From a9d0cbb8f743cb50ebbca1c7d9abb2ca266dedf6 Mon Sep 17 00:00:00 2001
From: Kittywhiskers Van Gogh <63189531+kittywhiskers@users.noreply.github.com>
Date: Sat, 12 Oct 2019 07:50:22 +0000
Subject: [PATCH] merge bitcoin#17113: Add fuzzing harness for descriptor
 Span-parsing helpers

---
 src/Makefile.test.include     |  7 +++++++
 src/test/fuzz/spanparsing.cpp | 30 ++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 src/test/fuzz/spanparsing.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 143e9b01a8..be75ae6ccd 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -54,6 +54,7 @@ FUZZ_TARGETS = \
   test/fuzz/script_deserialize \
   test/fuzz/script_flags \
   test/fuzz/service_deserialize \
+  test/fuzz/spanparsing \
   test/fuzz/sub_net_deserialize \
   test/fuzz/transaction \
   test/fuzz/tx_in \
@@ -367,6 +368,12 @@ test_fuzz_service_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
 test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_spanparsing_SOURCES = $(FUZZ_SUITE) test/fuzz/spanparsing.cpp
+test_fuzz_spanparsing_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_spanparsing_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_spanparsing_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
+test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_messageheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_messageheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DMESSAGEHEADER_DESERIALIZE=1
 test_fuzz_messageheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
diff --git a/src/test/fuzz/spanparsing.cpp b/src/test/fuzz/spanparsing.cpp
new file mode 100644
index 0000000000..8e5e7dad11
--- /dev/null
+++ b/src/test/fuzz/spanparsing.cpp
@@ -0,0 +1,30 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <util/spanparsing.h>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const size_t query_size = fuzzed_data_provider.ConsumeIntegral<size_t>();
+    const std::string query = fuzzed_data_provider.ConsumeBytesAsString(std::min<size_t>(query_size, 1024 * 1024));
+    const std::string span_str = fuzzed_data_provider.ConsumeRemainingBytesAsString();
+    const Span<const char> const_span = MakeSpan(span_str);
+
+    Span<const char> mut_span = const_span;
+    (void)spanparsing::Const(query, mut_span);
+
+    mut_span = const_span;
+    (void)spanparsing::Func(query, mut_span);
+
+    mut_span = const_span;
+    (void)spanparsing::Expr(mut_span);
+
+    if (!query.empty()) {
+        mut_span = const_span;
+        (void)spanparsing::Split(mut_span, query.front());
+    }
+}