bitcoin#15043: Build fuzz targets into separate executables

This commit is contained in:
Kittywhiskers Van Gogh 2021-08-11 08:50:43 +05:30
parent db274ffee5
commit 0e7fe9e6ab
7 changed files with 551 additions and 243 deletions

View File

@ -252,7 +252,7 @@ after_success:
PACKAGES="python3-zmq qtbase5-dev qttools5-dev-tools protobuf-compiler libdbus-1-dev libharfbuzz-dev libprotobuf-dev" PACKAGES="python3-zmq qtbase5-dev qttools5-dev-tools protobuf-compiler libdbus-1-dev libharfbuzz-dev libprotobuf-dev"
DEP_OPTS="NO_QT=1 NO_UPNP=1 DEBUG=1 ALLOW_HOST_PACKAGES=1" DEP_OPTS="NO_QT=1 NO_UPNP=1 DEBUG=1 ALLOW_HOST_PACKAGES=1"
GOAL="install" GOAL="install"
BITCOIN_CONFIG="--enable-zmq --with-gui=qt5 --enable-glibc-back-compat --enable-reduce-exports --enable-debug CXXFLAGS=\"-g0 -O2\"" BITCOIN_CONFIG="--enable-zmq --with-gui=qt5 --enable-fuzz --enable-glibc-back-compat --enable-reduce-exports --enable-debug CXXFLAGS=\"-g0 -O2\""
# x86_64 Linux (xenial, no depends, only system libs) # x86_64 Linux (xenial, no depends, only system libs)
- stage: test - stage: test
env: >- env: >-

View File

@ -114,7 +114,6 @@ AM_CONDITIONAL([HAVE_DOXYGEN], [test -n "$DOXYGEN"])
AC_ARG_VAR(PYTHONPATH, Augments the default search path for python module files) AC_ARG_VAR(PYTHONPATH, Augments the default search path for python module files)
# Enable wallet
AC_ARG_ENABLE([wallet], AC_ARG_ENABLE([wallet],
[AS_HELP_STRING([--disable-wallet], [AS_HELP_STRING([--disable-wallet],
[disable wallet (enabled by default)])], [disable wallet (enabled by default)])],
@ -153,6 +152,11 @@ AC_ARG_ENABLE([extended-functional-tests],
[use_extended_functional_tests=$enableval], [use_extended_functional_tests=$enableval],
[use_extended_functional_tests=no]) [use_extended_functional_tests=no])
AC_ARG_ENABLE([fuzz],
AS_HELP_STRING([--enable-fuzz],[enable building of fuzz targets (default no)]),
[enable_fuzz=$enableval],
[enable_fuzz=no])
AC_ARG_WITH([qrencode], AC_ARG_WITH([qrencode],
[AS_HELP_STRING([--with-qrencode], [AS_HELP_STRING([--with-qrencode],
[enable QR code support (default is yes if qt is enabled and libqrencode is found)])], [enable QR code support (default is yes if qt is enabled and libqrencode is found)])],
@ -1516,6 +1520,7 @@ AM_CONDITIONAL([BUILD_DARWIN], [test x$BUILD_OS = xdarwin])
AM_CONDITIONAL([TARGET_WINDOWS], [test x$TARGET_OS = xwindows]) AM_CONDITIONAL([TARGET_WINDOWS], [test x$TARGET_OS = xwindows])
AM_CONDITIONAL([ENABLE_WALLET],[test x$enable_wallet = xyes]) AM_CONDITIONAL([ENABLE_WALLET],[test x$enable_wallet = xyes])
AM_CONDITIONAL([ENABLE_TESTS],[test x$BUILD_TEST = xyes]) AM_CONDITIONAL([ENABLE_TESTS],[test x$BUILD_TEST = xyes])
AM_CONDITIONAL([ENABLE_FUZZ],[test x$enable_fuzz = xyes])
AM_CONDITIONAL([ENABLE_QT],[test x$bitcoin_enable_qt = xyes]) AM_CONDITIONAL([ENABLE_QT],[test x$bitcoin_enable_qt = xyes])
AM_CONDITIONAL([ENABLE_QT_TESTS],[test x$BUILD_TEST_QT = xyes]) AM_CONDITIONAL([ENABLE_QT_TESTS],[test x$BUILD_TEST_QT = xyes])
AM_CONDITIONAL([ENABLE_BENCH],[test x$use_bench = xyes]) AM_CONDITIONAL([ENABLE_BENCH],[test x$use_bench = xyes])
@ -1657,6 +1662,9 @@ fi
echo " with zmq = $use_zmq" echo " with zmq = $use_zmq"
echo " with test = $use_tests" echo " with test = $use_tests"
echo " with bench = $use_bench" echo " with bench = $use_bench"
if test x$use_tests != xno; then
echo " with fuzz = $enable_fuzz"
fi
echo " with upnp = $use_upnp" echo " with upnp = $use_upnp"
echo " use asm = $use_asm" echo " use asm = $use_asm"
echo " sanitizers = $use_sanitizers" echo " sanitizers = $use_sanitizers"

