Merge #18176: tests: Add fuzzing harness for CScript and CScriptNum operations

e37f53648e3acc6aea75adafec4de2bdbd8cb293 Make lifetime correctness easier to see (avoid reference lifetime extension) (practicalswift) e7ddbd98937412b2e8b7a3dfacdcacfcbb1d9148 tests: Add fuzzing harness for CScriptNum operations (practicalswift) 65a52a002475056183ea8ee1a42b78aec7d68583 tests: Add fuzzing harness for CScript operations (practicalswift) eb7c50ca1f4eafed4bb9a20d3012776545a6a433 tests: Add common Consume* fuzzing functions (practicalswift) Pull request description: Add fuzzing harness for `CScript` and `CScriptNum` operations. Test this PR using: ``` $ make distclean $ ./autogen.sh $ CC=clang CXX=clang++ ./configure --enable-fuzz \ --with-sanitizers=address,fuzzer,undefined $ make $ src/test/fuzz/script_ops … $ src/test/fuzz/scriptnum_ops … ``` ACKs for top commit: MarcoFalke: ACK e37f53648e3acc6aea75adafec4de2bdbd8cb293 🦂 Tree-SHA512: 5165d918ffe3f1e3e85ab0e61d8b05934f682d324cf63ce188da5890899df2b5727aba9ed10c0437260ecff8055250e60c79d81d764bc740a7652d543a7c5fa3
author: MarcoFalke <[email protected]> 2020-03-09 23:01:25 -0400
committer: MarcoFalke <[email protected]> 2020-03-09 23:01:31 -0400
commit: 6fb4bbfb0e5f1885bd8c4fea652facfbe3de5299 (patch)
tree: 091ba720be4ade44d3f4bd14204c5cd164af7cea /src/test/fuzz/scriptnum_ops.cpp
parent: Merge #18306: test: add logging to wallet_listsinceblock.py (diff)
parent: Make lifetime correctness easier to see (avoid reference lifetime extension) (diff)
download: discoin-6fb4bbfb0e5f1885bd8c4fea652facfbe3de5299.tar.xz
discoin-6fb4bbfb0e5f1885bd8c4fea652facfbe3de5299.zip
1 files changed, 137 insertions, 0 deletions
diff --git a/src/test/fuzz/scriptnum_ops.cpp b/src/test/fuzz/scriptnum_ops.cpp
new file mode 100644
index 000000000..db44bb9e1
--- /dev/null
+++ b/src/test/fuzz/scriptnum_ops.cpp
@@ -0,0 +1,137 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <script/script.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+
+#include <cassert>
+#include <cstdint>
+#include <limits>
+#include <vector>
+
+namespace {
+bool IsValidAddition(const CScriptNum& lhs, const CScriptNum& rhs)
+{
+    return rhs == 0 || (rhs > 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} - rhs) || (rhs < 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} - rhs);
+}
+
+bool IsValidSubtraction(const CScriptNum& lhs, const CScriptNum& rhs)
+{
+    return rhs == 0 || (rhs > 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} + rhs) || (rhs < 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} + rhs);
+}
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    CScriptNum script_num = ConsumeScriptNum(fuzzed_data_provider);
+    while (fuzzed_data_provider.remaining_bytes() > 0) {
+        switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 11)) {
+        case 0: {
+            const int64_t i = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            assert((script_num == i) != (script_num != i));
+            assert((script_num <= i) != script_num > i);
+            assert((script_num >= i) != (script_num < i));
+            // Avoid signed integer overflow:
+            // script/script.h:264:93: runtime error: signed integer overflow: -2261405121394637306 + -9223372036854775802 cannot be represented in type 'long'
+            if (IsValidAddition(script_num, CScriptNum{i})) {
+                assert((script_num + i) - i == script_num);
+            }
+            // Avoid signed integer overflow:
+            // script/script.h:265:93: runtime error: signed integer overflow: 9223371895120855039 - -9223372036854710486 cannot be represented in type 'long'
+            if (IsValidSubtraction(script_num, CScriptNum{i})) {
+                assert((script_num - i) + i == script_num);
+            }
+            break;
+        }
+        case 1: {
+            const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
+            assert((script_num == random_script_num) != (script_num != random_script_num));
+            assert((script_num <= random_script_num) != (script_num > random_script_num));
+            assert((script_num >= random_script_num) != (script_num < random_script_num));
+            // Avoid signed integer overflow:
