diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2020-04-05 04:48:31 +0800 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2020-04-05 04:48:47 +0800 |
| commit | 16b6d3422bf904de6fbd539c7073cc21827dd5a5 (patch) | |
| tree | 478934457cefec52fe48393a639dee94d519ee3a /src | |
| parent | 490ae0e87b9abf74f5804852e4a52e368b40478a (diff) | |
| parent | fa86edf66d4d4ed04758333da45ed1b3b5892602 (diff) | |
Merge #18519: fuzz: Extend script fuzz test
fa86edf66d4d4ed04758333da45ed1b3b5892602 fuzz: Extend script fuzz test (MarcoFalke)
Pull request description:
ACKs for top commit:
practicalswift:
ACK fa86edf66d4d4ed04758333da45ed1b3b5892602
Tree-SHA512: 611adee9e673183e67f9711e49289fa59e410bb3ac1bb3fcbb7f1ed331bf0d288c7065e256a82eb41a30a4afe53544c836463cf58865d6e40b18795c8716e57c
Diffstat (limited to 'src')
| -rw-r--r-- | src/test/fuzz/script.cpp | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/src/test/fuzz/script.cpp b/src/test/fuzz/script.cpp index 2f50f1b838..80e2f234d7 100644 --- a/src/test/fuzz/script.cpp +++ b/src/test/fuzz/script.cpp @@ -9,6 +9,7 @@ #include <policy/policy.h> #include <pubkey.h> #include <script/descriptor.h> +#include <script/interpreter.h> #include <script/script.h> #include <script/sign.h> #include <script/signingprovider.h> @@ -30,7 +31,10 @@ void initialize() void test_one_input(const std::vector<uint8_t>& buffer) { - const CScript script(buffer.begin(), buffer.end()); + FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); + const Optional<CScript> script_opt = ConsumeDeserializable<CScript>(fuzzed_data_provider); + if (!script_opt) return; + const CScript script{*script_opt}; std::vector<unsigned char> compressed; if (CompressScript(script, compressed)) { @@ -89,12 +93,30 @@ void test_one_input(const std::vector<uint8_t>& buffer) ScriptToUniv(script, o4, false); { - FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); const std::vector<uint8_t> bytes = ConsumeRandomLengthByteVector(fuzzed_data_provider); - // DecompressScript(..., ..., bytes) is not guaranteed to be defined if bytes.size() <= 23. - if (bytes.size() >= 24) { + // DecompressScript(..., ..., bytes) is not guaranteed to be defined if the bytes vector is too short + if (bytes.size() >= 32) { CScript decompressed_script; DecompressScript(decompressed_script, fuzzed_data_provider.ConsumeIntegral<unsigned int>(), bytes); } } + + const Optional<CScript> other_script = ConsumeDeserializable<CScript>(fuzzed_data_provider); + if (other_script) { + { + CScript script_mut{script}; + (void)FindAndDelete(script_mut, *other_script); + } + const std::vector<std::string> random_string_vector = ConsumeRandomLengthStringVector(fuzzed_data_provider); + const uint32_t u32{fuzzed_data_provider.ConsumeIntegral<uint32_t>()}; + const uint32_t flags{u32 | SCRIPT_VERIFY_P2SH}; + { + CScriptWitness wit; + for (const auto& s : random_string_vector) { + wit.stack.emplace_back(s.begin(), s.end()); + } + (void)CountWitnessSigOps(script, *other_script, &wit, flags); + wit.SetNull(); + } + } } |