View File

@ -1,9 +1,9 @@
Fuzz-testing Dash Core Fuzz-testing Dash Core
========================== ==========================
A special test harness `test_dash_fuzzy` is provided to provide an easy A special test harness in `src/test/fuzz/` is provided for each fuzz target to
entry point for fuzzers and the like. In this document we'll describe how to provide an easy entry point for fuzzers and the like. In this document we'll
use it with AFL and libFuzzer. describe how to use it with AFL and libFuzzer.
## AFL ## AFL
@ -23,10 +23,10 @@ export AFLPATH=$PWD
To build Dash Core using AFL instrumentation (this assumes that the To build Dash Core using AFL instrumentation (this assumes that the
`AFLPATH` was set as above): `AFLPATH` was set as above):
``` ```
./configure --disable-ccache --disable-shared --enable-tests CC=${AFLPATH}/afl-gcc CXX=${AFLPATH}/afl-g++ ./configure --disable-ccache --disable-shared --enable-tests --enable-fuzz CC=${AFLPATH}/afl-gcc CXX=${AFLPATH}/afl-g++
export AFL_HARDEN=1 export AFL_HARDEN=1
cd src/ cd src/
make test/test_dash_fuzzy make
``` ```
We disable ccache because we don't want to pollute the ccache with instrumented We disable ccache because we don't want to pollute the ccache with instrumented
objects, and similarly don't want to use non-instrumented cached objects linked objects, and similarly don't want to use non-instrumented cached objects linked
@ -35,7 +35,7 @@ in.
The fuzzing can be sped up significantly (~200x) by using `afl-clang-fast` and The fuzzing can be sped up significantly (~200x) by using `afl-clang-fast` and
`afl-clang-fast++` in place of `afl-gcc` and `afl-g++` when compiling. When `afl-clang-fast++` in place of `afl-gcc` and `afl-g++` when compiling. When
compiling using `afl-clang-fast`/`afl-clang-fast++` the resulting compiling using `afl-clang-fast`/`afl-clang-fast++` the resulting
`test_dash_fuzzy` binary will be instrumented in such a way that the AFL binary will be instrumented in such a way that the AFL
features "persistent mode" and "deferred forkserver" can be used. See features "persistent mode" and "deferred forkserver" can be used. See
https://github.com/mcarpenter/afl/tree/master/llvm_mode for details. https://github.com/mcarpenter/afl/tree/master/llvm_mode for details.
@ -63,7 +63,7 @@ Extract these (or other starting inputs) into the `inputs` directory before star
To start the actual fuzzing use: To start the actual fuzzing use:
``` ```
$AFLPATH/afl-fuzz -i ${AFLIN} -o ${AFLOUT} -m52 -- test/test_dash_fuzzy $AFLPATH/afl-fuzz -i ${AFLIN} -o ${AFLOUT} -m52 -- test/fuzz/fuzz_target_foo
``` ```
You may have to change a few kernel parameters to test optimally - `afl-fuzz` You may have to change a few kernel parameters to test optimally - `afl-fuzz`
@ -77,7 +77,7 @@ found in the `compiler-rt` runtime libraries package).
To build the `test/test_dash_fuzzy` executable run To build the `test/test_dash_fuzzy` executable run
``` ```
./configure --disable-ccache --with-sanitizers=fuzzer,address CC=clang CXX=clang++ ./configure --disable-ccache --enable-fuzz --with-sanitizers=fuzzer,address CC=clang CXX=clang++
make make
``` ```

