sikkienl/dash
1
0
Fork 0
mirror of https://github.com/dashpay/dash.git synced 2024-12-26 04:22:55 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

merge bitcoin#18455: Add fuzzing harness for functions/classes in flatfile.h, merkleblock.h, random.h, serialize.h and span.h

Browse Source
This commit is contained in:
Kittywhiskers Van Gogh 2022-06-13 23:59:08 +05:30
parent 1b424f6b3b
commit ee7e37ae01
8 changed files with 208 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/Makefile.test.include
View File

@ -37,6 +37,7 @@ FUZZ_TARGETS = \
test/fuzz/fee_rate \ test/fuzz/fee_rate \
test/fuzz/fee_rate_deserialize \ test/fuzz/fee_rate_deserialize \
test/fuzz/flat_file_pos_deserialize \ test/fuzz/flat_file_pos_deserialize \
test/fuzz/flatfile \
test/fuzz/float \ test/fuzz/float \
test/fuzz/hex \ test/fuzz/hex \
test/fuzz/integer \ test/fuzz/integer \
@ -46,6 +47,7 @@ FUZZ_TARGETS = \
test/fuzz/key_origin_info_deserialize \ test/fuzz/key_origin_info_deserialize \
test/fuzz/locale \ test/fuzz/locale \
test/fuzz/merkle_block_deserialize \ test/fuzz/merkle_block_deserialize \
test/fuzz/merkleblock \
test/fuzz/messageheader_deserialize \ test/fuzz/messageheader_deserialize \
test/fuzz/multiplication_overflow \ test/fuzz/multiplication_overflow \
test/fuzz/net_permissions \ test/fuzz/net_permissions \
@ -67,6 +69,7 @@ FUZZ_TARGETS = \
test/fuzz/psbt_input_deserialize \ test/fuzz/psbt_input_deserialize \
test/fuzz/psbt_output_deserialize \ test/fuzz/psbt_output_deserialize \
test/fuzz/pub_key_deserialize \ test/fuzz/pub_key_deserialize \
test/fuzz/random \
test/fuzz/rolling_bloom_filter \ test/fuzz/rolling_bloom_filter \
test/fuzz/script \ test/fuzz/script \
test/fuzz/script_deserialize \ test/fuzz/script_deserialize \
@ -74,6 +77,7 @@ FUZZ_TARGETS = \
test/fuzz/script_ops \ test/fuzz/script_ops \
test/fuzz/scriptnum_ops \ test/fuzz/scriptnum_ops \
test/fuzz/service_deserialize \ test/fuzz/service_deserialize \
test/fuzz/span \
test/fuzz/spanparsing \ test/fuzz/spanparsing \
test/fuzz/string \ test/fuzz/string \
test/fuzz/strprintf \ test/fuzz/strprintf \
@ -477,6 +481,12 @@ test_fuzz_flat_file_pos_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_flat_file_pos_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS) test_fuzz_flat_file_pos_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_flat_file_pos_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp test_fuzz_flat_file_pos_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
test_fuzz_flatfile_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_flatfile_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_flatfile_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_flatfile_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_flatfile_SOURCES = $(FUZZ_SUITE) test/fuzz/flatfile.cpp
test_fuzz_float_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) test_fuzz_float_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_float_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_float_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_float_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_float_LDADD = $(FUZZ_SUITE_LD_COMMON)
@ -531,6 +541,12 @@ test_fuzz_merkle_block_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_merkle_block_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS) test_fuzz_merkle_block_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_merkle_block_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp test_fuzz_merkle_block_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
test_fuzz_merkleblock_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_merkleblock_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_merkleblock_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_merkleblock_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_merkleblock_SOURCES = $(FUZZ_SUITE) test/fuzz/merkleblock.cpp
test_fuzz_messageheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DMESSAGEHEADER_DESERIALIZE=1 test_fuzz_messageheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DMESSAGEHEADER_DESERIALIZE=1
test_fuzz_messageheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_messageheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_messageheader_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_messageheader_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
@ -657,6 +673,12 @@ test_fuzz_pub_key_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_pub_key_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS) test_fuzz_pub_key_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_pub_key_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp test_fuzz_pub_key_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
test_fuzz_random_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_random_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_random_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_random_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_random_SOURCES = $(FUZZ_SUITE) test/fuzz/random.cpp
test_fuzz_rolling_bloom_filter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) test_fuzz_rolling_bloom_filter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_rolling_bloom_filter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_rolling_bloom_filter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_rolling_bloom_filter_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_rolling_bloom_filter_LDADD = $(FUZZ_SUITE_LD_COMMON)
@ -699,6 +721,12 @@ test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS) test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
test_fuzz_span_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_span_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_span_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_span_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_span_SOURCES = $(FUZZ_SUITE) test/fuzz/span.cpp
test_fuzz_spanparsing_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) test_fuzz_spanparsing_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_spanparsing_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_spanparsing_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON)

