Added fuzz test for `Script::bytes_to_asm_fmt`

This adds fuzz target for `Script::bytes_to_asm_fmt` which could
panic due to overflow in the past. Fuzzing should decrease the risk of
other panics.
This commit is contained in:
Martin Habovstiak 2021-09-30 14:35:05 +02:00
parent 49bd3af449
commit 0e1b99359c
3 changed files with 46 additions and 1 deletions

View File

@ -11,7 +11,7 @@ jobs:
strategy:
fail-fast: false
matrix:
fuzz_target: [deser_net_msg, deserialize_address, deserialize_amount, deserialize_block, deserialize_psbt, deserialize_script, deserialize_transaction, outpoint_string, uint128_fuzz]
fuzz_target: [deser_net_msg, deserialize_address, deserialize_amount, deserialize_block, deserialize_psbt, deserialize_script, deserialize_transaction, outpoint_string, uint128_fuzz, script_bytes_to_asm_fmt]
steps:
- name: Install test dependencies
run: sudo apt-get update -y && sudo apt-get install -y binutils-dev libunwind8-dev libcurl4-openssl-dev libelf-dev libdw-dev cmake gcc libiberty-dev

View File

@ -55,3 +55,7 @@ path = "fuzz_targets/deser_net_msg.rs"
[[bin]]
name = "uint128_fuzz"
path = "fuzz_targets/uint128_fuzz.rs"
[[bin]]
name = "script_bytes_to_asm_fmt"
path = "fuzz_targets/script_bytes_to_asm_fmt.rs"

View File

@ -0,0 +1,41 @@
extern crate bitcoin;
use std::fmt;
// faster than String, we don't need to actually produce the value, just check absence of panics
struct NullWriter;
impl fmt::Write for NullWriter {
fn write_str(&mut self, _s: &str) -> fmt::Result {
Ok(())
}
fn write_char(&mut self, _c: char) -> fmt::Result {
Ok(())
}
}
fn do_test(data: &[u8]) {
let mut writer = NullWriter;
bitcoin::Script::bytes_to_asm_fmt(data, &mut writer);
}
#[cfg(feature = "afl")]
#[macro_use] extern crate afl;
#[cfg(feature = "afl")]
fn main() {
fuzz!(|data| {
do_test(&data);
});
}
#[cfg(feature = "honggfuzz")]
#[macro_use] extern crate honggfuzz;
#[cfg(feature = "honggfuzz")]
fn main() {
loop {
fuzz!(|data| {
do_test(data);
});
}
}