From fa5388fad3e87d56395bfe2467d2d6448a8f2e40 Mon Sep 17 00:00:00 2001 From: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz> Date: Tue, 14 Nov 2023 17:30:46 +0100 Subject: [PATCH 1/3] fuzz: Remove FuzzedAutoFileProvider The code is clearer without it. This is also needed for a future commit. --- src/test/fuzz/autofile.cpp | 6 ++++-- src/test/fuzz/buffered_file.cpp | 2 +- src/test/fuzz/load_external_block_file.cpp | 2 +- src/test/fuzz/policy_estimator.cpp | 5 +++-- src/test/fuzz/policy_estimator_io.cpp | 8 +++---- src/test/fuzz/util.h | 25 ---------------------- src/test/fuzz/validation_load_mempool.cpp | 2 +- 7 files changed, 14 insertions(+), 36 deletions(-) diff --git a/src/test/fuzz/autofile.cpp b/src/test/fuzz/autofile.cpp index a7b41370a80..e96190b9db8 100644 --- a/src/test/fuzz/autofile.cpp +++ b/src/test/fuzz/autofile.cpp @@ -17,8 +17,10 @@ FUZZ_TARGET(autofile) { FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; - FuzzedAutoFileProvider fuzzed_auto_file_provider = ConsumeAutoFile(fuzzed_data_provider); - AutoFile auto_file{fuzzed_auto_file_provider.open()}; + FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; + AutoFile auto_file{ + fuzzed_file_provider.open(), + }; LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { CallOneOf( fuzzed_data_provider, diff --git a/src/test/fuzz/buffered_file.cpp b/src/test/fuzz/buffered_file.cpp index 636f11b381b..621486930fc 100644 --- a/src/test/fuzz/buffered_file.cpp +++ b/src/test/fuzz/buffered_file.cpp @@ -17,7 +17,7 @@ FUZZ_TARGET(buffered_file) { FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; - FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider); + FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; std::optional opt_buffered_file; CAutoFile fuzzed_file{fuzzed_file_provider.open(), 0}; try { diff --git a/src/test/fuzz/load_external_block_file.cpp b/src/test/fuzz/load_external_block_file.cpp index fc903e5ec25..ae4f5d089b6 100644 --- a/src/test/fuzz/load_external_block_file.cpp +++ b/src/test/fuzz/load_external_block_file.cpp @@ -27,7 +27,7 @@ void initialize_load_external_block_file() FUZZ_TARGET(load_external_block_file, .init = initialize_load_external_block_file) { FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; - FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider); + FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; CAutoFile fuzzed_block_file{fuzzed_file_provider.open(), CLIENT_VERSION}; if (fuzzed_block_file.IsNull()) { return; diff --git a/src/test/fuzz/policy_estimator.cpp b/src/test/fuzz/policy_estimator.cpp index 4cbc1b48203..22061edd0a8 100644 --- a/src/test/fuzz/policy_estimator.cpp +++ b/src/test/fuzz/policy_estimator.cpp @@ -13,6 +13,7 @@ #include #include +#include #include #include @@ -81,8 +82,8 @@ FUZZ_TARGET(policy_estimator, .init = initialize_policy_estimator) (void)block_policy_estimator.HighestTargetTracked(fuzzed_data_provider.PickValueInArray(ALL_FEE_ESTIMATE_HORIZONS)); } { - FuzzedAutoFileProvider fuzzed_auto_file_provider = ConsumeAutoFile(fuzzed_data_provider); - AutoFile fuzzed_auto_file{fuzzed_auto_file_provider.open()}; + FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; + AutoFile fuzzed_auto_file{fuzzed_file_provider.open()}; block_policy_estimator.Write(fuzzed_auto_file); block_policy_estimator.Read(fuzzed_auto_file); } diff --git a/src/test/fuzz/policy_estimator_io.cpp b/src/test/fuzz/policy_estimator_io.cpp index c04ef8f5b0f..3e7d0933439 100644 --- a/src/test/fuzz/policy_estimator_io.cpp +++ b/src/test/fuzz/policy_estimator_io.cpp @@ -4,13 +4,13 @@ #include #include +#include #include #include #include #include -#include -#include +#include namespace { const BasicTestingSetup* g_setup; @@ -25,8 +25,8 @@ void initialize_policy_estimator_io() FUZZ_TARGET(policy_estimator_io, .init = initialize_policy_estimator_io) { FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); - FuzzedAutoFileProvider fuzzed_auto_file_provider = ConsumeAutoFile(fuzzed_data_provider); - AutoFile fuzzed_auto_file{fuzzed_auto_file_provider.open()}; + FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; + AutoFile fuzzed_auto_file{fuzzed_file_provider.open()}; // Re-using block_policy_estimator across runs to avoid costly creation of CBlockPolicyEstimator object. static CBlockPolicyEstimator block_policy_estimator{FeeestPath(*g_setup->m_node.args), DEFAULT_ACCEPT_STALE_FEE_ESTIMATES}; if (block_policy_estimator.Read(fuzzed_auto_file)) { diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h index 95d910b64df..0ad2ed61289 100644 --- a/src/test/fuzz/util.h +++ b/src/test/fuzz/util.h @@ -263,31 +263,6 @@ public: static int