View File

@ -4,7 +4,33 @@
# file COPYING or http://www.opensource.org/licenses/mit-license.php. # file COPYING or http://www.opensource.org/licenses/mit-license.php.
bin_PROGRAMS += test/test_dash bin_PROGRAMS += test/test_dash
noinst_PROGRAMS += test/test_dash_fuzzy
FUZZ_TARGETS = \
test/fuzz/address_deserialize \
test/fuzz/addrman_deserialize \
test/fuzz/banentry_deserialize \
test/fuzz/block_deserialize \
test/fuzz/blockheader_deserialize \
test/fuzz/blocklocator_deserialize \
test/fuzz/blockmerkleroot \
test/fuzz/blocktransactions_deserialize \
test/fuzz/blocktransactionsrequest_deserialize \
test/fuzz/blockundo_deserialize \
test/fuzz/bloomfilter_deserialize \
test/fuzz/coins_deserialize \
test/fuzz/diskblockindex_deserialize \
test/fuzz/inv_deserialize \
test/fuzz/messageheader_deserialize \
test/fuzz/netaddr_deserialize \
test/fuzz/service_deserialize \
test/fuzz/transaction_deserialize \
test/fuzz/txoutcompressor_deserialize \
test/fuzz/txundo_deserialize
if ENABLE_FUZZ
noinst_PROGRAMS += $(FUZZ_TARGETS:=)
endif
TEST_SRCDIR = test TEST_SRCDIR = test
TEST_BINARY=test/test_dash$(EXEEXT) TEST_BINARY=test/test_dash$(EXEEXT)
@ -31,6 +57,10 @@ BITCOIN_TEST_SUITE = \
test/test_dash.h \ test/test_dash.h \
test/test_dash.cpp test/test_dash.cpp
FUZZ_SUITE = \
test/fuzz/fuzz.cpp \
test/fuzz/fuzz.h
# test_dash binary # # test_dash binary #
BITCOIN_TESTS =\ BITCOIN_TESTS =\
test/arith_uint256_tests.cpp \ test/arith_uint256_tests.cpp \
@ -148,15 +178,13 @@ test_test_dash_LDFLAGS = $(LDFLAGS_WRAP_EXCEPTIONS) $(RELDFLAGS) $(AM_LDFLAGS) $
if ENABLE_ZMQ if ENABLE_ZMQ
test_test_dash_LDADD += $(ZMQ_LIBS) test_test_dash_LDADD += $(ZMQ_LIBS)
endif endif
#
# test_dash_fuzzy binary # if ENABLE_FUZZ
test_test_dash_fuzzy_SOURCES = test/test_dash_fuzzy.cpp test_fuzz_block_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_test_dash_fuzzy_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) test_fuzz_block_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCK_DESERIALIZE=1
test_test_dash_fuzzy_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_block_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_test_dash_fuzzy_LDFLAGS = $(LDFLAGS_WRAP_EXCEPTIONS) $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) test_fuzz_block_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_block_deserialize_LDADD = \
test_test_dash_fuzzy_LDADD = \
$(LIBUNIVALUE) \ $(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \ $(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \ $(LIBBITCOIN_COMMON) \
@ -166,10 +194,352 @@ test_test_dash_fuzzy_LDADD = \
$(LIBBITCOIN_CRYPTO_SSE41) \ $(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \ $(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \ $(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) $(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_block_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_test_dash_fuzzy_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS) $(BACKTRACE_LIB) test_fuzz_transaction_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
# test_fuzz_transaction_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DTRANSACTION_DESERIALIZE=1
test_fuzz_transaction_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_transaction_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_transaction_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_transaction_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_blocklocator_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_blocklocator_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKLOCATOR_DESERIALIZE=1
test_fuzz_blocklocator_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_blocklocator_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_blocklocator_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_blocklocator_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_blockmerkleroot_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_blockmerkleroot_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKMERKLEROOT=1
test_fuzz_blockmerkleroot_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_blockmerkleroot_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_blockmerkleroot_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_blockmerkleroot_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_addrman_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_addrman_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DADDRMAN_DESERIALIZE=1
test_fuzz_addrman_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_addrman_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_addrman_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_addrman_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_blockheader_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_blockheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKHEADER_DESERIALIZE=1
test_fuzz_blockheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_blockheader_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_blockheader_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_blockheader_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_banentry_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_banentry_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBANENTRY_DESERIALIZE=1
test_fuzz_banentry_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_banentry_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_banentry_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_banentry_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_txundo_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_txundo_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DTXUNDO_DESERIALIZE=1
