highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-01-21 15:50:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

fuzz: Reject too large descriptor leaf sizes in scriptpubkeyman target

Browse Source
This commit is contained in:
MarcoFalke
2026-01-08 12:27:03 +01:00
parent fabac1b395
commit fa8d56f9f0
3 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/test/fuzz/util/descriptor.cpp
View File

@@ -143,3 +143,23 @@ bool HasTooManyWrappers(std::span<const uint8_t> buff, const int max_wrappers)
return false;
}
bool HasTooLargeLeafSize(std::span<const uint8_t> buff, const uint32_t max_leaf_size)
{
uint32_t leaf_len{0};
for (auto c : buff) {
if (c == '(' || c == ')' || c == ',' || c == '{' || c == '}') {
// Possibly start a fresh leaf, or a fresh function name (with
// wrappers), or terminate a prior leaf.
leaf_len = 0;
} else {
// Just treat everything else as a leaf. This will also reject long
// function names, but this should be fine if the max_leaf_size is
// set large enough.
if (++leaf_len > max_leaf_size) {
return true;
}
}
}
return false;
}

8
src/test/fuzz/util/descriptor.h
View File

@@ -76,4 +76,12 @@ constexpr int MAX_WRAPPERS{100};
*/
bool HasTooManyWrappers(std::span<const uint8_t> buff, int max_wrappers = MAX_WRAPPERS);
/// Default maximum leaf size. This should be large enough to cover an extended
/// key, including paths "/", inside and outside of "[]".
constexpr uint32_t MAX_LEAF_SIZE{200};
/// Whether the expanded buffer (after calling GetDescriptor() in
/// MockedDescriptorConverter) has a leaf size too large.
bool HasTooLargeLeafSize(std::span<const uint8_t> buff, uint32_t max_leaf_size = MAX_LEAF_SIZE);
#endif // BITCOIN_TEST_FUZZ_UTIL_DESCRIPTOR_H

1
src/wallet/test/fuzz/scriptpubkeyman.cpp
View File

@@ -66,6 +66,7 @@ static std::optional<std::pair<WalletDescriptor, FlatSigningProvider>> CreateWal
if (IsTooExpensive(MakeUCharSpan(mocked_descriptor))) return {};
const auto desc_str{MOCKED_DESC_CONVERTER.GetDescriptor(mocked_descriptor)};
if (!desc_str.has_value()) return std::nullopt;
if (HasTooLargeLeafSize(MakeUCharSpan(*desc_str))) return {};
FlatSigningProvider keys;
std::string error;