aboutsummaryrefslogtreecommitdiff
path: root/src/test/fuzz/util.h
AgeCommit message (Collapse)Author
2021-05-09fuzz: Avoid excessively large min fee rate in tx_poolMarcoFalke
2021-04-28fuzz: Use correct variant of ConsumeRandomLengthString instead of hardcoding ↵MarcoFalke
a maximum size This is technically a breaking change. This allows the fuzz engine to pick the right size, also larger sizes, if needed.
2021-04-28fuzz: Allow to pass min/max to ConsumeTimeMarcoFalke
2021-04-15fuzz: split FuzzedSock interface and implementationVasil Dimov
Move the `FuzzedSock`'s implementation from `src/test/fuzz/util.h` to `src/test/fuzz/util.cpp`. A separate interface and implementation make the code more readable for consumers who don't need to (better not) know the implementation details.
2021-04-14Avoid use of low file descriptor ids (which may be in use) in FuzzedSock and ↵practicalswift
StaticContentsSock
2021-04-06fuzz: Fix uninitialized read in testMarcoFalke
2021-03-30Merge #21387: p2p: Refactor sock to add I2P fuzz and unit testsWladimir J. van der Laan
40316a37cb02cf8a9a8b2cbd4d7153ffa57e7ec5 test: add I2P test for a runaway SAM proxy (Vasil Dimov) 2d8ac779708322e1235e823edfc9c8f6e2dd65e4 fuzz: add tests for the I2P Session public interface (Vasil Dimov) 9947e44de0cbd79e99d883443a9ac441d8c69713 i2p: use pointers to Sock to accommodate mocking (Vasil Dimov) 82d360b5a88d9057b6c09b61cd69e426c7a2412d net: change ConnectSocketDirectly() to take a Sock argument (Vasil Dimov) b5861100f85fef77b00f55dcdf01ffb4a2a112d8 net: add connect() and getsockopt() wrappers to Sock (Vasil Dimov) 5a887d49b2b39e59d7cce8e9d5b89c21ad694f8b fuzz: avoid FuzzedSock::Recv() repeated errors with EAGAIN (Vasil Dimov) 3088f83d016e7ebb6e6aa559e6326fa0ef0d6282 fuzz: extend FuzzedSock::Recv() to support MSG_PEEK (Vasil Dimov) 9b05c49ade729311a0f4388a109530ff8d0ed1f9 fuzz: implement unimplemented FuzzedSock methods (Vasil Dimov) Pull request description: Change the networking code and the I2P code to be fully mockable and use `FuzzedSocket` to fuzz the I2P methods `Listen()`, `Accept()` and `Connect()`. Add a mocked `Sock` implementation that returns a predefined data on reads and use it for a regression unit test for the bug fixed in https://github.com/bitcoin/bitcoin/pull/21407. ACKs for top commit: practicalswift: Tested ACK 40316a37cb02cf8a9a8b2cbd4d7153ffa57e7ec5 MarcoFalke: Concept ACK 40316a37cb jonatack: re-ACK 40316a37cb02cf8a9a8b2cbd4d7153ffa57e7ec5 reviewed `git range-diff 01bb3afb 23c861d 40316a3` and the new unit test commit, debug built, ran unit tests, ran bitcoind with an I2P service and network operation with seven I2P peers (2 in, 5 out) is looking nominal laanwj: Code review ACK 40316a37cb02cf8a9a8b2cbd4d7153ffa57e7ec5 Tree-SHA512: 7fc4f129849e16e0c7e16662d9f4d35dfcc369bb31450ee369a2b97bdca95285533bee7787983e881e5a3d248f912afb42b4a2299d5860ace7129b0b19623cc8
2021-03-24fuzz: [refactor] Use PickValue where possibleMarcoFalke
2021-03-18fuzz: Add tx_pool fuzz targetsMarcoFalke
2021-03-16net: add connect() and getsockopt() wrappers to SockVasil Dimov
Extend the `Sock` class with wrappers to `connect()` and `getsockopt()`. This will make it possible to mock code which uses those.