+            // script/script.h:264:93: runtime error: signed integer overflow: -9223126527765971126 + -9223372036854756825 cannot be represented in type 'long'
+            if (IsValidAddition(script_num, random_script_num)) {
+                assert((script_num + random_script_num) - random_script_num == script_num);
+            }
+            // Avoid signed integer overflow:
+            // script/script.h:265:93: runtime error: signed integer overflow: 6052837899185946624 - -9223372036854775808 cannot be represented in type 'long'
+            if (IsValidSubtraction(script_num, random_script_num)) {
+                assert((script_num - random_script_num) + random_script_num == script_num);
+            }
+            break;
+        }
+        case 2: {
+            const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
+            if (!IsValidAddition(script_num, random_script_num)) {
+                // Avoid assertion failure:
+                // ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) || (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
+                break;
+            }
+            script_num += random_script_num;
+            break;
+        }
+        case 3: {
+            const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
+            if (!IsValidSubtraction(script_num, random_script_num)) {
+                // Avoid assertion failure:
+                // ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) || (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
+                break;
+            }
+            script_num -= random_script_num;
+            break;
+        }
+        case 4:
+            script_num = script_num & fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            break;
+        case 5:
+            script_num = script_num & ConsumeScriptNum(fuzzed_data_provider);
+            break;
+        case 6:
+            script_num &= ConsumeScriptNum(fuzzed_data_provider);
+            break;
+        case 7:
+            if (script_num == CScriptNum{std::numeric_limits<int64_t>::min()}) {
+                // Avoid assertion failure:
+                // ./script/script.h:279: CScriptNum CScriptNum::operator-() const: Assertion `m_value != std::numeric_limits<int64_t>::min()' failed.
+                break;
+            }
+            script_num = -script_num;
+            break;
+        case 8:
+            script_num = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            break;
+        case 9: {
+            const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            if (!IsValidAddition(script_num, CScriptNum{random_integer})) {
+                // Avoid assertion failure:
+                // ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) || (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
+                break;
+            }
+            script_num += random_integer;
+            break;
+        }
+        case 10: {
+            const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            if (!IsValidSubtraction(script_num, CScriptNum{random_integer})) {
+                // Avoid assertion failure:
+                // ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) || (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
+                break;
+            }
+            script_num -= random_integer;
+            break;
+        }
+        case 11:
+            script_num &= fuzzed_data_provider.ConsumeIntegral<int64_t>();
+            break;
+        }
+        // Avoid negation failure:
+        // script/script.h:332:35: runtime error: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
+        if (script_num != CScriptNum{std::numeric_limits<int64_t>::min()}) {
+            (void)script_num.getvch();
+        }
+    }
+}
author	MarcoFalke <[email protected]>	2020-03-09 23:01:25 -0400
committer	MarcoFalke <[email protected]>	2020-03-09 23:01:31 -0400
commit	6fb4bbfb0e5f1885bd8c4fea652facfbe3de5299 (patch)
tree	091ba720be4ade44d3f4bd14204c5cd164af7cea /src/test/fuzz/scriptnum_ops.cpp
parent	Merge #18306: test: add logging to wallet_listsinceblock.py (diff)
parent	Make lifetime correctness easier to see (avoid reference lifetime extension) (diff)
download	discoin-6fb4bbfb0e5f1885bd8c4fea652facfbe3de5299.tar.xz discoin-6fb4bbfb0e5f1885bd8c4fea652facfbe3de5299.zip