aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcoFalke <falke.marco@gmail.com>2019-12-16 10:23:10 -0500
committerMarcoFalke <falke.marco@gmail.com>2019-12-16 10:23:22 -0500
commit806a2c602cdf1df17b0b92258bb0d7dca2ee1ee9 (patch)
treee86cc56ff189611d6205cd33a86dc9c3c58f3fa1
parent6b51cce65afd9a6357277c4339d7cf56814e476e (diff)
parent893aa207e84b74e7623243967d29f03570fdfd6f (diff)
Merge #17071: tests: Add fuzzing harness for CheckBlock(...) and other CBlock related functions
893aa207e84b74e7623243967d29f03570fdfd6f tests: Add fuzzing harness for CheckBlock(...) and other CBlock related functions (practicalswift) ec8dcb0199c6d6ae47a13abbd158f59532554adb tests: Add corpora suppression (FUZZERS_MISSING_CORPORA) for fuzzers missing in https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus (practicalswift) Pull request description: Add fuzzing harness for `CheckBlock(...)` and other `CBlock` related functions. **Testing this PR** Run: ``` $ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=address,fuzzer,undefined $ make $ src/test/fuzz/block … # And to to quickly verify that the relevant code regions are triggered, that the # fuzzing throughput seems reasonable, etc. $ contrib/devtools/test_fuzzing_harnesses.sh '^block$' ``` `test_fuzzing_harnesses.sh` can be found in PR #17000. Top commit has no ACKs. Tree-SHA512: 275abd46d8ac970b28d8176f59124988b1e07c070173e001acd55995b830333417f301c309199fc589da08a6ac4c03aa74650d5e1638f6e3023dfbd3c9f6921d
-rw-r--r--src/Makefile.test.include7
-rw-r--r--src/test/fuzz/block.cpp63
-rwxr-xr-xtest/fuzz/test_runner.py1
3 files changed, 71 insertions, 0 deletions
diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 0225edf29e..a8845b4c7d 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -9,6 +9,7 @@ FUZZ_TARGETS = \
test/fuzz/addrman_deserialize \
test/fuzz/banentry_deserialize \
test/fuzz/bech32 \
+ test/fuzz/block \
test/fuzz/block_deserialize \
test/fuzz/block_file_info_deserialize \
test/fuzz/block_filter_deserialize \
@@ -229,6 +230,12 @@ test_test_bitcoin_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS)
endif
if ENABLE_FUZZ
+test_fuzz_block_SOURCES = $(FUZZ_SUITE) test/fuzz/block.cpp
+test_fuzz_block_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_block_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_block_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_block_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
test_fuzz_block_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
test_fuzz_block_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCK_DESERIALIZE=1
test_fuzz_block_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
diff --git a/src/test/fuzz/block.cpp b/src/test/fuzz/block.cpp
new file mode 100644
index 0000000000..431248de4a
--- /dev/null
+++ b/src/test/fuzz/block.cpp
@@ -0,0 +1,63 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <chainparams.h>
+#include <consensus/merkle.h>
+#include <consensus/validation.h>
+#include <core_io.h>
+#include <core_memusage.h>
+#include <pubkey.h>
+#include <primitives/block.h>
+#include <streams.h>
+#include <test/fuzz/fuzz.h>
+#include <validation.h>
+#include <version.h>
+
+#include <cassert>
+#include <string>
+
+void initialize()
+{
+ const static auto verify_handle = MakeUnique<ECCVerifyHandle>();
+ SelectParams(CBaseChainParams::REGTEST);
+}
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+ CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
+ CBlock block;
+ try {
+ int nVersion;
+ ds >> nVersion;
+ ds.SetVersion(nVersion);
+ ds >> block;
+ } catch (const std::ios_base::failure&) {
+ return;
+ }
+ const Consensus::Params& consensus_params = Params().GetConsensus();
+ BlockValidationState validation_state_pow_and_merkle;
+ const bool valid_incl_pow_and_merkle = CheckBlock(block, validation_state_pow_and_merkle, consensus_params, /* fCheckPOW= */ true, /* fCheckMerkleRoot= */ true);
+ BlockValidationState validation_state_pow;
+ const bool valid_incl_pow = CheckBlock(block, validation_state_pow, consensus_params, /* fCheckPOW= */ true, /* fCheckMerkleRoot= */ false);
+ BlockValidationState validation_state_merkle;
+ const bool valid_incl_merkle = CheckBlock(block, validation_state_merkle, consensus_params, /* fCheckPOW= */ false, /* fCheckMerkleRoot= */ true);
+ BlockValidationState validation_state_none;
+ const bool valid_incl_none = CheckBlock(block, validation_state_none, consensus_params, /* fCheckPOW= */ false, /* fCheckMerkleRoot= */ false);
+ if (valid_incl_pow_and_merkle) {
+ assert(valid_incl_pow && valid_incl_merkle && valid_incl_none);
+ } else if (valid_incl_merkle || valid_incl_pow) {
+ assert(valid_incl_none);
+ }
+ (void)block.GetHash();
+ (void)block.ToString();
+ (void)BlockMerkleRoot(block);
+ if (!block.vtx.empty()) {
+ // TODO: Avoid array index out of bounds error in BlockWitnessMerkleRoot
+ // when block.vtx.empty().
+ (void)BlockWitnessMerkleRoot(block);
+ }
+ (void)GetBlockWeight(block);
+ (void)GetWitnessCommitmentIndex(block);
+ (void)RecursiveDynamicUsage(block);
+}
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
index 2d255c0bb4..8b503d83bf 100755
--- a/test/fuzz/test_runner.py
+++ b/test/fuzz/test_runner.py
@@ -15,6 +15,7 @@ import logging
# Fuzzers known to lack a seed corpus in https://github.com/bitcoin-core/qa-assets/tree/master/fuzz_seed_corpus
FUZZERS_MISSING_CORPORA = [
"addr_info_deserialize",
+ "block",
"block_file_info_deserialize",
"block_filter_deserialize",
"block_header_and_short_txids_deserialize",