Merge #15399: fuzz: Script validation flags

fab15ff70e fuzz: Script validation flags (MarcoFalke)
fabcfa5f0c fuzz: Move deserialize tests to test/fuzz/deserialize.cpp (MarcoFalke)

Pull request description:

Tree-SHA512: 83c0cfeae0771b7ffe14e6b0eaeda06602b91f5bf4aa2f54fd4f7ef2350299679fd2d9339b02e43309bfddccc01d3aef25ce1a3d2c4f9b54f26e16e1249e05db

2 files changed, 72 insertions, 0 deletions

diff --git a/src/test/test_bitcoin_fuzzy.cpp b/src/test/fuzz/deserialize.cpp
index 859fba0bdc..859fba0bdc 100644
--- a/src/test/test_bitcoin_fuzzy.cpp
+++ b/src/test/fuzz/deserialize.cpp
diff --git a/src/test/fuzz/script_flags.cpp b/src/test/fuzz/script_flags.cpp
new file mode 100644
index 0000000000..2c0bfa360c
--- /dev/null
+++ b/src/test/fuzz/script_flags.cpp
@@ -0,0 +1,72 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <script/interpreter.h>
+#include <script/script.h>
+#include <streams.h>
+#include <version.h>
+
+#include <test/fuzz/fuzz.h>
+
+/** Flags that are not forbidden by an assert */
+static bool IsValidFlagCombination(unsigned flags);
+
+void test_one_input(std::vector<uint8_t> buffer)
+{
+    CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
+    try {
+        int nVersion;
+        ds >> nVersion;
+        ds.SetVersion(nVersion);
+    } catch (const std::ios_base::failure&) {
+        return;
+    }
+
+    try {
+        const CTransaction tx(deserialize, ds);
+        const PrecomputedTransactionData txdata(tx);
+
+        unsigned int verify_flags;
+        ds >> verify_flags;
+
+        if (!IsValidFlagCombination(verify_flags)) return;
+
+        unsigned int fuzzed_flags;
+        ds >> fuzzed_flags;
+
+        for (unsigned i = 0; i < tx.vin.size(); ++i) {
+            CTxOut prevout;
+            ds >> prevout;
+
+            const TransactionSignatureChecker checker{&tx, i, prevout.nValue, txdata};
+
+            ScriptError serror;
+            const bool ret = VerifyScript(tx.vin.at(i).scriptSig, prevout.scriptPubKey, &tx.vin.at(i).scriptWitness, verify_flags, checker, &serror);
+            assert(ret == (serror == SCRIPT_ERR_OK));
+
+            // Verify that removing flags from a passing test or adding flags to a failing test does not change the result
+            if (ret) {
+                verify_flags &= ~fuzzed_flags;
+            } else {
+                verify_flags |= fuzzed_flags;
+            }
+            if (!IsValidFlagCombination(verify_flags)) return;
+
+            ScriptError serror_fuzzed;
+            const bool ret_fuzzed = VerifyScript(tx.vin.at(i).scriptSig, prevout.scriptPubKey, &tx.vin.at(i).scriptWitness, verify_flags, checker, &serror_fuzzed);
+            assert(ret_fuzzed == (serror_fuzzed == SCRIPT_ERR_OK));
+
+            assert(ret_fuzzed == ret);
+        }
+    } catch (const std::ios_base::failure&) {
+        return;
+    }
+}
+
+static bool IsValidFlagCombination(unsigned flags)
+{
+    if (flags & SCRIPT_VERIFY_CLEANSTACK && ~flags & (SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS)) return false;
+    if (flags & SCRIPT_VERIFY_WITNESS && ~flags & SCRIPT_VERIFY_P2SH) return false;
+    return true;
+}