Skip to content

Commit 13c1f6b

Browse files
practicalswiftpracticalswift
committed
tests: Add fuzzing harness for IsRBFOptIn(...)
1 parent 3439c88 commit 13c1f6b

File tree

2 files changed

+54
-0
lines changed

2 files changed

+54
-0
lines changed

src/Makefile.test.include

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,7 @@ FUZZ_TARGETS = \
104104
test/fuzz/psbt_output_deserialize \
105105
test/fuzz/pub_key_deserialize \
106106
test/fuzz/random \
107+
test/fuzz/rbf \
107108
test/fuzz/rolling_bloom_filter \
108109
test/fuzz/script \
109110
test/fuzz/script_deserialize \
@@ -900,6 +901,12 @@ test_fuzz_random_LDADD = $(FUZZ_SUITE_LD_COMMON)
900901
test_fuzz_random_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
901902
test_fuzz_random_SOURCES = test/fuzz/random.cpp
902903

904+
test_fuzz_rbf_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
905+
test_fuzz_rbf_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
906+
test_fuzz_rbf_LDADD = $(FUZZ_SUITE_LD_COMMON)
907+
test_fuzz_rbf_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
908+
test_fuzz_rbf_SOURCES = test/fuzz/rbf.cpp
909+
903910
test_fuzz_rolling_bloom_filter_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
904911
test_fuzz_rolling_bloom_filter_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
905912
test_fuzz_rolling_bloom_filter_LDADD = $(FUZZ_SUITE_LD_COMMON)

src/test/fuzz/rbf.cpp

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
// Copyright (c) 2020 The Bitcoin Core developers
2+
// Distributed under the MIT software license, see the accompanying
3+
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4+
5+
#include <optional.h>
6+
#include <policy/rbf.h>
7+
#include <primitives/transaction.h>
8+
#include <sync.h>
9+
#include <test/fuzz/FuzzedDataProvider.h>
10+
#include <test/fuzz/fuzz.h>
11+
#include <test/fuzz/util.h>
12+
#include <txmempool.h>
13+
14+
#include <cstdint>
15+
#include <string>
16+
#include <vector>
17+
18+
void test_one_input(const std::vector<uint8_t>& buffer)
19+
{
20+
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
21+
Optional<CMutableTransaction> mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
22+
if (!mtx) {
23+
return;
24+
}
25+
CTxMemPool pool;
26+
while (fuzzed_data_provider.ConsumeBool()) {
27+
const Optional<CMutableTransaction> another_mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
28+
if (!another_mtx) {
29+
break;
30+
}
31+
const CTransaction another_tx{*another_mtx};
32+
if (fuzzed_data_provider.ConsumeBool() && !mtx->vin.empty()) {
33+
mtx->vin[0].prevout = COutPoint{another_tx.GetHash(), 0};
34+
}
35+
LOCK2(cs_main, pool.cs);
36+
pool.addUnchecked(ConsumeTxMemPoolEntry(fuzzed_data_provider, another_tx));
37+
}
38+
const CTransaction tx{*mtx};
39+
if (fuzzed_data_provider.ConsumeBool()) {
40+
LOCK2(cs_main, pool.cs);
41+
pool.addUnchecked(ConsumeTxMemPoolEntry(fuzzed_data_provider, tx));
42+
}
43+
{
44+
LOCK(pool.cs);
45+
(void)IsRBFOptIn(tx, pool);
46+
}
47+
}

0 commit comments

Comments
 (0)