Skip to content

Commit 65a52a0

Browse files
practicalswiftpracticalswift
committed
tests: Add fuzzing harness for CScript operations
1 parent eb7c50c commit 65a52a0

File tree

2 files changed

+74
-0
lines changed

2 files changed

+74
-0
lines changed

src/Makefile.test.include

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ FUZZ_TARGETS = \
6161
test/fuzz/script \
6262
test/fuzz/script_deserialize \
6363
test/fuzz/script_flags \
64+
test/fuzz/script_ops \
6465
test/fuzz/service_deserialize \
6566
test/fuzz/spanparsing \
6667
test/fuzz/strprintf \
@@ -590,6 +591,12 @@ test_fuzz_script_flags_LDADD = $(FUZZ_SUITE_LD_COMMON)
590591
test_fuzz_script_flags_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
591592
test_fuzz_script_flags_SOURCES = $(FUZZ_SUITE) test/fuzz/script_flags.cpp
592593

594+
test_fuzz_script_ops_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
595+
test_fuzz_script_ops_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
596+
test_fuzz_script_ops_LDADD = $(FUZZ_SUITE_LD_COMMON)
597+
test_fuzz_script_ops_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
598+
test_fuzz_script_ops_SOURCES = $(FUZZ_SUITE) test/fuzz/script_ops.cpp
599+
593600
test_fuzz_service_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSERVICE_DESERIALIZE=1
594601
test_fuzz_service_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
595602
test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)

src/test/fuzz/script_ops.cpp

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
// Copyright (c) 2020 The Bitcoin Core developers
2+
// Distributed under the MIT software license, see the accompanying
3+
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4+
5+
#include <script/script.h>
6+
#include <test/fuzz/FuzzedDataProvider.h>
7+
#include <test/fuzz/fuzz.h>
8+
#include <test/fuzz/util.h>
9+
10+
#include <cstdint>
11+
#include <string>
12+
#include <vector>
13+
14+
void test_one_input(const std::vector<uint8_t>& buffer)
15+
{
16+
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
17+
CScript script = ConsumeScript(fuzzed_data_provider);
18+
while (fuzzed_data_provider.remaining_bytes() > 0) {
19+
switch (fuzzed_data_provider.ConsumeIntegralInRange(0, 7)) {
20+
case 0:
21+
script += ConsumeScript(fuzzed_data_provider);
22+
break;
23+
case 1:
24+
script = script + ConsumeScript(fuzzed_data_provider);
25+
break;
26+
case 2:
27+
script << fuzzed_data_provider.ConsumeIntegral<int64_t>();
28+
break;
29+
case 3:
30+
script << ConsumeOpcodeType(fuzzed_data_provider);
31+
break;
32+
case 4:
33+
script << ConsumeScriptNum(fuzzed_data_provider);
34+
break;
35+
case 5:
36+
script << ConsumeRandomLengthByteVector(fuzzed_data_provider);
37+
break;
38+
case 6:
39+
script.clear();
40+
break;
41+
case 7: {
42+
(void)script.GetSigOpCount(false);
43+
(void)script.GetSigOpCount(true);
44+
(void)script.GetSigOpCount(script);
45+
(void)script.HasValidOps();
46+
(void)script.IsPayToScriptHash();
47+
(void)script.IsPayToWitnessScriptHash();
48+
(void)script.IsPushOnly();
49+
(void)script.IsUnspendable();
50+
{
51+
CScript::const_iterator pc = script.begin();
52+
opcodetype opcode;
53+
(void)script.GetOp(pc, opcode);
54+
std::vector<uint8_t> data;
55+
(void)script.GetOp(pc, opcode, data);
56+
(void)script.IsPushOnly(pc);
57+
}
58+
{
59+
int version;
60+
std::vector<uint8_t> program;
61+
(void)script.IsWitnessProgram(version, program);
62+
}
63+
break;
64+
}
65+
}
66+
}
67+
}

0 commit comments

Comments
 (0)