mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-08-03 20:13:17 +02:00
Merge #20908: fuzz: Use mocktime in process_message* fuzz targets
fa0a864b38fuzz: Use mocktime in process_message* fuzz targets (MarcoFalke) Pull request description: Use mocktime to allow time to advance deterministically during execution of a fuzz input. This also allows to drop the call to `JumpOutOfIbd`. ACKs for top commit: practicalswift: cr ACKfa0a864b38Tree-SHA512: e92fc70ec6bd49760173cb202549f364304e22b3f7127b9a4da8447cf9341008e477ad42c2599c2fde167bbcbc0e2d139709b4ef6371788bc2c1c3b7f589e11d
This commit is contained in:
MarcoFalke
@@ -55,21 +55,25 @@ void initialize_process_message()
|
|||||||
void fuzz_target(const std::vector<uint8_t>& buffer, const std::string& LIMIT_TO_MESSAGE_TYPE)
|
void fuzz_target(const std::vector<uint8_t>& buffer, const std::string& LIMIT_TO_MESSAGE_TYPE)
|
||||||
{
|
{
|
||||||
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||||
|
|
||||||
ConnmanTestMsg& connman = *(ConnmanTestMsg*)g_setup->m_node.connman.get();
|
ConnmanTestMsg& connman = *(ConnmanTestMsg*)g_setup->m_node.connman.get();
|
||||||
TestChainState& chainstate = *(TestChainState*)&g_setup->m_node.chainman->ActiveChainstate();
|
TestChainState& chainstate = *(TestChainState*)&g_setup->m_node.chainman->ActiveChainstate();
|
||||||
|
SetMockTime(1610000000); // any time to successfully reset ibd
|
||||||
chainstate.ResetIbd();
|
chainstate.ResetIbd();
|
||||||
|
|
||||||
const std::string random_message_type{fuzzed_data_provider.ConsumeBytesAsString(CMessageHeader::COMMAND_SIZE).c_str()};
|
const std::string random_message_type{fuzzed_data_provider.ConsumeBytesAsString(CMessageHeader::COMMAND_SIZE).c_str()};
|
||||||
if (!LIMIT_TO_MESSAGE_TYPE.empty() && random_message_type != LIMIT_TO_MESSAGE_TYPE) {
|
if (!LIMIT_TO_MESSAGE_TYPE.empty() && random_message_type != LIMIT_TO_MESSAGE_TYPE) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const bool jump_out_of_ibd{fuzzed_data_provider.ConsumeBool()};
|
|
||||||
if (jump_out_of_ibd) chainstate.JumpOutOfIbd();
|
|
||||||
CNode& p2p_node = *ConsumeNodeAsUniquePtr(fuzzed_data_provider).release();
|
CNode& p2p_node = *ConsumeNodeAsUniquePtr(fuzzed_data_provider).release();
|
||||||
FillNode(fuzzed_data_provider, p2p_node);
|
FillNode(fuzzed_data_provider, p2p_node);
|
||||||
p2p_node.fSuccessfullyConnected = true;
|
p2p_node.fSuccessfullyConnected = true;
|
||||||
connman.AddTestNode(p2p_node);
|
connman.AddTestNode(p2p_node);
|
||||||
g_setup->m_node.peerman->InitializeNode(&p2p_node);
|
g_setup->m_node.peerman->InitializeNode(&p2p_node);
|
||||||
|
|
||||||
|
const auto mock_time = ConsumeTime(fuzzed_data_provider);
|
||||||
|
SetMockTime(mock_time);
|
||||||
|
|
||||||
// fuzzed_data_provider is fully consumed after this call, don't use it
|
// fuzzed_data_provider is fully consumed after this call, don't use it
|
||||||
CDataStream random_bytes_data_stream{fuzzed_data_provider.ConsumeRemainingBytes<unsigned char>(), SER_NETWORK, PROTOCOL_VERSION};
|
CDataStream random_bytes_data_stream{fuzzed_data_provider.ConsumeRemainingBytes<unsigned char>(), SER_NETWORK, PROTOCOL_VERSION};
|
||||||
try {
|
try {
|
||||||
|
|||||||
@@ -41,10 +41,10 @@ FUZZ_TARGET_INIT(process_messages, initialize_process_messages)
|
|||||||
|
|
||||||
ConnmanTestMsg& connman = *(ConnmanTestMsg*)g_setup->m_node.connman.get();
|
ConnmanTestMsg& connman = *(ConnmanTestMsg*)g_setup->m_node.connman.get();
|
||||||
TestChainState& chainstate = *(TestChainState*)&g_setup->m_node.chainman->ActiveChainstate();
|
TestChainState& chainstate = *(TestChainState*)&g_setup->m_node.chainman->ActiveChainstate();
|
||||||
|
SetMockTime(1610000000); // any time to successfully reset ibd
|
||||||
chainstate.ResetIbd();
|
chainstate.ResetIbd();
|
||||||
std::vector<CNode*> peers;
|
|
||||||
bool jump_out_of_ibd{false};
|
|
||||||
|
|
||||||
|
std::vector<CNode*> peers;
|
||||||
const auto num_peers_to_add = fuzzed_data_provider.ConsumeIntegralInRange(1, 3);
|
const auto num_peers_to_add = fuzzed_data_provider.ConsumeIntegralInRange(1, 3);
|
||||||
for (int i = 0; i < num_peers_to_add; ++i) {
|
for (int i = 0; i < num_peers_to_add; ++i) {
|
||||||
peers.push_back(ConsumeNodeAsUniquePtr(fuzzed_data_provider, i).release());
|
peers.push_back(ConsumeNodeAsUniquePtr(fuzzed_data_provider, i).release());
|
||||||
@@ -59,10 +59,11 @@ FUZZ_TARGET_INIT(process_messages, initialize_process_messages)
|
|||||||
}
|
}
|
||||||
|
|
||||||
while (fuzzed_data_provider.ConsumeBool()) {
|
while (fuzzed_data_provider.ConsumeBool()) {
|
||||||
if (!jump_out_of_ibd) jump_out_of_ibd = fuzzed_data_provider.ConsumeBool();
|
|
||||||
if (jump_out_of_ibd && chainstate.IsInitialBlockDownload()) chainstate.JumpOutOfIbd();
|
|
||||||
const std::string random_message_type{fuzzed_data_provider.ConsumeBytesAsString(CMessageHeader::COMMAND_SIZE).c_str()};
|
const std::string random_message_type{fuzzed_data_provider.ConsumeBytesAsString(CMessageHeader::COMMAND_SIZE).c_str()};
|
||||||
|
|
||||||
|
const auto mock_time = ConsumeTime(fuzzed_data_provider);
|
||||||
|
SetMockTime(mock_time);
|
||||||
|
|
||||||
CSerializedNetMsg net_msg;
|
CSerializedNetMsg net_msg;
|
||||||
net_msg.m_type = random_message_type;
|
net_msg.m_type = random_message_type;
|
||||||
net_msg.data = ConsumeRandomLengthByteVector(fuzzed_data_provider);
|
net_msg.data = ConsumeRandomLengthByteVector(fuzzed_data_provider);
|
||||||
|
|||||||
Reference in New Issue
Block a user