tests: Add fuzzing harness for CBufferedFile::{SetPos,GetPos,GetType,GetVersion} (stream.h)

1 files changed, 16 insertions, 2 deletions

diff --git a/src/test/fuzz/buffered_file.cpp b/src/test/fuzz/buffered_file.cpp
index 29b2277f16..6bbd13eb5c 100644
--- a/src/test/fuzz/buffered_file.cpp
+++ b/src/test/fuzz/buffered_file.cpp
@@ -29,8 +29,9 @@ void test_one_input(const std::vector<uint8_t>& buffer)
         }
     }
     if (opt_buffered_file && fuzzed_file != nullptr) {
+        bool setpos_fail = false;
         while (fuzzed_data_provider.ConsumeBool()) {
-            switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 4)) {
+            switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 5)) {
             case 0: {
                 std::array<uint8_t, 4096> arr{};
                 try {
@@ -48,17 +49,30 @@ void test_one_input(const std::vector<uint8_t>& buffer)
                 break;
             }
             case 3: {
+                if (!opt_buffered_file->SetPos(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096))) {
+                    setpos_fail = true;
+                }
+                break;
+            }
+            case 4: {
+                if (setpos_fail) {
+                    // Calling FindByte(...) after a failed SetPos(...) call may result in an infinite loop.
+                    break;
+                }
                 try {
                     opt_buffered_file->FindByte(fuzzed_data_provider.ConsumeIntegral<char>());
                 } catch (const std::ios_base::failure&) {
                 }
                 break;
             }
-            case 4: {
+            case 5: {
                 ReadFromStream(fuzzed_data_provider, *opt_buffered_file);
                 break;
             }
             }
         }
+        opt_buffered_file->GetPos();
+        opt_buffered_file->GetType();
+        opt_buffered_file->GetVersion();
     }
 }