diff options
| author | Murch <murch@murch.one> | 2023-06-02 14:20:33 -0400 |
|---|---|---|
| committer | Murch <murch@murch.one> | 2023-06-12 14:19:53 -0400 |
| commit | 76c5ea703e77d580b6962e60398f4988cbd9b58b (patch) | |
| tree | 5d92f2be40e6ea7b1c83c3f5815af29a946c8d6a /src | |
| parent | b22408df162a224d94ac54e8443b57ef3fd2ca72 (diff) | |
| download | bitcoin-76c5ea703e77d580b6962e60398f4988cbd9b58b.tar.xz | |
fuzz: Fix mini_miner_selection running out of coin
Fixes a bug in the mini_miner_selection fuzz test found by fuzzing:
It was possible for the mini_miner_selection fuzz test to generated
transactions that created fewer new spendable outputs than the two
inputs they each spend. If the fuzz seed did so consistently, eventually
it would cause a `pop_front()` on an empty available_coins.
Fixed by:
- asserting that available_coins is not empty before generating tx
- allowing to build tx with a single coin if only one is available
Diffstat (limited to 'src')
| -rw-r--r-- | src/test/fuzz/mini_miner.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/test/fuzz/mini_miner.cpp b/src/test/fuzz/mini_miner.cpp index f49d940393..2b371f6d5f 100644 --- a/src/test/fuzz/mini_miner.cpp +++ b/src/test/fuzz/mini_miner.cpp @@ -118,10 +118,11 @@ FUZZ_TARGET_INIT(mini_miner_selection, initialize_miner) LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) { CMutableTransaction mtx = CMutableTransaction(); - const size_t num_inputs = 2; + assert(!available_coins.empty()); + const size_t num_inputs = std::min(size_t{2}, available_coins.size()); const size_t num_outputs = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(2, 5); for (size_t n{0}; n < num_inputs; ++n) { - auto prevout = available_coins.front(); + auto prevout = available_coins.at(0); mtx.vin.push_back(CTxIn(prevout, CScript())); available_coins.pop_front(); } |