mirror of
https://github.com/bitcoin/bitcoin.git
synced 2026-06-12 15:49:31 +02:00
Merge bitcoin/bitcoin#22454: fuzz: Limit max ops in tx_pool fuzz targets
fa33ed4b3ffuzz: Limit max ops in tx_pool fuzz targets (MarcoFalke) Pull request description: Without a size limit on the input data, the runtime is unbounded. Fix this by picking an upper bound on the maximum number of fuzz operations. Reproducer from OSS-Fuzz (without bug report): [clusterfuzz-testcase-tx_pool_standard-5963992253202432.log](https://github.com/bitcoin/bitcoin/files/6822465/clusterfuzz-testcase-tx_pool_standard-5963992253202432.log) ACKs for top commit: practicalswift: cr ACKfa33ed4b3fTree-SHA512: 32098d573880afba12d510ac83519dc886a6c65d5207edb810f92c7c61edf5e2fc9c57e7b7a1ae656c02ce14e3595707dd6b93caf7956beb2bc817609e14d23d
This commit is contained in:
MarcoFalke
@@ -112,6 +112,10 @@ void MockTime(FuzzedDataProvider& fuzzed_data_provider, const CChainState& chain
|
|||||||
|
|
||||||
FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
|
FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
|
||||||
{
|
{
|
||||||
|
// Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
|
||||||
|
// inputs.
|
||||||
|
int limit_max_ops{300};
|
||||||
|
|
||||||
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||||
const auto& node = g_setup->m_node;
|
const auto& node = g_setup->m_node;
|
||||||
auto& chainstate = node.chainman->ActiveChainstate();
|
auto& chainstate = node.chainman->ActiveChainstate();
|
||||||
@@ -142,7 +146,7 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
|
|||||||
return c.out.nValue;
|
return c.out.nValue;
|
||||||
};
|
};
|
||||||
|
|
||||||
while (fuzzed_data_provider.ConsumeBool()) {
|
while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
|
||||||
{
|
{
|
||||||
// Total supply is the mempool fee + all outpoints
|
// Total supply is the mempool fee + all outpoints
|
||||||
CAmount supply_now{WITH_LOCK(tx_pool.cs, return tx_pool.GetTotalFee())};
|
CAmount supply_now{WITH_LOCK(tx_pool.cs, return tx_pool.GetTotalFee())};
|
||||||
@@ -285,6 +289,10 @@ FUZZ_TARGET_INIT(tx_pool_standard, initialize_tx_pool)
|
|||||||
|
|
||||||
FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
|
FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
|
||||||
{
|
{
|
||||||
|
// Pick an arbitrary upper bound to limit the runtime and avoid timeouts on
|
||||||
|
// inputs.
|
||||||
|
int limit_max_ops{300};
|
||||||
|
|
||||||
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||||
const auto& node = g_setup->m_node;
|
const auto& node = g_setup->m_node;
|
||||||
auto& chainstate = node.chainman->ActiveChainstate();
|
auto& chainstate = node.chainman->ActiveChainstate();
|
||||||
@@ -305,7 +313,7 @@ FUZZ_TARGET_INIT(tx_pool, initialize_tx_pool)
|
|||||||
CTxMemPool tx_pool_{/* estimator */ nullptr, /* check_ratio */ 1};
|
CTxMemPool tx_pool_{/* estimator */ nullptr, /* check_ratio */ 1};
|
||||||
MockedTxPool& tx_pool = *static_cast<MockedTxPool*>(&tx_pool_);
|
MockedTxPool& tx_pool = *static_cast<MockedTxPool*>(&tx_pool_);
|
||||||
|
|
||||||
while (fuzzed_data_provider.ConsumeBool()) {
|
while (--limit_max_ops >= 0 && fuzzed_data_provider.ConsumeBool()) {
|
||||||
const auto mut_tx = ConsumeTransaction(fuzzed_data_provider, txids);
|
const auto mut_tx = ConsumeTransaction(fuzzed_data_provider, txids);
|
||||||
|
|
||||||
if (fuzzed_data_provider.ConsumeBool()) {
|
if (fuzzed_data_provider.ConsumeBool()) {
|
||||||
|
|||||||
Reference in New Issue
Block a user