Skip to content

Commit 9823376

Browse files
practicalswiftpracticalswift
committed
tests: Add fuzzing harness for CBufferedFile (streams.h)
1 parent f3aa659 commit 9823376

File tree

2 files changed

+71
-0
lines changed

2 files changed

+71
-0
lines changed

src/Makefile.test.include

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ FUZZ_TARGETS = \
3030
test/fuzz/blockundo_deserialize \
3131
test/fuzz/bloom_filter \
3232
test/fuzz/bloomfilter_deserialize \
33+
test/fuzz/buffered_file \
3334
test/fuzz/chain \
3435
test/fuzz/checkqueue \
3536
test/fuzz/coins_deserialize \
@@ -471,6 +472,12 @@ test_fuzz_bloomfilter_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
471472
test_fuzz_bloomfilter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
472473
test_fuzz_bloomfilter_deserialize_SOURCES = test/fuzz/deserialize.cpp
473474

475+
test_fuzz_buffered_file_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
476+
test_fuzz_buffered_file_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
477+
test_fuzz_buffered_file_LDADD = $(FUZZ_SUITE_LD_COMMON)
478+
test_fuzz_buffered_file_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
479+
test_fuzz_buffered_file_SOURCES = test/fuzz/buffered_file.cpp
480+
474481
test_fuzz_chain_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
475482
test_fuzz_chain_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
476483
test_fuzz_chain_LDADD = $(FUZZ_SUITE_LD_COMMON)

src/test/fuzz/buffered_file.cpp

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
// Copyright (c) 2020 The Bitcoin Core developers
2+
// Distributed under the MIT software license, see the accompanying
3+
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4+
5+
#include <optional.h>
6+
#include <streams.h>
7+
#include <test/fuzz/FuzzedDataProvider.h>
8+
#include <test/fuzz/fuzz.h>
9+
#include <test/fuzz/util.h>
10+
11+
#include <array>
12+
#include <cstdint>
13+
#include <iostream>
14+
#include <optional>
15+
#include <string>
16+
#include <vector>
17+
18+
void test_one_input(const std::vector<uint8_t>& buffer)
19+
{
20+
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
21+
FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
22+
std::optional<CBufferedFile> opt_buffered_file;
23+
FILE* fuzzed_file = fuzzed_file_provider.open();
24+
try {
25+
opt_buffered_file.emplace(fuzzed_file, fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096), fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096), fuzzed_data_provider.ConsumeIntegral<int>(), fuzzed_data_provider.ConsumeIntegral<int>());
26+
} catch (const std::ios_base::failure&) {
27+
if (fuzzed_file != nullptr) {
28+
fclose(fuzzed_file);
29+
}
30+
}
31+
if (opt_buffered_file && fuzzed_file != nullptr) {
32+
while (fuzzed_data_provider.ConsumeBool()) {
33+
switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 4)) {
34+
case 0: {
35+
std::array<uint8_t, 4096> arr{};
36+
try {
37+
opt_buffered_file->read((char*)arr.data(), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096));
38+
} catch (const std::ios_base::failure&) {
39+
}
40+
break;
41+
}
42+
case 1: {
43+
opt_buffered_file->Seek(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096));
44+
break;
45+
}
46+
case 2: {
47+
opt_buffered_file->SetLimit(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096));
48+
break;
49+
}
50+
case 3: {
51+
try {
52+
opt_buffered_file->FindByte(fuzzed_data_provider.ConsumeIntegral<char>());
53+
} catch (const std::ios_base::failure&) {
54+
}
55+
break;
56+
}
57+
case 4: {
58+
ReadFromStream(fuzzed_data_provider, *opt_buffered_file);
59+
break;
60+
}
61+
}
62+
}
63+
}
64+
}

0 commit comments

Comments
 (0)