close(void* cookie); }; -[[nodiscard]] inline FuzzedFileProvider ConsumeFile(FuzzedDataProvider& fuzzed_data_provider) noexcept -{ - return {fuzzed_data_provider}; -} - -class FuzzedAutoFileProvider -{ - FuzzedFileProvider m_fuzzed_file_provider; - -public: - FuzzedAutoFileProvider(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_file_provider{fuzzed_data_provider} - { - } - - AutoFile open() - { - return AutoFile{m_fuzzed_file_provider.open()}; - } -}; - -[[nodiscard]] inline FuzzedAutoFileProvider ConsumeAutoFile(FuzzedDataProvider& fuzzed_data_provider) noexcept -{ - return {fuzzed_data_provider}; -} - #define WRITE_TO_STREAM_CASE(type, consume) \ [&] { \ type o = consume; \ diff --git a/src/test/fuzz/validation_load_mempool.cpp b/src/test/fuzz/validation_load_mempool.cpp index 5d020b4d593..00678742c99 100644 --- a/src/test/fuzz/validation_load_mempool.cpp +++ b/src/test/fuzz/validation_load_mempool.cpp @@ -38,7 +38,7 @@ FUZZ_TARGET(validation_load_mempool, .init = initialize_validation_load_mempool) { FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; SetMockTime(ConsumeTime(fuzzed_data_provider)); - FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider); + FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; CTxMemPool pool{MemPoolOptionsForTest(g_setup->m_node)}; From fab5cb9066366d93531f34e649a10addf44cd2ca Mon Sep 17 00:00:00 2001 From: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz> Date: Tue, 14 Nov 2023 17:30:32 +0100 Subject: [PATCH 2/3] fuzz: Reduce LIMITED_WHILE limit for file fuzzing A higher limit is not needed, and only leads to timeouts, see for example the buffered_file one in https://github.com/bitcoin/bitcoin/issues/28812#issue-1981386486 --- src/test/fuzz/autofile.cpp | 3 ++- src/test/fuzz/buffered_file.cpp | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test/fuzz/autofile.cpp b/src/test/fuzz/autofile.cpp index e96190b9db8..bf7119b761c 100644 --- a/src/test/fuzz/autofile.cpp +++ b/src/test/fuzz/autofile.cpp @@ -21,7 +21,8 @@ FUZZ_TARGET(autofile) AutoFile auto_file{ fuzzed_file_provider.open(), }; - LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { + LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) + { CallOneOf( fuzzed_data_provider, [&] { diff --git a/src/test/fuzz/buffered_file.cpp b/src/test/fuzz/buffered_file.cpp index 621486930fc..e345aa301c7 100644 --- a/src/test/fuzz/buffered_file.cpp +++ b/src/test/fuzz/buffered_file.cpp @@ -26,7 +26,8 @@ FUZZ_TARGET(buffered_file) } if (opt_buffered_file && !fuzzed_file.IsNull()) { bool setpos_fail = false; - LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { + LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) + { CallOneOf( fuzzed_data_provider, [&] { From faa25718b3f11f24aa41f0968bbd4da104814bc5 Mon Sep 17 00:00:00 2001 From: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz> Date: Tue, 14 Nov 2023 17:21:14 +0100 Subject: [PATCH 3/3] fuzz: AutoFile with XOR --- src/test/fuzz/autofile.cpp | 7 ++++--- src/test/fuzz/buffered_file.cpp | 9 +++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/test/fuzz/autofile.cpp b/src/test/fuzz/autofile.cpp index bf7119b761c..45316b6b218 100644 --- a/src/test/fuzz/autofile.cpp +++ b/src/test/fuzz/autofile.cpp @@ -2,16 +2,16 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. +#include #include #include #include #include #include -#include +#include +#include #include -#include -#include #include FUZZ_TARGET(autofile) @@ -20,6 +20,7 @@ FUZZ_TARGET(autofile) FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; AutoFile auto_file{ fuzzed_file_provider.open(), + ConsumeRandomLengthByteVector(fuzzed_data_provider), }; LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) { diff --git a/src/test/fuzz/buffered_file.cpp b/src/test/fuzz/buffered_file.cpp index e345aa301c7..813af63738b 100644 --- a/src/test/fuzz/buffered_file.cpp +++ b/src/test/fuzz/buffered_file.cpp @@ -2,16 +2,17 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. +#include #include #include #include #include #include +#include #include #include #include -#include #include FUZZ_TARGET(buffered_file) @@ -19,7 +20,11 @@ FUZZ_TARGET(buffered_file) FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; FuzzedFileProvider fuzzed_file_provider{fuzzed_data_provider}; std::optional opt_buffered_file; - CAutoFile fuzzed_file{fuzzed_file_provider.open(), 0}; + CAutoFile fuzzed_file{ + fuzzed_file_provider.open(), + 0, + ConsumeRandomLengthByteVector(fuzzed_data_provider), + }; try { opt_buffered_file.emplace(fuzzed_file, fuzzed_data_provider.ConsumeIntegralInRange(0, 4096), fuzzed_data_provider.ConsumeIntegralInRange(0, 4096)); } catch (const std::ios_base::failure&) {