14
src/random.h
View File

@ -106,7 +106,8 @@ void RandAddEvent(const uint32_t event_info) noexcept;
* *
* This class is not thread-safe. * This class is not thread-safe.
*/ */
class FastRandomContext { class FastRandomContext
{
private: private:
bool requires_seed; bool requires_seed;
ChaCha20 rng; ChaCha20 rng;
@ -158,7 +159,8 @@ public:
} }
/** Generate a random (bits)-bit integer. */ /** Generate a random (bits)-bit integer. */
uint64_t randbits(int bits) noexcept { uint64_t randbits(int bits) noexcept
{
if (bits == 0) { if (bits == 0) {
return 0; return 0;
} else if (bits > 32) { } else if (bits > 32) {
@ -172,7 +174,9 @@ public:
} }
} }
/** Generate a random integer in the range [0..range). */ /** Generate a random integer in the range [0..range).
* Precondition: range > 0.
*/
uint64_t randrange(uint64_t range) noexcept uint64_t randrange(uint64_t range) noexcept
{ {
assert(range); assert(range);
@ -221,7 +225,7 @@ public:
* debug mode detects and panics on. This is a known issue, see * debug mode detects and panics on. This is a known issue, see
* https://stackoverflow.com/questions/22915325/avoiding-self-assignment-in-stdshuffle * https://stackoverflow.com/questions/22915325/avoiding-self-assignment-in-stdshuffle
*/ */
template<typename I, typename R> template <typename I, typename R>
void Shuffle(I first, I last, R&& rng) void Shuffle(I first, I last, R&& rng)
{ {
while (first != last) { while (first != last) {
@ -244,7 +248,7 @@ static const int NUM_OS_RANDOM_BYTES = 32;
/** Get 32 bytes of system entropy. Do not use this in application code: use /** Get 32 bytes of system entropy. Do not use this in application code: use
* GetStrongRandBytes instead. * GetStrongRandBytes instead.
*/ */
void GetOSRand(unsigned char *ent32); void GetOSRand(unsigned char* ent32);
/** Check that OS randomness is available and returning the requested number /** Check that OS randomness is available and returning the requested number
* of bytes. * of bytes.

30
src/test/fuzz/flatfile.cpp Normal file
View File

@ -0,0 +1,30 @@
// Copyright (c) 2020 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <flatfile.h>
#include <optional.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>
#include <cassert>
#include <cstdint>
#include <string>
#include <vector>
void test_one_input(const std::vector<uint8_t>& buffer)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
Optional<FlatFilePos> flat_file_pos = ConsumeDeserializable<FlatFilePos>(fuzzed_data_provider);
if (!flat_file_pos) {
return;
}
Optional<FlatFilePos> another_flat_file_pos = ConsumeDeserializable<FlatFilePos>(fuzzed_data_provider);
if (another_flat_file_pos) {
assert((*flat_file_pos == *another_flat_file_pos) != (*flat_file_pos != *another_flat_file_pos));
}
(void)flat_file_pos->ToString();
flat_file_pos->SetNull();
assert(flat_file_pos->IsNull());
}

27
src/test/fuzz/merkleblock.cpp Normal file
View File

@ -0,0 +1,27 @@
// Copyright (c) 2020 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <merkleblock.h>
#include <optional.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>
#include <uint256.h>
#include <cstdint>
#include <string>
#include <vector>
void test_one_input(const std::vector<uint8_t>& buffer)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
Optional<CPartialMerkleTree> partial_merkle_tree = ConsumeDeserializable<CPartialMerkleTree>(fuzzed_data_provider);
if (!partial_merkle_tree) {
return;
}
(void)partial_merkle_tree->GetNumTransactions();
std::vector<uint256> matches;
std::vector<unsigned int> indices;
(void)partial_merkle_tree->ExtractMatches(matches, indices);
}

31
src/test/fuzz/random.cpp Normal file
View File

@ -0,0 +1,31 @@
// Copyright (c) 2020 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <random.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>
#include <algorithm>
#include <cstdint>
#include <string>
#include <vector>
void test_one_input(const std::vector<uint8_t>& buffer)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
FastRandomContext fast_random_context{ConsumeUInt256(fuzzed_data_provider)};
(void)fast_random_context.rand64();
(void)fast_random_context.randbits(fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 64));
(void)fast_random_context.randrange(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(FastRandomContext::min() + 1, FastRandomContext::max()));
(void)fast_random_context.randbytes(fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1024));
(void)fast_random_context.rand32();
(void)fast_random_context.rand256();
(void)fast_random_context.randbool();
(void)fast_random_context();
std::vector<int64_t> integrals = ConsumeRandomLengthIntegralVector<int64_t>(fuzzed_data_provider);
Shuffle(integrals.begin(), integrals.end(), fast_random_context);
std::shuffle(integrals.begin(), integrals.end(), fast_random_context);
}

