From bcad0144eff3192cb54f65fa7737be53e03f8b0f Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Thu, 19 Dec 2019 19:26:42 +0000
Subject: [PATCH] tests: Add fuzzing harness for DecodeHexTx(...)

---
 src/Makefile.test.include   |  7 +++++++
 src/test/fuzz/decode_tx.cpp | 31 +++++++++++++++++++++++++++++++
 test/fuzz/test_runner.py    |  1 +
 3 files changed, 39 insertions(+)
 create mode 100644 src/test/fuzz/decode_tx.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 091ef503490..83ee87549b8 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -23,6 +23,7 @@ FUZZ_TARGETS = \
   test/fuzz/blockundo_deserialize \
   test/fuzz/bloomfilter_deserialize \
   test/fuzz/coins_deserialize \
+  test/fuzz/decode_tx \
   test/fuzz/descriptor_parse \
   test/fuzz/diskblockindex_deserialize \
   test/fuzz/eval_script \
@@ -304,6 +305,12 @@ test_fuzz_coins_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_coins_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_coins_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 
+test_fuzz_decode_tx_SOURCES = $(FUZZ_SUITE) test/fuzz/decode_tx.cpp
+test_fuzz_decode_tx_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_decode_tx_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_decode_tx_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_decode_tx_LDADD = $(FUZZ_SUITE_LD_COMMON)
+
 test_fuzz_descriptor_parse_SOURCES = $(FUZZ_SUITE) test/fuzz/descriptor_parse.cpp
 test_fuzz_descriptor_parse_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_descriptor_parse_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
diff --git a/src/test/fuzz/decode_tx.cpp b/src/test/fuzz/decode_tx.cpp
new file mode 100644
index 00000000000..09c4ff05df1
--- /dev/null
+++ b/src/test/fuzz/decode_tx.cpp
@@ -0,0 +1,31 @@
+// Copyright (c) 2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <core_io.h>
+#include <primitives/transaction.h>
+#include <test/fuzz/fuzz.h>
+#include <util/strencodings.h>
+
+#include <cassert>
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    const std::string tx_hex = HexStr(std::string{buffer.begin(), buffer.end()});
+    CMutableTransaction mtx;
+    const bool result_none = DecodeHexTx(mtx, tx_hex, false, false);
+    const bool result_try_witness = DecodeHexTx(mtx, tx_hex, false, true);
+    const bool result_try_witness_and_maybe_no_witness = DecodeHexTx(mtx, tx_hex, true, true);
+    const bool result_try_no_witness = DecodeHexTx(mtx, tx_hex, true, false);
+    assert(!result_none);
+    if (result_try_witness_and_maybe_no_witness) {
+        assert(result_try_no_witness || result_try_witness);
+    }
+    // if (result_try_no_witness) { // Uncomment when https://github.com/bitcoin/bitcoin/pull/17775 is merged
+    if (result_try_witness) { // Remove stop-gap when https://github.com/bitcoin/bitcoin/pull/17775 is merged
+        assert(result_try_witness_and_maybe_no_witness);
+    }
+}
diff --git a/test/fuzz/test_runner.py b/test/fuzz/test_runner.py
index bbdd0474657..9027311a8b4 100755
--- a/test/fuzz/test_runner.py
+++ b/test/fuzz/test_runner.py
@@ -20,6 +20,7 @@ FUZZERS_MISSING_CORPORA = [
     "block_file_info_deserialize",
     "block_filter_deserialize",
     "block_header_and_short_txids_deserialize",
+    "decode_tx",
     "fee_rate_deserialize",
     "flat_file_pos_deserialize",
     "hex",