diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2021-05-12 14:48:20 +0200 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2021-05-12 14:48:25 +0200 |
| commit | 91db985bc9565f130d319646104e1989bdf0e8ea (patch) | |
| tree | bdc86d1fba98ae9db17dd601bb200e41480a000c | |
| parent | 176842daa857079e9fc021c1460c635ad0556196 (diff) | |
| parent | fa74bfc8601cd2b749deb38388e2a4636d8b86ea (diff) | |
| download | bitcoin-91db985bc9565f130d319646104e1989bdf0e8ea.tar.xz | |
Merge bitcoin/bitcoin#21927: fuzz: Run const CScript member functions only once
fa74bfc8601cd2b749deb38388e2a4636d8b86ea fuzz: Run const CScript member functions only once (MarcoFalke)
Pull request description:
Those functions should be O(N) in the input size (or maybe worse, I didn't check), so if the fuzz input dictates to run them N times, the complexity is N^2.
Fix this by calling them only once.
Can be reviewed with: `--ignore-all-space --word-diff-regex=.`
Input: https://github.com/bitcoin/bitcoin/files/6464685/clusterfuzz-testcase-minimized-input.log
Hopefully fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34101
ACKs for top commit:
practicalswift:
cr ACK fa74bfc8601cd2b749deb38388e2a4636d8b86ea: patch looks correct, rationale makes sense and patch touches only `src/test/fuzz/`
Tree-SHA512: d579f7a2103ec154bf482a872142e55a1d9e7673d33a22a4c4230186fdd1b6618846463f4e25941031cc8c4bd1ea8d06cb49ae1bb1ec4af115497f5e5de1e19c
| -rw-r--r-- | src/test/fuzz/script_ops.cpp | 61 |
1 files changed, 30 insertions, 31 deletions
diff --git a/src/test/fuzz/script_ops.cpp b/src/test/fuzz/script_ops.cpp index eb1c808a88..4bc709ed35 100644 --- a/src/test/fuzz/script_ops.cpp +++ b/src/test/fuzz/script_ops.cpp @@ -14,55 +14,54 @@ FUZZ_TARGET(script_ops) { FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); - CScript script = ConsumeScript(fuzzed_data_provider); + CScript script_mut = ConsumeScript(fuzzed_data_provider); while (fuzzed_data_provider.remaining_bytes() > 0) { CallOneOf( fuzzed_data_provider, [&] { CScript s = ConsumeScript(fuzzed_data_provider); - script = std::move(s); + script_mut = std::move(s); }, [&] { const CScript& s = ConsumeScript(fuzzed_data_provider); - script = s; + script_mut = s; }, [&] { - script << fuzzed_data_provider.ConsumeIntegral<int64_t>(); + script_mut << fuzzed_data_provider.ConsumeIntegral<int64_t>(); }, [&] { - script << ConsumeOpcodeType(fuzzed_data_provider); + script_mut << ConsumeOpcodeType(fuzzed_data_provider); }, [&] { - script << ConsumeScriptNum(fuzzed_data_provider); + script_mut << ConsumeScriptNum(fuzzed_data_provider); }, [&] { - script << ConsumeRandomLengthByteVector(fuzzed_data_provider); + script_mut << ConsumeRandomLengthByteVector(fuzzed_data_provider); }, [&] { - script.clear(); - }, - [&] { - (void)script.GetSigOpCount(false); - (void)script.GetSigOpCount(true); - (void)script.GetSigOpCount(script); - (void)script.HasValidOps(); - (void)script.IsPayToScriptHash(); - (void)script.IsPayToWitnessScriptHash(); - (void)script.IsPushOnly(); - (void)script.IsUnspendable(); - { - CScript::const_iterator pc = script.begin(); - opcodetype opcode; - (void)script.GetOp(pc, opcode); - std::vector<uint8_t> data; - (void)script.GetOp(pc, opcode, data); - (void)script.IsPushOnly(pc); - } - { - int version; - std::vector<uint8_t> program; - (void)script.IsWitnessProgram(version, program); - } + script_mut.clear(); }); } + const CScript& script = script_mut; + (void)script.GetSigOpCount(false); + (void)script.GetSigOpCount(true); + (void)script.GetSigOpCount(script); + (void)script.HasValidOps(); + (void)script.IsPayToScriptHash(); + (void)script.IsPayToWitnessScriptHash(); + (void)script.IsPushOnly(); + (void)script.IsUnspendable(); + { + CScript::const_iterator pc = script.begin(); + opcodetype opcode; + (void)script.GetOp(pc, opcode); + std::vector<uint8_t> data; + (void)script.GetOp(pc, opcode, data); + (void)script.IsPushOnly(pc); + } + { + int version; + std::vector<uint8_t> program; + (void)script.IsWitnessProgram(version, program); + } } |