From 13c1f6b24fa5e53f100d90d36b47b7dd3bc91b9f Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Sun, 26 Apr 2020 19:29:03 +0000
Subject: tests: Add fuzzing harness for IsRBFOptIn(...)

---
 src/Makefile.test.include |  7 +++++++
 src/test/fuzz/rbf.cpp     | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 src/test/fuzz/rbf.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index af03eee200..1fe4df8059 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -104,6 +104,7 @@ FUZZ_TARGETS = \
   test/fuzz/psbt_output_deserialize \
   test/fuzz/pub_key_deserialize \
   test/fuzz/random \
+  test/fuzz/rbf \
   test/fuzz/rolling_bloom_filter \
   test/fuzz/script \
   test/fuzz/script_deserialize \
@@ -900,6 +901,12 @@ test_fuzz_random_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_random_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_random_SOURCES = test/fuzz/random.cpp
 
+test_fuzz_rbf_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_rbf_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_rbf_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_rbf_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_rbf_SOURCES = test/fuzz/rbf.cpp
+
 test_fuzz_rolling_bloom_filter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_rolling_bloom_filter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_rolling_bloom_filter_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/rbf.cpp b/src/test/fuzz/rbf.cpp
new file mode 100644
index 0000000000..eb54b05df9
--- /dev/null
+++ b/src/test/fuzz/rbf.cpp
@@ -0,0 +1,47 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <optional.h>
+#include <policy/rbf.h>
+#include <primitives/transaction.h>
+#include <sync.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <txmempool.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    Optional<CMutableTransaction> mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
+    if (!mtx) {
+        return;
+    }
+    CTxMemPool pool;
+    while (fuzzed_data_provider.ConsumeBool()) {
+        const Optional<CMutableTransaction> another_mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
+        if (!another_mtx) {
+            break;
+        }
+        const CTransaction another_tx{*another_mtx};
+        if (fuzzed_data_provider.ConsumeBool() && !mtx->vin.empty()) {
+            mtx->vin[0].prevout = COutPoint{another_tx.GetHash(), 0};
+        }
+        LOCK2(cs_main, pool.cs);
+        pool.addUnchecked(ConsumeTxMemPoolEntry(fuzzed_data_provider, another_tx));
+    }
+    const CTransaction tx{*mtx};
+    if (fuzzed_data_provider.ConsumeBool()) {
+        LOCK2(cs_main, pool.cs);
+        pool.addUnchecked(ConsumeTxMemPoolEntry(fuzzed_data_provider, tx));
+    }
+    {
+        LOCK(pool.cs);
+        (void)IsRBFOptIn(tx, pool);
+    }
+}
-- 
cgit v1.2.3