sikkienl/dash
1
0
Fork 0
mirror of https://github.com/dashpay/dash.git synced 2024-12-25 20:12:57 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
Dash - Reinventing Cryptocurrency
21,690 Commits 24 Branches 554 Tags 573 MiB
C++ 52.7%
C 24.2%
Python 10.5%
Assembly 3.3%
JavaScript 2.6%
Other 6.5%
166be67407
Go to file
MarcoFalke 166be67407 Merge #17685: tests: Fix bug in the descriptor parsing fuzzing harness (descriptor_parse) 
6338c0203416a5f86e9422b6cd479da8af277f2f tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift)

Pull request description:

  Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`).

  Background:

  When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`.

  The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :)

  Before:

  ```
  $ mkdir descriptors/
  $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input
  $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/
  …
  pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null
  secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here
      #0 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12
      #1 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24
      #2 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42
      #3 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23
      #4 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16
      #5 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9
  …
  $
  ```

  After:

  ```
  $ mkdir descriptors/
  $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input
  $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/
  …
  Done 2 runs in 0 second(s)
  $
  ```

ACKs for top commit:
  paymog:
    ACK 6338c0203416a5f86e9422b6cd479da8af277f2f
  MarcoFalke:
    ACK 6338c0203416a5f86e9422b6cd479da8af277f2f 🕊

Tree-SHA512: bf24c404e1f64183761b057d2f210c3db85277f4415122977c315d7d6835acb5e897b5d64032615e9e44ad4a16dfe857e94481f6e4b57b6dfa8cb37adb2528a5
2022-05-30 19:09:39 +07:00
.github chore: switch to conventional commit style for PR titles (#4835) 2022-05-12 23:25:36 +03:00
.tx partial bitcoin#21694: Use XLIFF file to provide more context to Transifex translators 2022-04-26 20:36:54 +05:30
build-aux/m4 Merge bitcoin/bitcoin#22820: build, qt: Fix typo in QtInputSupport check 2022-04-28 10:59:05 -05:00
ci Merge #17176: ci: Cleanup macOS runs 2022-05-17 01:20:21 -04:00
contrib merge bitcoin#16899: UTXO snapshot creation (dumptxoutset) 2022-05-23 10:38:33 +05:30
depends Merge #17658: depends: add ability to skip building qrencode 2022-05-30 19:09:39 +07:00
doc docs/build: Kubuntu 22.04 build fix (#4843) 2022-05-28 23:27:04 -05:00
share Merge #20449: build: Fix Windows installer build 2022-04-28 13:47:53 +03:00
src Merge #17685: tests: Fix bug in the descriptor parsing fuzzing harness (descriptor_parse) 2022-05-30 19:09:39 +07:00
test Merge #17650: util: remove unwanted fields from bitcoin-cli -getinfo 2022-05-30 19:09:39 +07:00
.cirrus.yml merge bitcoin#17265: Remove OpenSSL 2022-04-25 15:29:52 +05:30
.dockerignore build: add dash minimal development environment container 2021-12-21 12:43:37 +05:30
.editorconfig Merge #21123: code style: Add EditorConfig file 2021-07-16 10:04:09 -05:00
.fuzzbuzz.yml Merge #20781: fuzz: remove no-longer-necessary packages from fuzzbuzz config 2021-09-18 21:41:40 -04:00
.gitattributes
.gitignore perf: enable more multi-threading and caching in linters (#4807) 2022-04-27 21:14:40 +03:00
.gitlab-ci.yml ci: exclude fuzzing harnesses from resulting build artifact archive 2022-03-25 01:46:55 +05:30
.python-version bump .python-version (#4717) 2022-03-23 09:26:24 +03:00
.style.yapf
.travis.yml Merge pull request #4642 from Munkybooty/backports-0.18-pr19 2022-05-29 15:05:15 -05:00
autogen.sh Merge #17074: build: Added double quotes 2021-12-22 10:15:40 -06:00
CMakeLists.txt build: enhance CMakeLists to dynamically detect kernel version to utilize (#4828) 2022-05-09 14:13:49 +03:00
configure.ac merge bitcoin#20255: Add Assume() identity function 2022-05-13 18:06:06 +05:30
CONTRIBUTING.md chore: switch to conventional commit style for PR titles (#4835) 2022-05-12 23:25:36 +03:00
COPYING
INSTALL.md
libdashconsensus.pc.in
Makefile.am Merge #12051: add missing debian contrib file to tarball 2021-12-26 22:23:01 -05:00
README.md chore: bump version in gitian-descriptors and README.md 2022-04-16 07:59:23 -06:00
SECURITY.md Merge bitcoin/bitcoin#23466: doc: Suggest keys.openpgp.org as keyserver in SECURITY.md 2022-04-03 18:46:47 -05:00

README.md

Dash Core staging tree 18.0

CI master develop
Gitlab Build Status Build Status

https://www.dash.org

What is Dash?

Dash is an experimental digital currency that enables instant, private payments to anyone, anywhere in the world. Dash uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. Dash Core is the name of the open source software which enables the use of this currency.

Pre-Built Binary

For more information, as well as an immediately usable, binary version of the Dash Core software, see https://www.dash.org/downloads/.

License

Dash Core is released under the terms of the MIT license. See COPYING for more information or see https://opensource.org/licenses/MIT.

Development Process

The master branch is meant to be stable. Development is normally done in separate branches. Tags are created to indicate new official, stable release versions of Dash Core.

The contribution workflow is described in CONTRIBUTING.md and useful hints for developers can be found in doc/developer-notes.md.

Testing

Testing and code review is the bottleneck for development; we get more pull requests than we can review and test on short notice. Please be patient and help out by testing other people's pull requests, and remember this is a security-critical project where any mistake might cost people lots of money.

Automated Testing

Developers are strongly encouraged to write unit tests for new code, and to submit new unit tests for old code. Unit tests can be compiled and run (assuming they weren't disabled in configure) with: make check. Further details on running and extending unit tests can be found in /src/test/README.md.

There are also regression and integration tests, written in Python, that are run automatically on the build server. These tests can be run (if the test dependencies are installed) with: test/functional/test_runner.py

The Travis CI system makes sure that every pull request is built for Windows, Linux, and macOS, and that unit/sanity tests are run automatically.

Manual Quality Assurance (QA) Testing

Changes should be tested by somebody other than the developer who wrote the code. This is especially important for large or high-risk changes. It is useful to add a test plan to the pull request description if testing the changes is not straightforward.

Translations

Changes to translations as well as new translations can be submitted to Dash Core's Transifex page.

Translations are periodically pulled from Transifex and merged into the git repository. See the translation process for details on how this works.

Important: We do not accept translation changes as GitHub pull requests because the next pull from Transifex would automatically overwrite them again.

Translators should also follow the forum.