diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2019-10-25 11:05:49 -0400 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2019-10-25 11:05:56 -0400 |
| commit | 693e40090ae7af52585ce1a6136a4bd56318fac7 (patch) | |
| tree | a1560babf54c643bc5a4fb0e39811a25900ef917 | |
| parent | 48cb468ce3f52195dfc64c6df88b8af36b77dbb0 (diff) | |
| parent | dc2fdb99072b87d34620084b82a494a5e698c279 (diff) | |
Merge #17083: tests: Add fuzzing harness for various CScript related functions
dc2fdb99072b87d34620084b82a494a5e698c279 tests: Add fuzzing harness for various CScript related functions (practicalswift)
Pull request description:
Add fuzzing harness for various `CScript` related functions.
**Testing this PR**
Run:
```
$ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/script
…
# And to to quickly verify that the relevant code regions are triggered, that the
# fuzzing throughput seems reasonable, etc.
$ contrib/devtools/test_fuzzing_harnesses.sh '^script$'
```
`test_fuzzing_harnesses.sh` can be found in PR #17000.
Top commit has no ACKs.
Tree-SHA512: a0c5dca3b64ae177020b2ca299a29015d70755231b6bf01edbfc67c8aac90c44b1b4d57350c3aebef6e031108e6ae8e5fa0987c67707831c314f5d3090e0cee8
| -rw-r--r-- | src/Makefile.test.include | 7 | ||||
| -rw-r--r-- | src/test/fuzz/script.cpp | 64 |
2 files changed, 71 insertions, 0 deletions
diff --git a/src/Makefile.test.include b/src/Makefile.test.include index 4d78ea95ed..019e832cc6 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -22,6 +22,7 @@ FUZZ_TARGETS = \ test/fuzz/inv_deserialize \ test/fuzz/messageheader_deserialize \ test/fuzz/netaddr_deserialize \ + test/fuzz/script \ test/fuzz/script_flags \ test/fuzz/service_deserialize \ test/fuzz/spanparsing \ @@ -268,6 +269,12 @@ test_fuzz_netaddr_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_netaddr_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) test_fuzz_netaddr_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) +test_fuzz_script_SOURCES = $(FUZZ_SUITE) test/fuzz/script.cpp +test_fuzz_script_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) +test_fuzz_script_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) +test_fuzz_script_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) +test_fuzz_script_LDADD = $(FUZZ_SUITE_LD_COMMON) + test_fuzz_script_flags_SOURCES = $(FUZZ_SUITE) test/fuzz/script_flags.cpp test_fuzz_script_flags_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) test_fuzz_script_flags_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) diff --git a/src/test/fuzz/script.cpp b/src/test/fuzz/script.cpp new file mode 100644 index 0000000000..0469e87de6 --- /dev/null +++ b/src/test/fuzz/script.cpp @@ -0,0 +1,64 @@ +// Copyright (c) 2019 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include <chainparams.h> +#include <compressor.h> +#include <core_io.h> +#include <core_memusage.h> +#include <policy/policy.h> +#include <pubkey.h> +#include <script/descriptor.h> +#include <script/script.h> +#include <script/sign.h> +#include <script/signingprovider.h> +#include <script/standard.h> +#include <streams.h> +#include <test/fuzz/fuzz.h> +#include <util/memory.h> + +void initialize() +{ + // Fuzzers using pubkey must hold an ECCVerifyHandle. + static const auto verify_handle = MakeUnique<ECCVerifyHandle>(); +} + +void test_one_input(const std::vector<uint8_t>& buffer) +{ + const CScript script(buffer.begin(), buffer.end()); + + std::vector<unsigned char> compressed; + (void)CompressScript(script, compressed); + + CTxDestination address; + (void)ExtractDestination(script, address); + + txnouttype type_ret; + std::vector<CTxDestination> addresses; + int required_ret; + (void)ExtractDestinations(script, type_ret, addresses, required_ret); + + (void)GetScriptForWitness(script); + + const FlatSigningProvider signing_provider; + (void)InferDescriptor(script, signing_provider); + + (void)IsSegWitOutput(signing_provider, script); + + (void)IsSolvable(signing_provider, script); + + txnouttype which_type; + (void)IsStandard(script, which_type); + + (void)RecursiveDynamicUsage(script); + + std::vector<std::vector<unsigned char>> solutions; + (void)Solver(script, solutions); + + (void)script.HasValidOps(); + (void)script.IsPayToScriptHash(); + (void)script.IsPayToWitnessScriptHash(); + (void)script.IsPushOnly(); + (void)script.IsUnspendable(); + (void)script.GetSigOpCount(/* fAccurate= */ false); +} |