2021-03-16fuzz: avoid FuzzedSock::Recv() repeated errors with EAGAINVasil Dimov
If `recv(2)` returns an error (`-1`) and sets `errno` to a temporary error like `EAGAIN` a proper application code is expected to retry the operation. If the fuzz data is exhausted, then `FuzzedSock::Recv()` will keep returning `-1` and setting `errno` to the first element of `recv_errnos[]` which happened to be `EAGAIN`. This may continue forever or cause the fuzz test to run for a long time before some higher level application "receive timeout" is triggered. Thus, put `ECONNREFUSED` as first element of `recv_errnos[]`.
2021-03-16fuzz: extend FuzzedSock::Recv() to support MSG_PEEKVasil Dimov
A conforming `recv(2)` call is supposed to return the same data on a call following `recv(..., MSG_PEEK)`. Extend `FuzzedSock::Recv()` to do that. For simplicity we only return 1 byte when `MSG_PEEK` is used. If we would return a buffer of N bytes, then we would have to keep track how many of them were consumed on subsequent non-`MSG_PEEK` calls.
2021-03-16fuzz: implement unimplemented FuzzedSock methodsVasil Dimov
We want `Get()` to always return the same value, otherwise it will look like the `FuzzedSock` implementation itself is broken. So assign `m_socket` a random number in the `FuzzedSock` constructor. There is nothing to fuzz about the `Get()` and `Release()` methods, so use the ones from the base class `Sock`. `Reset()` is just setting our socket to `INVALID_SOCKET`. We don't want to use the base `Reset()` because it will close `m_socket` and given that our `m_socket` is just a random number it may end up closing a real opened file descriptor if it coincides with our random `m_socket`.
2021-03-11tests: Set errno in FuzzedFileProvider. Implement seek(..., ..., SEEK_END).practicalswift
2021-03-05fuzz: fix gcc Woverloaded-virtual build warningsJon Atack
2021-03-04fuzz: Avoid -Wreturn-type warningspracticalswift
2021-03-04Merge #21003: test: Move MakeNoLogFileContext to libtest_util, and use it in ↵fanquake
bench fa576b4532814b4bca1936d170cabd01fbc51960 Move MakeNoLogFileContext to common libtest_util, and use it in bench (MarcoFalke) Pull request description: To avoid verbose code duplication, which may lead to accidental mishaps https://github.com/bitcoin/bitcoin/pull/20998/files#r563624041. Also fix a nit I found in https://github.com/bitcoin/bitcoin/pull/20946#discussion_r561949731. ACKs for top commit: dongcarl: Light Code-Review ACK fa576b4532814b4bca1936d170cabd01fbc51960 fanquake: ACK fa576b4532814b4bca1936d170cabd01fbc51960 Tree-SHA512: d39ac9c0957813ebb20ed13bd25a8ef8469377ce2651245638bd761c796feac2a17e30dd16f1e5c8db57737fb918c81d56a3d784c33258275e426a1b11e69eb2
2021-03-03Move MakeNoLogFileContext to common libtest_util, and use it in benchMarcoFalke
Can be reviewed with --color-moved=dimmed-zebra
2021-03-02fuzz: Add FUZZED_SOCKET_FAKE_LATENCY mode to FuzzedSock to allow for fuzzing ↵practicalswift
timeout logic
2021-03-02fuzz: Add fuzzing harness for Socks5(...)practicalswift
2021-02-22scripted-diff: Rename MakeFuzzingContext to MakeNoLogFileContextMarcoFalke
-BEGIN VERIFY SCRIPT- # Rename sed -i -e 's/MakeFuzzingContext/MakeNoLogFileContext/g' $(git grep -l MakeFuzzingContext) # Bump the copyright of touched files in this scripted diff to avoid touching them again later ./contrib/devtools/copyright_header.py update ./src/test/fuzz/ -END VERIFY SCRIPT-
2021-02-01Merge #20464: refactor: Treat CDataStream bytes as uint8_tWladimir J. van der Laan