test_fuzz_txundo_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_txundo_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_txundo_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_txundo_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_blockundo_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_blockundo_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKUNDO_DESERIALIZE=1
test_fuzz_blockundo_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_blockundo_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_blockundo_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_blockundo_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_coins_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_coins_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DCOINS_DESERIALIZE=1
test_fuzz_coins_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_coins_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_coins_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_coins_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_netaddr_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_netaddr_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DNETADDR_DESERIALIZE=1
test_fuzz_netaddr_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_netaddr_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_netaddr_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_netaddr_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_service_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSERVICE_DESERIALIZE=1
test_fuzz_service_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_service_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_service_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_messageheader_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_messageheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DMESSAGEHEADER_DESERIALIZE=1
test_fuzz_messageheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_messageheader_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_messageheader_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_messageheader_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_address_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_address_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DADDRESS_DESERIALIZE=1
test_fuzz_address_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_address_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_address_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_address_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_inv_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_inv_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DINV_DESERIALIZE=1
test_fuzz_inv_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_inv_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_inv_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_inv_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_bloomfilter_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_bloomfilter_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOOMFILTER_DESERIALIZE=1
test_fuzz_bloomfilter_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_bloomfilter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_bloomfilter_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_bloomfilter_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_diskblockindex_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_diskblockindex_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DDISKBLOCKINDEX_DESERIALIZE=1
test_fuzz_diskblockindex_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_diskblockindex_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_diskblockindex_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_diskblockindex_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_txoutcompressor_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_txoutcompressor_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DTXOUTCOMPRESSOR_DESERIALIZE=1
test_fuzz_txoutcompressor_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_txoutcompressor_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_txoutcompressor_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_txoutcompressor_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_blocktransactions_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_blocktransactions_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKTRANSACTIONS_DESERIALIZE=1
test_fuzz_blocktransactions_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_blocktransactions_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_blocktransactions_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_blocktransactions_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
test_fuzz_blocktransactionsrequest_deserialize_SOURCES = $(FUZZ_SUITE) test/test_dash_fuzzy.cpp
test_fuzz_blocktransactionsrequest_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKTRANSACTIONSREQUEST_DESERIALIZE=1
test_fuzz_blocktransactionsrequest_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_blocktransactionsrequest_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_blocktransactionsrequest_deserialize_LDADD = \
$(LIBUNIVALUE) \
$(LIBBITCOIN_SERVER) \
$(LIBBITCOIN_COMMON) \
$(LIBBITCOIN_UTIL) \
$(LIBBITCOIN_CONSENSUS) \
$(LIBBITCOIN_CRYPTO) \
$(LIBBITCOIN_CRYPTO_SSE41) \
$(LIBBITCOIN_CRYPTO_AVX2) \
$(LIBBITCOIN_CRYPTO_SHANI) \
$(LIBSECP256K1) \
$(BACKTRACE_LIB)
test_fuzz_blocktransactionsrequest_deserialize_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
endif # ENABLE_FUZZ
nodist_test_test_dash_SOURCES = $(GENERATED_TEST_FILES) nodist_test_test_dash_SOURCES = $(GENERATED_TEST_FILES)