39
src/test/fuzz/span.cpp Normal file
View File

@ -0,0 +1,39 @@
// Copyright (c) 2020 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <span.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>
#include <cassert>
#include <cstddef>
#include <cstdint>
#include <string>
#include <vector>
void test_one_input(const std::vector<uint8_t>& buffer)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
std::string str = fuzzed_data_provider.ConsumeBytesAsString(32);
const Span<const char> span = MakeSpan(str);
(void)span.data();
(void)span.begin();
(void)span.end();
if (span.size() > 0) {
const std::ptrdiff_t idx = fuzzed_data_provider.ConsumeIntegralInRange<std::ptrdiff_t>(0U, span.size() - 1U);
(void)span.first(idx);
(void)span.last(idx);
(void)span.subspan(idx);
(void)span.subspan(idx, span.size() - idx);
(void)span[idx];
}
std::string another_str = fuzzed_data_provider.ConsumeBytesAsString(32);
const Span<const char> another_span = MakeSpan(another_str);
assert((span <= another_span) != (span > another_span));
assert((span == another_span) != (span != another_span));
assert((span >= another_span) != (span < another_span));
}

29
src/test/fuzz/string.cpp
View File

@ -11,6 +11,8 @@
#include <rpc/server.h> #include <rpc/server.h>
#include <rpc/util.h> #include <rpc/util.h>
#include <script/descriptor.h> #include <script/descriptor.h>
#include <serialize.h>
#include <streams.h>
#include <test/fuzz/FuzzedDataProvider.h> #include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h> #include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h> #include <test/fuzz/util.h>
@ -22,6 +24,7 @@
#include <util/system.h> #include <util/system.h>
#include <util/translation.h> #include <util/translation.h>
#include <util/url.h> #include <util/url.h>
#include <version.h>
#include <cstdint> #include <cstdint>
#include <string> #include <string>
@ -81,4 +84,30 @@ void test_one_input(const std::vector<uint8_t>& buffer)
(void)urlDecode(random_string_1); (void)urlDecode(random_string_1);
(void)ValidAsCString(random_string_1); (void)ValidAsCString(random_string_1);
(void)_(random_string_1.c_str()); (void)_(random_string_1.c_str());
{
CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
std::string s;
auto limited_string = LIMITED_STRING(s, 10);
data_stream << random_string_1;
try {
data_stream >> limited_string;
assert(data_stream.empty());
assert(s.size() <= random_string_1.size());
assert(s.size() <= 10);
if (!random_string_1.empty()) {
assert(!s.empty());
}
} catch (const std::ios_base::failure&) {
}
}
{
CDataStream data_stream{SER_NETWORK, INIT_PROTO_VERSION};
const auto limited_string = LIMITED_STRING(random_string_1, 10);
data_stream << limited_string;
std::string deserialized_string;
data_stream >> deserialized_string;
assert(data_stream.empty());
assert(deserialized_string == random_string_1);
}
} }

19
src/test/fuzz/util.h
View File

@ -21,13 +21,13 @@
#include <string> #include <string>
#include <vector> #include <vector>
[[ nodiscard ]] inline std::vector<uint8_t> ConsumeRandomLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept [[ nodiscard ]] inline std::vector<uint8_t> ConsumeRandomLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_length = 4096) noexcept
{ {
const std::string s = fuzzed_data_provider.ConsumeRandomLengthString(max_length); const std::string s = fuzzed_data_provider.ConsumeRandomLengthString(max_length);
return {s.begin(), s.end()}; return {s.begin(), s.end()};
} }
[[ nodiscard ]] inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, size_t max_vector_size = 16, size_t max_string_length = 16) noexcept [[ nodiscard ]] inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16, const size_t max_string_length = 16) noexcept
{ {
const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size); const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
std::vector<std::string> r; std::vector<std::string> r;
@ -38,7 +38,18 @@
} }
template <typename T> template <typename T>
[[ nodiscard ]] inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept [[ nodiscard ]] inline std::vector<T> ConsumeRandomLengthIntegralVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16) noexcept
{
const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
std::vector<T> r;
for (size_t i = 0; i < n_elements; ++i) {
r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
}
return r;
}
template <typename T>
[[ nodiscard ]] inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, const size_t max_length = 4096) noexcept
{ {
const std::vector<uint8_t> buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length); const std::vector<uint8_t> buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION}; CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
@ -88,7 +99,7 @@ template <typename T>
} }
template <typename T> template <typename T>
bool MultiplicationOverflow(T i, T j) [[ nodiscard ]] bool MultiplicationOverflow(const T i, const T j) noexcept
{ {
static_assert(std::is_integral<T>::value, "Integral required."); static_assert(std::is_integral<T>::value, "Integral required.");
if (std::numeric_limits<T>::is_signed) { if (std::numeric_limits<T>::is_signed) {