fa292724598c273867bc6dbf311f1440fe2541ba Remove redundant MakeUCharSpan wrappers (MarcoFalke) faf4aa2f47c0de4f3a0c5f5fe5b3ec32f611eefd Remove CDataStream::Init in favor of C++11 member initialization (MarcoFalke) fada14b948cac147198e3b685b5dd8cb72dc2911 Treat CDataStream bytes as uint8_t (MarcoFalke) fa8bdb048e65cae2d26bea3f991717a856e2fb39 refactor: Drop CDataStream constructors in favor of one taking a Span of bytes (MarcoFalke) faa96f841fe45bc49ebb6e07ac82a129fa9c40bf Remove unused CDataStream methods (MarcoFalke) Pull request description: Using `uint8_t` for raw bytes has a style benefit: * The signedness is clear from reading the code, as it does not depend on the architecture Other clean-ups in this pull include: * Remove unused methods * Constructor is simplified with `Span` * Remove `Init()` member in favor of C++11 member initialization ACKs for top commit: laanwj: code review ACK fa292724598c273867bc6dbf311f1440fe2541ba theStack: ACK fa292724598c273867bc6dbf311f1440fe2541ba 🍾 Tree-SHA512: 931ee28bd99843d7e894b48e90e1187ffb0278677c267044b3c0c255069d9bbd9298ab2e539b1002a30b543d240450eaec718ef4ee95a7fd4be0a295e926343f
2021-01-30fuzz: Avoid designated initialization (C++20) in fuzz testspracticalswift
2021-01-28Merge #20995: fuzz: Avoid initializing version to less than ↵MarcoFalke
MIN_PEER_PROTO_VERSION fad3d7625aa1c2b6c343946e709e87e7168f9d9d fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSION (MarcoFalke) fa99e33aebed0109630474e11183b0726b410c2e fuzz: move-only FillNode implementation to cpp file (MarcoFalke) Pull request description: This fixes a fuzz bug introduced in #20881. Previously the nodes in the fuzz tests had their version initialized to a constant (`PROTOCOL_VERSION`). After #20881, the nodes have their version initialized to an arbitrary signed integer. This is problematic for several reasons: * Both `nVersion` and `m_greatest_common_version` may be initialized to `0`. If a `version` message is processed, this leads to a crash, because `m_greatest_common_version` must be `INIT_PROTO_VERSION` while the `version` message is processed. See #20138 * The "valid" range for `nVersion` is `[MIN_PEER_PROTO_VERSION, std::numeric_limits<int32_t>::max()]` (see check in net_processing) * The "valid" range for `m_greatest_common_version` is `std::min(nVersion, PROTOCOL_VERSION)` (see net_processing) Fix all issues by initializing `nVersion` and `m_greatest_common_version` to their valid ranges. ----- The crashers, if someone wants to try this at home: ``` ( echo 'dmVyc2lvbgAWFhYWFhYWFhYWFhYWFhYWFhYWFhZp/29uAPX//xYWFhYWFhYWFhYWFhYWFhYWFhYW FhYWFhYWaW9uAOr1//8WFhYWFha0ZXJzaW9uAPX//wAAAAAAABAAAAAAAAAAAAC0ZXJzaW9uAPX/ /wBPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT08AAAAAABAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAB2ZXJzaW9uAACDJIO9vXYKAAAAAAAAAAAAAAAAAAAAAAB2ZfS1qmu1qhUVFWs=' | base64 --decode > /tmp/a ) && FUZZ=process_message_version ./src/test/fuzz/fuzz /tmp/a ``` ``` ( echo 'dmVyc2lvbgD//wAhTmiqN///NDcAAACENDL/iv//8DYAAHL///////79/RtcAJqamhqa/QEAAAD/ ///+/f1oZWFkZXJzAAAAAM8BAAAAIAYibkYRGgtZyq8SaGVhZGVycwAAAAD/NDcAAACENDL/iv// 8DYAAHL///////79/RtcAJqamhqa/QEAAAD////+/f1oZWFkZXJzAAAAAM8BAAAAIAYibkYRGgtZ yq8SaGVhZGVycwAAAADPAQAAACAGIm5GERoLWS1wb3J061u/KMNPOkwFXqZ///b5IgIAAD+5ubkb XD5hZGRyAJqamhqasP0BAAAAAAAAAP0BAAAAIf39/R0dHQAAAAAAMgAA///7//+gXqZ///b5IgIA AD+5ubm5ubm5AAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAFgAAAAAAAAAAAAlBmv39/f1/f39B f39hZGRyAG5vAACaLgAdGzY2zwEAAAAgBiJuRhEaC1ktcG9ydOtbvyjDTzpMBV6mf//2+SICAAA/ ubm5G1w+YWRkcgCampoamrD9AQAAAAAAAAD9AQAAACH9/f0dHR0AAAAAADIAAP//+///oF6mf//2 +SICAAA/ubm5ubm5uQAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAABYAAAAAAAAAAAAJQZr9/f39 f39/QX9/YWRkcgBubwAAmi4AHRs2NjY2NjY2NjYCAgI2NgIA/f39/f39Nv39/TUmABxc' | base64 --decode > /tmp/b ) && FUZZ=process_message_version ./src/test/fuzz/fuzz /tmp/b ``` ACKs for top commit: practicalswift: cr ACK fad3d7625aa1c2b6c343946e709e87e7168f9d9d Tree-SHA512: ea64ee99b94d8e619e3949d2d21252c1236412c0e40f44f2b73595ca70cd2da0bdab005fb1a54f65fb291e7b07fdd33577ce4a3a078ca933246b511ebcb0e52a
2021-01-25fuzz: Avoid -fsanitize=integer warnings in fuzzing harnessespracticalswift
2021-01-23fuzz: Avoid initializing version to less than MIN_PEER_PROTO_VERSIONMarcoFalke
2021-01-23fuzz: move-only FillNode implementation to cpp fileMarcoFalke
This allows to modify the implementation without having to recompile all fuzz targets. Can be reviewed with --color-moved=dimmed-zebra
2021-01-21fuzz: Consolidate fuzzing TestingSetup initializationCarl Dong
Previously, the {Basic,}TestingSetup for fuzzers were set up in many ways: 1. Calling InitializeFuzzingContext, which implicitly constructs a static const BasicTestingSetup 2. Directly constructing a static const BasicTestingSetup in the initialize_* function 3. Directly constructing a static TestingSetup and reproducing the initialization arguments (I'm assuming because InitializeFuzzingContext only initializes a BasicTestingSetup) The new, relatively-simple MakeFuzzingContext function allows us to consolidate these methods of initialization by being flexible enough to be used in all situations. It: 1. Is templated so that we can choose to initialize any of the *TestingSetup classes 2. Has sane defaults which are often used in fuzzers but are also easily overridable 3. Returns a unique_ptr, explicitly transferring ownership to the caller to deal with according to its situation
2021-01-11fuzz: Introduce CallOneOf helper to replace switch-caseMarcoFalke
Can be reviewed with --ignore-all-space
2021-01-07fuzz: net permission flags in net processingMarcoFalke
2021-01-02fuzz: Use ConsumeWeakEnum for ServiceFlagsMarcoFalke
2021-01-02fuzz: Add ConsumeWeakEnum helper, Extract ALL_NET_PERMISSION_FLAGSMarcoFalke
2021-01-02fuzz: [refactor] Extract ALL_CONNECTION_TYPES constantMarcoFalke
2021-01-02fuzz: Use ConsumeNode in process_messages targetMarcoFalke
2021-01-02refactor: Remove nMyStartingHeight from CNode/ConnmanMarcoFalke
2021-01-02Merge #20210: net: assert CNode::m_inbound_onion is inbound in ctor, add ↵MarcoFalke
getter, unit tests 86c495223f048e5ca2cf0d8730af7db3b76f7aba net: add CNode::IsInboundOnion() public getter and unit tests (Jon Atack) 6609eb8cb50fe92c7317b5db9e72d4333b3aab1b net: assert CNode::m_inbound_onion is inbound in ctor (Jon Atack) 993d1ecd191a7d9161082d4026f020cbf00835bb test, fuzz: fix constructing CNode with invalid inbound_onion (Jon Atack) Pull request description: The goal of this PR is to be able to depend on `m_inbound_onion` in AttemptToEvictConnection in #20197: - asserts `CNode::m_inbound_onion` is inbound in the CNode ctor to have a validity check at the class boundary - fixes a unit test and a fuzz utility that were passing invalid inbound onion values to the CNode ctor - drops an unneeded check in `CNode::ConnectedThroughNetwork()` for its inbound status - adds a public getter `IsInboundOnion()` that also allows unit testing it - adds unit test coverage ACKs for top commit: sipa: utACK 86c495223f048e5ca2cf0d8730af7db3b76f7aba LarryRuane: ACK 86c495223f048e5ca2cf0d8730af7db3b76f7aba vasild: ACK 86c495223f048e5ca2cf0d8730af7db3b76f7aba MarcoFalke: review ACK 86c495223f048e5ca2cf0d8730af7db3b76f7aba 🐍 Tree-SHA512: 21109105bc4e5e03076fadd489204be00eac710c9de0127708ca2d0a10a048ff81f640f589a7429967ac3eb51d35fe24bb2b12e53e7aa3efbc47aaff6396d204
