diff options
| author | Ava Chow <github@achow101.com> | 2024-01-04 18:04:10 -0500 |
|---|---|---|
| committer | Ava Chow <github@achow101.com> | 2024-01-04 18:10:22 -0500 |
| commit | d44554567f2726e572027a146516d87e4dcea2f5 (patch) | |
| tree | db561b67e105a2af776ffa42d2386a7ee6b59599 /src/wallet/test | |
| parent | 737e5884cc82dc352cef3ef26abc1cb8d3500b8b (diff) | |
| parent | a44808fb437864878c2d9696b8a96193091446ee (diff) | |
| download | bitcoin-d44554567f2726e572027a146516d87e4dcea2f5.tar.xz | |
Merge bitcoin/bitcoin#28832: fuzz: rule-out too deep derivation paths in descriptor parsing targets
a44808fb437864878c2d9696b8a96193091446ee fuzz: rule-out too deep derivation paths in descriptor parsing targets (Antoine Poinsot)
Pull request description:
This fixes the `mocked_descriptor_parse` timeout reported in #28812 and direct the targets more toward what they are intended to fuzz: the descriptor syntax.
ACKs for top commit:
sipa:
utACK a44808fb437864878c2d9696b8a96193091446ee
achow101:
ACK a44808fb437864878c2d9696b8a96193091446ee
dergoegge:
ACK a44808fb437864878c2d9696b8a96193091446ee - Not running into timeouts anymore
TheCharlatan:
ACK a44808fb437864878c2d9696b8a96193091446ee
Tree-SHA512: a5dd1dbe9adf8f088bdc435addab88b56f435e6d7d2065bd6d5c6d80a32e3f1f97d3d2323131ab233618cd6dcc477c458abe3c4c865ab569449b8bc176231e93
Diffstat (limited to 'src/wallet/test')
| -rw-r--r-- | src/wallet/test/fuzz/scriptpubkeyman.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/wallet/test/fuzz/scriptpubkeyman.cpp b/src/wallet/test/fuzz/scriptpubkeyman.cpp index b0c955f482..228e9629ed 100644 --- a/src/wallet/test/fuzz/scriptpubkeyman.cpp +++ b/src/wallet/test/fuzz/scriptpubkeyman.cpp @@ -49,9 +49,21 @@ void initialize_spkm() MOCKED_DESC_CONVERTER.Init(); } +/** + * Key derivation is expensive. Deriving deep derivation paths take a lot of compute and we'd rather spend time + * elsewhere in this target, like on actually fuzzing the DescriptorScriptPubKeyMan. So rule out strings which could + * correspond to a descriptor containing a too large derivation path. + */ +static bool TooDeepDerivPath(std::string_view desc) +{ + const FuzzBufferType desc_buf{reinterpret_cast<const unsigned char *>(desc.data()), desc.size()}; + return HasDeepDerivPath(desc_buf); +} + static std::optional<std::pair<WalletDescriptor, FlatSigningProvider>> CreateWalletDescriptor(FuzzedDataProvider& fuzzed_data_provider) { const std::string mocked_descriptor{fuzzed_data_provider.ConsumeRandomLengthString()}; + if (TooDeepDerivPath(mocked_descriptor)) return {}; const auto desc_str{MOCKED_DESC_CONVERTER.GetDescriptor(mocked_descriptor)}; if (!desc_str.has_value()) return std::nullopt; |