From fabac1b3950e4bc9716f9b3c17b8f02952d6b974 Mon Sep 17 00:00:00 2001 From: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz> Date: Thu, 8 Jan 2026 11:31:20 +0100 Subject: [PATCH] fuzz: Reject some more "expensive" descriptors in the scriptpubkeyman target The same are rejected in the descriptor_parse target, so it makes sense to reject them here as well. --- src/wallet/test/fuzz/scriptpubkeyman.cpp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/wallet/test/fuzz/scriptpubkeyman.cpp b/src/wallet/test/fuzz/scriptpubkeyman.cpp index ea1431a7cf0..ff9d1cc0d33 100644 --- a/src/wallet/test/fuzz/scriptpubkeyman.cpp +++ b/src/wallet/test/fuzz/scriptpubkeyman.cpp @@ -51,20 +51,19 @@ void initialize_spkm() } /** - * Key derivation is expensive. Deriving deep derivation paths take a lot of compute and we'd rather spend time - * elsewhere in this target, like on actually fuzzing the DescriptorScriptPubKeyMan. So rule out strings which could - * correspond to a descriptor containing a too large derivation path. + * Deriving "expensive" descriptors will consume useful fuzz compute. The + * compute is better spent on a smaller subset of descriptors, which still + * covers all real end-user settings. */ -static bool TooDeepDerivPath(std::string_view desc) +static bool IsTooExpensive(std::span desc) { - const FuzzBufferType desc_buf{reinterpret_cast(desc.data()), desc.size()}; - return HasDeepDerivPath(desc_buf); + return HasDeepDerivPath(desc) || HasTooManySubFrag(desc) || HasTooManyWrappers(desc); } static std::optional> CreateWalletDescriptor(FuzzedDataProvider& fuzzed_data_provider) { const std::string mocked_descriptor{fuzzed_data_provider.ConsumeRandomLengthString()}; - if (TooDeepDerivPath(mocked_descriptor)) return {}; + if (IsTooExpensive(MakeUCharSpan(mocked_descriptor))) return {}; const auto desc_str{MOCKED_DESC_CONVERTER.GetDescriptor(mocked_descriptor)}; if (!desc_str.has_value()) return std::nullopt;