2020-12-20inline non-member functions with body in fuzzing headersPatrick Strateman
2020-12-17test, fuzz: fix constructing CNode with invalid inbound_onionJon Atack
as CNode ctor should only be passed inbound_onion = true when the connection is inbound
2020-12-01Merge #20425: fuzz: Make CAddrMan fuzzing harness deterministicMarcoFalke
17a5f172fa9ec509b1c3f950ee8dfb6f025534d2 fuzz: Make addrman fuzzing harness deterministic (practicalswift) Pull request description: Make `CAddrMan` fuzzing harness deterministic. See [`doc/fuzzing.md`](https://github.com/bitcoin/bitcoin/blob/master/doc/fuzzing.md) for information on how to fuzz Bitcoin Core. Don't forget to contribute any coverage increasing inputs you find to the [Bitcoin Core fuzzing corpus repo](https://github.com/bitcoin-core/qa-assets). Happy fuzzing :) ACKs for top commit: Crypt-iQ: utACK 17a5f172fa9ec509b1c3f950ee8dfb6f025534d2 Tree-SHA512: 725f983745233e9b616782247fa18847e483c074ca4336a5beea8a9009128c3a74b4d50a12662d8ca2177c2e1fc5fc121834df6b459ac0af43c931d77ef7c4d8
2020-11-26scripted-diff: Use [[nodiscard]] (C++17) instead of NODISCARDpracticalswift
-BEGIN VERIFY SCRIPT- sed -i "s/NODISCARD/[[nodiscard]]/g" $(git grep -l "NODISCARD" ":(exclude)src/bench/nanobench.h" ":(exclude)src/attributes.h") -END VERIFY SCRIPT-
2020-11-23refactor: Drop CDataStream constructors in favor of one taking a Span of bytesMarcoFalke
2020-11-19fuzz: Make addrman fuzzing harness deterministicpracticalswift
2020-11-12tests: Add fuzzing harness for CAddrManpracticalswift
2020-10-20tests: Add fuzzing harness for CConnmanpracticalswift
2020-08-24net: change CNetAddr::ip to have flexible sizeVasil Dimov
Before this change `CNetAddr::ip` was a fixed-size array of 16 bytes, not being able to store larger addresses (e.g. TORv3) and encoded smaller ones as 16-byte IPv6 addresses. Change its type to `prevector`, so that it can hold larger addresses and do not disguise non-IPv6 addresses as IPv6. So the IPv4 address `1.2.3.4` is now encoded as `01020304` instead of `00000000000000000000FFFF01020304`. Rename `CNetAddr::ip` to `CNetAddr::m_addr` because it is not an "IP" or "IP address" (TOR addresses are not IP addresses). In order to preserve backward compatibility with serialization (where e.g. `1.2.3.4` is serialized as `00000000000000000000FFFF01020304`) introduce `CNetAddr` dedicated legacy serialize/unserialize methods. Adjust `CSubNet` accordingly. Still use `CSubNet::netmask[]` of fixed 16 bytes, but use the first 4 for IPv4 (not the last 4). Only allow subnetting for IPv4 and IPv6. Co-authored-by: Carl Dong <contact@carldong.me>
2020-07-21test: Fix fuzzer compilation on macOSfreenancial
fixes #19557
2020-07-15tests: Add serialization/deserialization fuzzing helpers ↵practicalswift
WriteToStream(…)/ReadFromStream(…)
2020-07-15tests: Add FuzzedAutoFileProvider which provides a CAutoFile interface to ↵practicalswift
FuzzedDataProvider
2020-07-15tests: Add FuzzedFileProvider which provides a FILE* interface to ↵practicalswift
FuzzedDataProvider using fopencookie
2020-07-08tests: Add fuzzing harness for BanManpracticalswift