Merge bitcoin#29079: fuzz: Limit p2p fuzz targets to MAX_PROTOCOL_MESSAGE_LENGTH

fanquake · vijaydasmp · commit 34a9eebf7f5e · 2026-01-10T19:57:50.000+05:30
fa769d3 fuzz: Limit p2p fuzz targets to MAX_PROTOCOL_MESSAGE_LENGTH (MarcoFalke) Pull request description: Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65039 ACKs for top commit: dergoegge: utACK fa769d3 brunoerg: crACK fa769d3 Tree-SHA512: 46f70d1acf4e2f95055c70162909010c6322f8504a810906e1ab4db470dc2525f9a494b8427b254279bc68b1c8b87338c943787fd5249df7113556740701a51a
diff --git a/src/test/fuzz/process_message.cpp b/src/test/fuzz/process_message.cpp
@@ -1,13 +1,11 @@
-// Copyright (c) 2020 The Bitcoin Core developers
+// Copyright (c) 2020-present The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <consensus/consensus.h>
 #include <net.h>
 #include <protocol.h>
 #include <script/script.h>
-#include <serialize.h>
-#include <streams.h>
 #include <sync.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
@@ -19,7 +17,6 @@
 #include <validationinterface.h>
 #include <version.h>
 
-#include <atomic>
 #include <cstdlib>
 #include <iostream>
 #include <memory>
@@ -74,8 +71,7 @@ FUZZ_TARGET(process_message, .init = initialize_process_message)
 
     CSerializedNetMsg net_msg;
     net_msg.m_type = random_message_type;
-    // fuzzed_data_provider is fully consumed after this call, don't use it
-    net_msg.data = fuzzed_data_provider.ConsumeRemainingBytes<unsigned char>();
+    net_msg.data = ConsumeRandomLengthByteVector(fuzzed_data_provider, MAX_PROTOCOL_MESSAGE_LENGTH);
 
     connman.FlushSendBuffer(p2p_node);
     (void)connman.ReceiveMsgFrom(p2p_node, std::move(net_msg));
diff --git a/src/test/fuzz/process_messages.cpp b/src/test/fuzz/process_messages.cpp
@@ -62,7 +62,7 @@ FUZZ_TARGET(process_messages, .init = initialize_process_messages)
 
         CSerializedNetMsg net_msg;
         net_msg.m_type = random_message_type;
-        net_msg.data = ConsumeRandomLengthByteVector(fuzzed_data_provider);
+        net_msg.data = ConsumeRandomLengthByteVector(fuzzed_data_provider, MAX_PROTOCOL_MESSAGE_LENGTH);
 
         CNode& random_node = *PickValue(fuzzed_data_provider, peers);
 