77
src/test/fuzz/fuzz.cpp Normal file
View File

@ -0,0 +1,77 @@
// Copyright (c) 2009-2019 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <test/fuzz/fuzz.h>
#include <unistd.h>
#include <pubkey.h>
#include <util/memory.h>
static bool read_stdin(std::vector<uint8_t>& data)
{
uint8_t buffer[1024];
ssize_t length = 0;
while ((length = read(STDIN_FILENO, buffer, 1024)) > 0) {
data.insert(data.end(), buffer, buffer + length);
if (data.size() > (1 << 20)) return false;
}
return length == 0;
}
static void initialize()
{
const static auto verify_handle = MakeUnique<ECCVerifyHandle>();
}
// This function is used by libFuzzer
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
test_one_input(std::vector<uint8_t>(data, data + size));
return 0;
}
// This function is used by libFuzzer
extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv)
{
initialize();
return 0;
}
// Disabled under WIN32 due to clash with Cygwin's WinMain.
#ifndef WIN32
// Declare main(...) "weak" to allow for libFuzzer linking. libFuzzer provides
// the main(...) function.
__attribute__((weak))
#endif
int main(int argc, char **argv)
{
initialize();
#ifdef __AFL_INIT
// Enable AFL deferred forkserver mode. Requires compilation using
// afl-clang-fast++. See fuzzing.md for details.
__AFL_INIT();
#endif
#ifdef __AFL_LOOP
// Enable AFL persistent mode. Requires compilation using afl-clang-fast++.
// See fuzzing.md for details.
while (__AFL_LOOP(1000)) {
std::vector<uint8_t> buffer;
if (!read_stdin(buffer)) {
continue;
}
test_one_input(buffer);
}
#else
std::vector<uint8_t> buffer;
if (!read_stdin(buffer)) {
return 0;
}
test_one_input(buffer);
#endif
return 0;
}

17
src/test/fuzz/fuzz.h Normal file
View File

@ -0,0 +1,17 @@
// Copyright (c) 2009-2019 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#ifndef BITCOIN_TEST_FUZZ_FUZZ_H
#define BITCOIN_TEST_FUZZ_FUZZ_H
#include <functional>
#include <stdint.h>
#include <vector>
const std::function<std::string(const char*)> G_TRANSLATION_FUN = nullptr;
void test_one_input(std::vector<uint8_t> buffer);
#endif // BITCOIN_TEST_FUZZ_FUZZ_H

