tests: Add EvalScript(...) fuzzing harness

practicalswift · practicalswift · commit 7e50abcc29dc · 2019-10-12T16:42:21.000Z
diff --git a/src/Makefile.test.include b/src/Makefile.test.include
@@ -17,6 +17,7 @@ FUZZ_TARGETS = \
   test/fuzz/bloomfilter_deserialize \
   test/fuzz/coins_deserialize \
   test/fuzz/diskblockindex_deserialize \
+  test/fuzz/eval_script \
   test/fuzz/inv_deserialize \
   test/fuzz/messageheader_deserialize \
   test/fuzz/netaddr_deserialize \
@@ -299,6 +300,12 @@ test_fuzz_diskblockindex_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_diskblockindex_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_diskblockindex_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_eval_script_SOURCES = $(FUZZ_SUITE) test/fuzz/eval_script.cpp
+test_fuzz_eval_script_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_eval_script_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_eval_script_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_eval_script_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_txoutcompressor_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 test_fuzz_txoutcompressor_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DTXOUTCOMPRESSOR_DESERIALIZE=1
 test_fuzz_txoutcompressor_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
diff --git a/src/test/fuzz/eval_script.cpp b/src/test/fuzz/eval_script.cpp
@@ -0,0 +1,30 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <script/interpreter.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+
+#include <limits>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const unsigned int flags = fuzzed_data_provider.ConsumeIntegral<unsigned int>();
+    const std::vector<uint8_t> script_bytes = [&] {
+        if (fuzzed_data_provider.remaining_bytes() != 0) {
+            return fuzzed_data_provider.ConsumeRemainingBytes<uint8_t>();
+        } else {
+            // Avoid UBSan warning:
+            //   test/fuzz/FuzzedDataProvider.h:212:17: runtime error: null pointer passed as argument 1, which is declared to never be null
+            //   /usr/include/string.h:43:28: note: nonnull attribute specified here
+            return std::vector<uint8_t>();
+        }
+    }();
+    const CScript script(script_bytes.begin(), script_bytes.end());
+    for (const auto sig_version : {SigVersion::BASE, SigVersion::WITNESS_V0}) {
+        std::vector<std::vector<unsigned char>> stack;
+        (void)EvalScript(stack, script, flags, BaseSignatureChecker(), sig_version, nullptr);
+    }
+}
