Added fuzz test for `Script::bytes_to_asm_fmt`

This adds fuzz target for `Script::bytes_to_asm_fmt` which could panic due to overflow in the past. Fuzzing should decrease the risk of other panics.
2021-09-30 14:35:05 +02:00 · 2021-09-30 14:35:05 +02:00 · 0e1b99359c
parent 49bd3af449
commit 0e1b99359c
3 changed files with 46 additions and 1 deletions
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@ -11,7 +11,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        fuzz_target: [deser_net_msg, deserialize_address, deserialize_amount, deserialize_block, deserialize_psbt, deserialize_script, deserialize_transaction, outpoint_string, uint128_fuzz]
+        fuzz_target: [deser_net_msg, deserialize_address, deserialize_amount, deserialize_block, deserialize_psbt, deserialize_script, deserialize_transaction, outpoint_string, uint128_fuzz, script_bytes_to_asm_fmt]
    steps:
      - name: Install test dependencies
        run: sudo apt-get update -y && sudo apt-get install -y binutils-dev libunwind8-dev libcurl4-openssl-dev libelf-dev libdw-dev cmake gcc libiberty-dev
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@ -55,3 +55,7 @@ path = "fuzz_targets/deser_net_msg.rs"
 [[bin]]
 name = "uint128_fuzz"
 path = "fuzz_targets/uint128_fuzz.rs"
+
+[[bin]]
+name = "script_bytes_to_asm_fmt"
+path = "fuzz_targets/script_bytes_to_asm_fmt.rs"
--- a/fuzz/fuzz_targets/script_bytes_to_asm_fmt.rs
+++ b/fuzz/fuzz_targets/script_bytes_to_asm_fmt.rs
@ -0,0 +1,41 @@
+extern crate bitcoin;
+
+use std::fmt;
+
+// faster than String, we don't need to actually produce the value, just check absence of panics
+struct NullWriter;
+
+impl fmt::Write for NullWriter {
+    fn write_str(&mut self, _s: &str) -> fmt::Result {
+        Ok(())
+    }
+
+    fn write_char(&mut self, _c: char) -> fmt::Result {
+        Ok(())
+    }
+}
+
+fn do_test(data: &[u8]) {
+    let mut writer = NullWriter;
+    bitcoin::Script::bytes_to_asm_fmt(data, &mut writer);
+}
+
+#[cfg(feature = "afl")]
+#[macro_use] extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+    fuzz!(|data| {
+        do_test(&data);
+    });
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+    loop {
+        fuzz!(|data| {
+            do_test(data);
+        });
+    }
+}