[fuzz] Occasional valid checksum for transport serialization fuzz test

dhruv · dhruv · commit 35571d8d9ec1 · 2021-05-25T08:09:14.000-07:00
Before commit:
Unable to deserialize: 0%
Wrong message start  : ~1.27%
Header too large     : ~0.5%
Wrong checksum       : ~67.99%
Invalid message type : ~30.1%

303389	NEW    cov: 1202 ft: 8382 corp: 157/382Kb lim: 68189 exec/s: 1451 rss: 447Mb L: 1386/65459 MS: 1 CopyPart-
1428759	REDUCE cov: 1202 ft: 8512 corp: 169/389Kb lim: 78749 exec/s: 1528 rss: 463Mb L: 1627/60488 MS: 1 EraseBytes-

After commit(new seeds; old seeds invalidated):
Unable to deserialize: 0%
Wrong message start  : ~45.62%
Header too large     : ~14.5%
Wrong checksum       : ~38.13%
Invalid message type : ~1.78%

304820	NEW    cov: 1440 ft: 4452 corp: 92/12551b lim: 2237 exec/s: 3386 rss: 486Mb L: 47/1111 MS: 1 ChangeByte-
1416181	REDUCE cov: 1442 ft: 5681 corp: 125/59Kb lim: 4096 exec/s: 3522 rss: 535Mb L: 2164/4049 MS: 1 EraseBytes-
diff --git a/src/test/fuzz/p2p_transport_serialization.cpp b/src/test/fuzz/p2p_transport_serialization.cpp
@@ -3,9 +3,11 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <chainparams.h>
+#include <hash.h>
 #include <net.h>
 #include <netmessagemaker.h>
 #include <protocol.h>
+#include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 
 #include <cassert>
@@ -24,7 +26,25 @@ FUZZ_TARGET_INIT(p2p_transport_serialization, initialize_p2p_transport_serializa
     // Construct deserializer, with a dummy NodeId
     V1TransportDeserializer deserializer{Params(), (NodeId)0, SER_NETWORK, INIT_PROTO_VERSION};
     V1TransportSerializer serializer{};
-    Span<const uint8_t> msg_bytes{buffer};
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+
+    auto checksum_assist = fuzzed_data_provider.ConsumeBool();
+    int header_random_bytes_count = checksum_assist ? CMessageHeader::CHECKSUM_OFFSET : CMessageHeader :: HEADER_SIZE;
+    auto mutable_msg_bytes = fuzzed_data_provider.ConsumeBytes<uint8_t>(header_random_bytes_count);
+    auto payload_bytes = fuzzed_data_provider.ConsumeRemainingBytes<uint8_t>();
+
+    if (checksum_assist && mutable_msg_bytes.size() == CMessageHeader::CHECKSUM_OFFSET) {
+        CHash256 hasher;
+        unsigned char hsh[32];
+        hasher.Write(payload_bytes);
+        hasher.Finalize(hsh);
+        for (size_t i = 0; i < CMessageHeader::CHECKSUM_SIZE; ++i) {
+           mutable_msg_bytes.push_back(hsh[i]);
+        }
+    }
+
+    mutable_msg_bytes.insert(mutable_msg_bytes.end(), payload_bytes.begin(), payload_bytes.end());
+    Span<const uint8_t> msg_bytes{mutable_msg_bytes};
     while (msg_bytes.size() > 0) {
         const int handled = deserializer.Read(msg_bytes);
         if (handled < 0) {
@@ -36,7 +56,7 @@ FUZZ_TARGET_INIT(p2p_transport_serialization, initialize_p2p_transport_serializa
             std::optional<CNetMessage> result{deserializer.GetMessage(m_time, out_err_raw_size)};
             if (result) {
                 assert(result->m_command.size() <= CMessageHeader::COMMAND_SIZE);
-                assert(result->m_raw_message_size <= buffer.size());
+                assert(result->m_raw_message_size <= mutable_msg_bytes.size());
                 assert(result->m_raw_message_size == CMessageHeader::HEADER_SIZE + result->m_message_size);
                 assert(result->m_time == m_time);
 