View File

@ -1,11 +1,7 @@
// Copyright (c) 2009-2015 The Bitcoin Core developers // Copyright (c) 2009-2018 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying // Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
#if defined(HAVE_CONFIG_H)
#include <config/dash-config.h>
#endif
#include <addrman.h> #include <addrman.h>
#include <blockencodings.h> #include <blockencodings.h>
#include <chain.h> #include <chain.h>
@ -28,304 +24,144 @@
#include <memory> #include <memory>
#include <vector> #include <vector>
const std::function<std::string(const char*)> G_TRANSLATION_FUN = nullptr; #include <test/fuzz/fuzz.h>
enum TEST_ID {
CBLOCK_DESERIALIZE=0,
CTRANSACTION_DESERIALIZE,
CBLOCKLOCATOR_DESERIALIZE,
CBLOCKMERKLEROOT,
CADDRMAN_DESERIALIZE,
CBLOCKHEADER_DESERIALIZE,
CBANENTRY_DESERIALIZE,
CTXUNDO_DESERIALIZE,
CBLOCKUNDO_DESERIALIZE,
CCOINS_DESERIALIZE,
CNETADDR_DESERIALIZE,
CSERVICE_DESERIALIZE,
CMESSAGEHEADER_DESERIALIZE,
CADDRESS_DESERIALIZE,
CINV_DESERIALIZE,
CBLOOMFILTER_DESERIALIZE,
CDISKBLOCKINDEX_DESERIALIZE,
CTXOUTCOMPRESSOR_DESERIALIZE,
BLOCKTRANSACTIONS_DESERIALIZE,
BLOCKTRANSACTIONSREQUEST_DESERIALIZE,
TEST_ID_END
};
static bool read_stdin(std::vector<uint8_t> &data) {
uint8_t buffer[1024];
ssize_t length=0;
while((length = read(STDIN_FILENO, buffer, 1024)) > 0) {
data.insert(data.end(), buffer, buffer+length);
if (data.size() > (1<<20)) return false;
}
return length==0;
}
static int test_one_input(std::vector<uint8_t> buffer) {
if (buffer.size() < sizeof(uint32_t)) return 0;
uint32_t test_id = 0xffffffff;
memcpy(&test_id, buffer.data(), sizeof(uint32_t));
buffer.erase(buffer.begin(), buffer.begin() + sizeof(uint32_t));
if (test_id >= TEST_ID_END) return 0;
void test_one_input(std::vector<uint8_t> buffer)
{
CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION); CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
try { try {
int nVersion; int nVersion;
ds >> nVersion; ds >> nVersion;
ds.SetVersion(nVersion); ds.SetVersion(nVersion);
} catch (const std::ios_base::failure& e) { } catch (const std::ios_base::failure& e) {
return 0; return;
} }
switch(test_id) { #if BLOCK_DESERIALIZE
case CBLOCK_DESERIALIZE:
{
try try
{ {
CBlock block; CBlock block;
ds >> block; ds >> block;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif TRANSACTION_DESERIALIZE
}
case CTRANSACTION_DESERIALIZE:
{
try try
{ {
CTransaction tx(deserialize, ds); CTransaction tx(deserialize, ds);
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif BLOCKLOCATOR_DESERIALIZE
}
case CBLOCKLOCATOR_DESERIALIZE:
{
try try
{ {
CBlockLocator bl; CBlockLocator bl;
ds >> bl; ds >> bl;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif BLOCKMERKLEROOT
}
case CBLOCKMERKLEROOT:
{
try try
{ {
CBlock block; CBlock block;
ds >> block; ds >> block;
bool mutated; bool mutated;
BlockMerkleRoot(block, &mutated); BlockMerkleRoot(block, &mutated);
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif ADDRMAN_DESERIALIZE
}
case CADDRMAN_DESERIALIZE:
{
try try
{ {
CAddrMan am; CAddrMan am;
ds >> am; ds >> am;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif BLOCKHEADER_DESERIALIZE
}
case CBLOCKHEADER_DESERIALIZE:
{
try try
{ {
CBlockHeader bh; CBlockHeader bh;
ds >> bh; ds >> bh;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif BANENTRY_DESERIALIZE
}
case CBANENTRY_DESERIALIZE:
{
try try
{ {
CBanEntry be; CBanEntry be;
ds >> be; ds >> be;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif TXUNDO_DESERIALIZE
}
case CTXUNDO_DESERIALIZE:
{
try try
{ {
CTxUndo tu; CTxUndo tu;
ds >> tu; ds >> tu;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif BLOCKUNDO_DESERIALIZE
}
case CBLOCKUNDO_DESERIALIZE:
{
try try
{ {
CBlockUndo bu; CBlockUndo bu;
ds >> bu; ds >> bu;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif COINS_DESERIALIZE
