diff options
author | MarcoFalke <falke.marco@gmail.com> | 2021-05-19 21:24:26 +0200 |
---|---|---|
committer | MarcoFalke <falke.marco@gmail.com> | 2021-05-19 21:24:32 +0200 |
commit | 7d19c85f4a27008cada169b7066f265a07f1ea77 (patch) | |
tree | 7d39c17dbc4810b15c24b7658b9b929b1d5a793c | |
parent | ff438a1966e952e548574552f2ed4c17a7432bb0 (diff) | |
parent | fae4ee545a652cc2934773b0e1fdb9004b0c5ba6 (diff) |
Merge bitcoin/bitcoin#21970: fuzz: Add missing CheckTransaction before CheckTxInputs
fae4ee545a652cc2934773b0e1fdb9004b0c5ba6 fuzz: Add missing CheckTransaction before CheckTxInputs (MarcoFalke)
faacb7eadb04a8af666e7bb59bcd79915fe3a80a fuzz: Sanity check result of CheckTransaction (MarcoFalke)
Pull request description:
This bug was introduced by myself in commit eeee8f5be1d4ccfb7e237248be5c6bef45b0fbb8 (https://github.com/bitcoin/bitcoin/pull/21553)
Reproducer: https://github.com/bitcoin/bitcoin/files/6492249/clusterfuzz-testcase-minimized-coins_view-6109460079706112.log
Hopefully fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34301
ACKs for top commit:
practicalswift:
cr ACK fae4ee545a652cc2934773b0e1fdb9004b0c5ba6: patch looks correct :)
Tree-SHA512: 9ece7a5c4bfa60f5e5ffeba3f0ee52a07944c9bd6102588dd7ff7405695e6b32449945b7c41bd25baf38814df5a2436521e655ceff87223ad03c69ed39053023
-rw-r--r-- | src/test/fuzz/coins_view.cpp | 6 | ||||
-rw-r--r-- | src/test/fuzz/transaction.cpp | 7 |
2 files changed, 11 insertions, 2 deletions
diff --git a/src/test/fuzz/coins_view.cpp b/src/test/fuzz/coins_view.cpp index 21dc80cc8d..878b5a27da 100644 --- a/src/test/fuzz/coins_view.cpp +++ b/src/test/fuzz/coins_view.cpp @@ -6,6 +6,7 @@ #include <chainparams.h> #include <chainparamsbase.h> #include <coins.h> +#include <consensus/tx_check.h> #include <consensus/tx_verify.h> #include <consensus/validation.h> #include <key.h> @@ -230,6 +231,11 @@ FUZZ_TARGET_INIT(coins_view, initialize_coins_view) // consensus/tx_verify.cpp:171: bool Consensus::CheckTxInputs(const CTransaction &, TxValidationState &, const CCoinsViewCache &, int, CAmount &): Assertion `!coin.IsSpent()' failed. return; } + TxValidationState dummy; + if (!CheckTransaction(transaction, dummy)) { + // It is not allowed to call CheckTxInputs if CheckTransaction failed + return; + } (void)Consensus::CheckTxInputs(transaction, state, coins_view_cache, fuzzed_data_provider.ConsumeIntegralInRange<int>(0, std::numeric_limits<int>::max()), tx_fee_out); assert(MoneyRange(tx_fee_out)); }, diff --git a/src/test/fuzz/transaction.cpp b/src/test/fuzz/transaction.cpp index 17e4405a13..797b9cea3e 100644 --- a/src/test/fuzz/transaction.cpp +++ b/src/test/fuzz/transaction.cpp @@ -61,8 +61,11 @@ FUZZ_TARGET_INIT(transaction, initialize_transaction) return; } - TxValidationState state_with_dupe_check; - (void)CheckTransaction(tx, state_with_dupe_check); + { + TxValidationState state_with_dupe_check; + const bool res{CheckTransaction(tx, state_with_dupe_check)}; + Assert(res == state_with_dupe_check.IsValid()); + } const CFeeRate dust_relay_fee{DUST_RELAY_TX_FEE}; std::string reason; |