From cab8a6134fe701d3aa99b526910a594a0a4c5e3e Mon Sep 17 00:00:00 2001 From: Bruno Garcia Date: Mon, 3 Mar 2025 12:06:55 -0300 Subject: [PATCH 1/5] fuzz: cover count_sigops{_legacy} for Script --- fuzz/fuzz_targets/bitcoin/deserialize_script.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fuzz/fuzz_targets/bitcoin/deserialize_script.rs b/fuzz/fuzz_targets/bitcoin/deserialize_script.rs index 6943bc64c..2518061e4 100644 --- a/fuzz/fuzz_targets/bitcoin/deserialize_script.rs +++ b/fuzz/fuzz_targets/bitcoin/deserialize_script.rs @@ -10,6 +10,9 @@ fn do_test(data: &[u8]) { let _: Result, script::Error> = script.instructions().collect(); let _ = script.to_string(); + let _ = script.count_sigops(); + let _ = script.count_sigops_legacy(); + let mut b = script::Builder::new(); for ins in script.instructions_minimal() { if ins.is_err() { From eb8ecd5e3cf42bb01dbf6e16422da7b4ddc78b29 Mon Sep 17 00:00:00 2001 From: Bruno Garcia Date: Mon, 3 Mar 2025 12:24:15 -0300 Subject: [PATCH 2/5] fuzz: cover minimal_non_dust for Script --- fuzz/fuzz_targets/bitcoin/deserialize_script.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/fuzz/fuzz_targets/bitcoin/deserialize_script.rs b/fuzz/fuzz_targets/bitcoin/deserialize_script.rs index 2518061e4..866c76983 100644 --- a/fuzz/fuzz_targets/bitcoin/deserialize_script.rs +++ b/fuzz/fuzz_targets/bitcoin/deserialize_script.rs @@ -12,6 +12,7 @@ fn do_test(data: &[u8]) { let _ = script.to_string(); let _ = script.count_sigops(); let _ = script.count_sigops_legacy(); + let _ = script.minimal_non_dust(); let mut b = script::Builder::new(); for ins in script.instructions_minimal() { From 35e7027a083ddfe7674567ab60f9b7d6cf3d0bef Mon Sep 17 00:00:00 2001 From: Bruno Garcia Date: Mon, 3 Mar 2025 13:47:52 -0300 Subject: [PATCH 3/5] fuzz: move consume_random_bytes to a util file --- fuzz/fuzz_targets/bitcoin/deserialize_psbt.rs | 13 ++----------- fuzz/fuzz_targets/bitcoin/fuzz_utils.rs | 11 +++++++++++ 2 files changed, 13 insertions(+), 11 deletions(-) create mode 100644 fuzz/fuzz_targets/bitcoin/fuzz_utils.rs diff --git a/fuzz/fuzz_targets/bitcoin/deserialize_psbt.rs b/fuzz/fuzz_targets/bitcoin/deserialize_psbt.rs index 59d28142c..b3fe54bbd 100644 --- a/fuzz/fuzz_targets/bitcoin/deserialize_psbt.rs +++ b/fuzz/fuzz_targets/bitcoin/deserialize_psbt.rs @@ -1,16 +1,7 @@ use honggfuzz::fuzz; -fn consume_random_bytes<'a>(data: &mut &'a [u8]) -> &'a [u8] { - if data.is_empty() { - return &[]; - } - - let length = (data[0] as usize) % (data.len() + 1); - let (bytes, rest) = data.split_at(length); - *data = rest; - - bytes -} +mod fuzz_utils; +use fuzz_utils::consume_random_bytes; fn do_test(data: &[u8]) { let mut new_data = data; diff --git a/fuzz/fuzz_targets/bitcoin/fuzz_utils.rs b/fuzz/fuzz_targets/bitcoin/fuzz_utils.rs new file mode 100644 index 000000000..518d6a5bd --- /dev/null +++ b/fuzz/fuzz_targets/bitcoin/fuzz_utils.rs @@ -0,0 +1,11 @@ +pub fn consume_random_bytes<'a>(data: &mut &'a [u8]) -> &'a [u8] { + if data.is_empty() { + return &[]; + } + + let length = (data[0] as usize) % (data.len() + 1); + let (bytes, rest) = data.split_at(length); + *data = rest; + + bytes +} From 66fee1ef8722e4ada86c9f5493d0ec5aed1a816b Mon Sep 17 00:00:00 2001 From: Bruno Garcia Date: Mon, 3 Mar 2025 15:05:57 -0300 Subject: [PATCH 4/5] fuzz: add consume_u64 --- fuzz/fuzz_targets/bitcoin/fuzz_utils.rs | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/fuzz/fuzz_targets/bitcoin/fuzz_utils.rs b/fuzz/fuzz_targets/bitcoin/fuzz_utils.rs index 518d6a5bd..aeaa11ae2 100644 --- a/fuzz/fuzz_targets/bitcoin/fuzz_utils.rs +++ b/fuzz/fuzz_targets/bitcoin/fuzz_utils.rs @@ -9,3 +9,25 @@ pub fn consume_random_bytes<'a>(data: &mut &'a [u8]) -> &'a [u8] { bytes } + +#[allow(dead_code)] +pub fn consume_u64(data: &mut &[u8]) -> u64 { + // We need at least 8 bytes to read a u64 + if data.len() < 8 { + return 0; + } + + let (u64_bytes, rest) = data.split_at(8); + *data = rest; + + u64::from_le_bytes([ + u64_bytes[0], + u64_bytes[1], + u64_bytes[2], + u64_bytes[3], + u64_bytes[4], + u64_bytes[5], + u64_bytes[6], + u64_bytes[7], + ]) +} From 08e0d4f0e53d97edd655ec1103d60a2b4715fb91 Mon Sep 17 00:00:00 2001 From: Bruno Garcia Date: Mon, 3 Mar 2025 16:44:04 -0300 Subject: [PATCH 5/5] fuzz: cover minimal_non_dust_custom for Script --- fuzz/fuzz_targets/bitcoin/deserialize_script.rs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fuzz/fuzz_targets/bitcoin/deserialize_script.rs b/fuzz/fuzz_targets/bitcoin/deserialize_script.rs index 866c76983..e7c1191b4 100644 --- a/fuzz/fuzz_targets/bitcoin/deserialize_script.rs +++ b/fuzz/fuzz_targets/bitcoin/deserialize_script.rs @@ -1,11 +1,16 @@ use bitcoin::address::Address; use bitcoin::consensus::encode; use bitcoin::script::{self, ScriptExt as _}; -use bitcoin::Network; +use bitcoin::{FeeRate, Network}; use honggfuzz::fuzz; +mod fuzz_utils; +use fuzz_utils::{consume_random_bytes, consume_u64}; + fn do_test(data: &[u8]) { - let s: Result = encode::deserialize(data); + let mut new_data = data; + let bytes = consume_random_bytes(&mut new_data); + let s: Result = encode::deserialize(bytes); if let Ok(script) = s { let _: Result, script::Error> = script.instructions().collect(); @@ -14,6 +19,9 @@ fn do_test(data: &[u8]) { let _ = script.count_sigops_legacy(); let _ = script.minimal_non_dust(); + let fee_rate = FeeRate::from_sat_per_kwu(consume_u64(&mut new_data)); + let _ = script.minimal_non_dust_custom(fee_rate); + let mut b = script::Builder::new(); for ins in script.instructions_minimal() { if ins.is_err() {