fuzz: add a fuzz target for Miniscript decoding from Script

darosior · darosior · commit 2da94a4c6f55 · 2022-03-17T14:09:09.000+01:00
diff --git a/src/Makefile.test.include b/src/Makefile.test.include
@@ -264,6 +264,7 @@ test_fuzz_fuzz_SOURCES = \
  test/fuzz/locale.cpp \
  test/fuzz/merkleblock.cpp \
  test/fuzz/message.cpp \
+ test/fuzz/miniscript_decode.cpp \
  test/fuzz/minisketch.cpp \
  test/fuzz/muhash.cpp \
  test/fuzz/multiplication_overflow.cpp \
diff --git a/src/test/fuzz/miniscript_decode.cpp b/src/test/fuzz/miniscript_decode.cpp
@@ -0,0 +1,72 @@
+// Copyright (c) 2022 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <core_io.h>
+#include <hash.h>
+#include <key.h>
+#include <script/miniscript.h>
+#include <script/script.h>
+#include <span.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <util/strencodings.h>
+
+#include <optional>
+
+using miniscript::operator""_mst;
+
+
+struct Converter {
+    typedef CPubKey Key;
+
+    bool ToString(const Key& key, std::string& ret) const {
+        ret = HexStr(key);
+        return true;
+    }
+    const std::vector<unsigned char> ToPKBytes(const Key& key) const {
+        return {key.begin(), key.end()};
+    }
+    const std::vector<unsigned char> ToPKHBytes(const Key& key) const {
+        const auto h = Hash160(key);
+        return {h.begin(), h.end()};
+    }
+
+    template<typename I>
+    bool FromString(I first, I last, Key& key) const {
+        const auto bytes = ParseHex(std::string(first, last));
+        key.Set(bytes.begin(), bytes.end());
+        return key.IsValid();
+    }
+    template<typename I>
+    bool FromPKBytes(I first, I last, CPubKey& key) const {
+        key.Set(first, last);
+        return key.IsValid();
+    }
+    template<typename I>
+    bool FromPKHBytes(I first, I last, CPubKey& key) const {
+        assert(last - first == 20);
+        return false;
+    }
+};
+
+const Converter CONVERTER;
+
+FUZZ_TARGET(miniscript_decode)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const std::optional<CScript> script = ConsumeDeserializable<CScript>(fuzzed_data_provider);
+    if (!script) return;
+
+    const auto ms = miniscript::FromScript(*script, CONVERTER);
+    if (!ms) return;
+
+    // We can roundtrip it to its string representation.
+    std::string ms_str;
+    assert(ms->ToString(CONVERTER, ms_str));
+    assert(*miniscript::FromString(ms_str, CONVERTER) == *ms);
+    // The Script representation must roundtrip since we parsed it this way the first time.
+    const CScript ms_script = ms->ToScript(CONVERTER);
+    assert(ms_script == *script);
+}
