParams::REGTEST);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string random_string(buffer.begin(), buffer.end());
+
+    const CKey key = DecodeSecret(random_string);
+    if (key.IsValid()) {
+        assert(key == DecodeSecret(EncodeSecret(key)));
+    }
+
+    const CExtKey ext_key = DecodeExtKey(random_string);
+    if (ext_key.key.size() == 32) {
+        assert(ext_key == DecodeExtKey(EncodeExtKey(ext_key)));
+    }
+
+    const CExtPubKey ext_pub_key = DecodeExtPubKey(random_string);
+    if (ext_pub_key.pubkey.size() == CPubKey::COMPRESSED_SIZE) {
+        assert(ext_pub_key == DecodeExtPubKey(EncodeExtPubKey(ext_pub_key)));
+    }
+
+    const CTxDestination tx_destination = DecodeDestination(random_string);
+    (void)DescribeAddress(tx_destination);
+    (void)GetKeyForDestination(/* store */ {}, tx_destination);
+    (void)GetScriptForDestination(tx_destination);
+    (void)IsValidDestination(tx_destination);
+
+    (void)IsValidDestinationString(random_string);
+}
diff --git a/src/test/fuzz/script.cpp b/src/test/fuzz/script.cpp
index 0469e87de6..ed4fe21957 100644
--- a/src/test/fuzz/script.cpp
+++ b/src/test/fuzz/script.cpp
@@ -15,12 +15,15 @@
 #include <script/standard.h>
 #include <streams.h>
 #include <test/fuzz/fuzz.h>
+#include <univalue.h>
 #include <util/memory.h>
 
 void initialize()
 {
     // Fuzzers using pubkey must hold an ECCVerifyHandle.
     static const auto verify_handle = MakeUnique<ECCVerifyHandle>();
+
+    SelectParams(CBaseChainParams::REGTEST);
 }
 
 void test_one_input(const std::vector<uint8_t>& buffer)
@@ -28,7 +31,20 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     const CScript script(buffer.begin(), buffer.end());
 
     std::vector<unsigned char> compressed;
-    (void)CompressScript(script, compressed);
+    if (CompressScript(script, compressed)) {
+        const unsigned int size = compressed[0];
+        assert(size >= 0 && size <= 5);
+        CScript decompressed_script;
+        const bool ok = DecompressScript(decompressed_script, size, compressed);
+        assert(ok);
+    }
+
+    for (unsigned int size = 0; size < 6; ++size) {
+        std::vector<unsigned char> vch(GetSpecialScriptSize(size), 0x00);
+        vch.insert(vch.end(), buffer.begin(), buffer.end());
+        CScript decompressed_script;
+        (void)DecompressScript(decompressed_script, size, vch);
+    }
 
     CTxDestination address;
     (void)ExtractDestination(script, address);
@@ -61,4 +77,17 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)script.IsPushOnly();
     (void)script.IsUnspendable();
     (void)script.GetSigOpCount(/* fAccurate= */ false);
+
+    (void)FormatScript(script);
+    (void)ScriptToAsmStr(script, false);
+    (void)ScriptToAsmStr(script, true);
+
+    UniValue o1(UniValue::VOBJ);
+    ScriptPubKeyToUniv(script, o1, true);
+    UniValue o2(UniValue::VOBJ);
+    ScriptPubKeyToUniv(script, o2, false);
+    UniValue o3(UniValue::VOBJ);
+    ScriptToUniv(script, o3, true);
+    UniValue o4(UniValue::VOBJ);
+    ScriptToUniv(script, o4, false);
 }
diff --git a/src/test/fuzz/transaction.cpp b/src/test/fuzz/transaction.cpp
index fefafda36b..1ec69cc23d 100644
--- a/src/test/fuzz/transaction.cpp
+++ b/src/test/fuzz/transaction.cpp
@@ -2,6 +2,7 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <chainparams.h>
 #include <coins.h>
 #include <consensus/tx_check.h>
 #include <consensus/tx_verify.h>
@@ -13,12 +14,18 @@
 #include <primitives/transaction.h>
 #include <streams.h>
 #include <test/fuzz/fuzz.h>
+#include <univalue.h>
 #include <util/rbf.h>
 #include <validation.h>
 #include <version.h>
 
 #include <cassert>
 
+void initialize()
+{
+    SelectParams(CBaseChainParams::REGTEST);
+}
+
 void test_one_input(const std::vector<uint8_t>& buffer)
 {
     CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
@@ -85,4 +92,21 @@ void test_one_input(const std::vector<uint8_t>& buffer)
     (void)IsStandardTx(tx, reason);
     (void)RecursiveDynamicUsage(tx);
     (void)SignalsOptInRBF(tx);
+
+    CCoinsView coins_view;
+    const CCoinsViewCache coins_view_cache(&coins_view);
+    (void)AreInputsStandard(tx, coins_view_cache);
+    (void)IsWitnessStandard(tx, coins_view_cache);
+
+    UniValue u(UniValue::VOBJ);
+    // ValueFromAmount(i) not defined when i == std::numeric_limits<int64_t>::min()
+    bool skip_tx_to_univ = false;
+    for (const CTxOut& txout : tx.vout) {
+        if (txout.nValue == std::numeric_limits<int64_t>::min()) {
+            skip_tx_to_univ = true;
+        }
+    }
+    if (!skip_tx_to_univ) {
+        TxToUniv(tx, /* hashBlock */ {}, u);
+    }
 }
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
index b25ef9c69a..25005e531a 100755
--- a/test/fuzz/test_runner.py
+++ b/test/fuzz/test_runner.py
@@ -27,6 +27,7 @@ FUZZERS_MISSING_CORPORA = [
     "flat_file_pos_deserialize",
     "float",
     "hex",
+    "key_io",
     "integer",
     "key",
     "key_origin_info_deserialize",