}
case CCOINS_DESERIALIZE:
{
try try
{ {
Coin block; Coin coin;
ds >> block; ds >> coin;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif NETADDR_DESERIALIZE
}
case CNETADDR_DESERIALIZE:
{
try try
{ {
CNetAddr na; CNetAddr na;
ds >> na; ds >> na;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif SERVICE_DESERIALIZE
}
case CSERVICE_DESERIALIZE:
{
try try
{ {
CService s; CService s;
ds >> s; ds >> s;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif MESSAGEHEADER_DESERIALIZE
}
case CMESSAGEHEADER_DESERIALIZE:
{
CMessageHeader::MessageStartChars pchMessageStart = {0x00, 0x00, 0x00, 0x00}; CMessageHeader::MessageStartChars pchMessageStart = {0x00, 0x00, 0x00, 0x00};
try try
{ {
CMessageHeader mh(pchMessageStart); CMessageHeader mh(pchMessageStart);
ds >> mh; ds >> mh;
if (!mh.IsValid(pchMessageStart)) {return 0;} if (!mh.IsValid(pchMessageStart)) {return;}
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif ADDRESS_DESERIALIZE
}
case CADDRESS_DESERIALIZE:
{
try try
{ {
CAddress a; CAddress a;
ds >> a; ds >> a;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif INV_DESERIALIZE
}
case CINV_DESERIALIZE:
{
try try
{ {
CInv i; CInv i;
ds >> i; ds >> i;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif BLOOMFILTER_DESERIALIZE
}
case CBLOOMFILTER_DESERIALIZE:
{
try try
{ {
CBloomFilter bf; CBloomFilter bf;
ds >> bf; ds >> bf;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif DISKBLOCKINDEX_DESERIALIZE
}
case CDISKBLOCKINDEX_DESERIALIZE:
{
try try
{ {
CDiskBlockIndex dbi; CDiskBlockIndex dbi;
ds >> dbi; ds >> dbi;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break; #elif TXOUTCOMPRESSOR_DESERIALIZE
}
case CTXOUTCOMPRESSOR_DESERIALIZE:
{
CTxOut to; CTxOut to;
auto toc = Using<TxOutCompression>(to); auto toc = Using<TxOutCompression>(to);
try try
{ {
ds >> toc; ds >> toc;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
#elif BLOCKTRANSACTIONS_DESERIALIZE
break;
}
case BLOCKTRANSACTIONS_DESERIALIZE:
{
try try
{ {
BlockTransactions bt; BlockTransactions bt;
ds >> bt; ds >> bt;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
#elif BLOCKTRANSACTIONSREQUEST_DESERIALIZE
break;
}
case BLOCKTRANSACTIONSREQUEST_DESERIALIZE:
{
try try
{ {
BlockTransactionsRequest btr; BlockTransactionsRequest btr;
ds >> btr; ds >> btr;
} catch (const std::ios_base::failure& e) {return 0;} } catch (const std::ios_base::failure& e) {return;}
break;
}
default:
return 0;
}
return 0;
}
static std::unique_ptr<ECCVerifyHandle> globalVerifyHandle;
void initialize() {
globalVerifyHandle = MakeUnique<ECCVerifyHandle>();
}
// This function is used by libFuzzer
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
test_one_input(std::vector<uint8_t>(data, data + size));
return 0;
}
// This function is used by libFuzzer
extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
initialize();
return 0;
}
// Disabled under WIN32 due to clash with Cygwin's WinMain.
#ifndef WIN32
// Declare main(...) "weak" to allow for libFuzzer linking. libFuzzer provides
// the main(...) function.
__attribute__((weak))
#endif
int main(int argc, char **argv)
{
initialize();
#ifdef __AFL_INIT
// Enable AFL deferred forkserver mode. Requires compilation using
// afl-clang-fast++. See fuzzing.md for details.
__AFL_INIT();
#endif
#ifdef __AFL_LOOP
// Enable AFL persistent mode. Requires compilation using afl-clang-fast++.
// See fuzzing.md for details.
int ret = 0;
while (__AFL_LOOP(1000)) {
std::vector<uint8_t> buffer;
if (!read_stdin(buffer)) {
continue;
}
ret = test_one_input(buffer);
}
return ret;
#else #else
std::vector<uint8_t> buffer; #error Need at least one fuzz target to compile
if (!read_stdin(buffer)) {
return 0;
}
return test_one_input(buffer);
#endif #endif
} }