milksad
/
rust-bitcoin-unsafe-fast
14
0
Fork 0
Code Issues Pull Requests Activity

Merge rust-bitcoin/rust-bitcoin#2803: fuzz: delete CBOR test 

830a6e1b0c fuzz: delete CBOR test (Andrew Poelstra)
91eb50b2db fuzz: add lint to generate-files.sh (Andrew Poelstra)

Pull request description:

  We were using an outdated CBOR crate for MSRV reasons. But this old crate is causing suprious test failures. So delete it. (Sadly, updating the crate doesn't fix the issue, replacing it with ciborium breaks our MSRV tests because it needs a more recent `half` dependency, and replacing it with `minicbor` doesn't work because minicbor is not based on serde. So we don't really have any options.)

  In general, I am suspicious of this decode-then-reencode test. CBOR has some ambiguity in integer encoding. Empirically it has seemed to work for a long time, but this seems more like an indictment of our test than a positive result.

  Also, round-trip testing serde encoding of a byte vector is probably not a great use of our fuzz resources. I don't believe we have ever had a problem with this.

  Fixes #2801

ACKs for top commit:
  tcharding:
    ACK 830a6e1b0c

Tree-SHA512: f207b68da2f0910542cd8b6a35bb2364462030bdf08ac1e954fd9dcdbef47b2035ac85f964adb9590078dfc2151e8fc7fe2ed41ec0919ff937723c5954612a47
This commit is contained in:
Andrew Poelstra 2024-05-25 13:33:11 +00:00
parent 8d5399f881 830a6e1b0c
commit a43f9774db
No known key found for this signature in database
GPG Key ID: C588D63CE41B97C1
6 changed files with 6 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/cron-daily-fuzz.yml vendored
View File

@ -28,7 +28,6 @@ jobs:
bitcoin_deser_net_msg,
bitcoin_outpoint_string,
bitcoin_script_bytes_to_asm_fmt,
hashes_cbor,
hashes_json,
hashes_ripemd160,
hashes_sha1,

18
Cargo-minimal.lock
View File

@ -75,7 +75,6 @@ dependencies = [
"bitcoin",
"honggfuzz",
"serde",
"serde_cbor",
"serde_json",
]
@ -156,12 +155,6 @@ dependencies = [
"wasi",
]
[[package]]
name = "half"
version = "1.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62aca2aba2d62b4a7f5b33f3712cb1b0692779a56fb510499d5c0aa594daeaf3"
[[package]]
name = "hex-conservative"
version = "0.2.0"
@ -386,17 +379,6 @@ dependencies = [
"serde_derive",
]
[[package]]
name = "serde_cbor"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45cd6d95391b16cd57e88b68be41d504183b7faae22030c0cc3b3f73dd57b2fd"
dependencies = [
"byteorder",
"half",
"serde",
]
[[package]]
name = "serde_derive"
version = "1.0.156"

24
Cargo-recent.lock
View File

@ -74,7 +74,6 @@ dependencies = [
"bitcoin",
"honggfuzz",
"serde",
"serde_cbor",
"serde_json",
]
@ -120,12 +119,6 @@ dependencies = [
"cc",
]
[[package]]
name = "byteorder"
version = "1.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
[[package]]
name = "cc"
version = "1.0.79"
@ -155,12 +148,6 @@ dependencies = [
"wasi",
]
[[package]]
name = "half"
version = "1.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62aca2aba2d62b4a7f5b33f3712cb1b0692779a56fb510499d5c0aa594daeaf3"
[[package]]
name = "hex-conservative"
version = "0.2.0"
@ -375,17 +362,6 @@ dependencies = [
"serde_derive",
]
[[package]]
name = "serde_cbor"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45cd6d95391b16cd57e88b68be41d504183b7faae22030c0cc3b3f73dd57b2fd"
dependencies = [
"byteorder",
"half",
"serde",
]
[[package]]
name = "serde_derive"
version = "1.0.156"

11
fuzz/Cargo.toml
View File

@ -15,7 +15,9 @@ bitcoin = { path = "../bitcoin", features = [ "serde" ] }
serde = { version = "1.0.103", features = [ "derive" ] }
serde_json = "1.0"
serde_cbor = "0.9"
[lints.rust]
unexpected_cfgs = { level = "deny", check-cfg = ['cfg(fuzzing)'] }
[[bin]]
name = "bitcoin_deserialize_address"
@ -57,10 +59,6 @@ path = "fuzz_targets/bitcoin/outpoint_string.rs"
name = "bitcoin_script_bytes_to_asm_fmt"
path = "fuzz_targets/bitcoin/script_bytes_to_asm_fmt.rs"
[[bin]]
name = "hashes_cbor"
path = "fuzz_targets/hashes/cbor.rs"
[[bin]]
name = "hashes_json"
path = "fuzz_targets/hashes/json.rs"
@ -88,6 +86,3 @@ path = "fuzz_targets/hashes/sha512.rs"
[[bin]]
name = "units_deserialize_amount"
path = "fuzz_targets/units/deserialize_amount.rs"
[lints.rust]
unexpected_cfgs = { level = "deny", check-cfg = ['cfg(fuzzing)'] }

56
fuzz/fuzz_targets/hashes/cbor.rs
View File

@ -1,56 +0,0 @@
use bitcoin::hashes::{ripemd160, sha1, sha256d, sha512, Hmac};
use honggfuzz::fuzz;
use serde::{Deserialize, Serialize};
#[derive(Deserialize, Serialize)]
struct Hmacs {
sha1: Hmac<sha1::Hash>,
sha512: Hmac<sha512::Hash>,
}
#[derive(Deserialize, Serialize)]
struct Main {
hmacs: Hmacs,
ripemd: ripemd160::Hash,
sha2d: sha256d::Hash,
}
fn do_test(data: &[u8]) {
if let Ok(m) = serde_cbor::from_slice::<Main>(data) {
let vec = serde_cbor::to_vec(&m).unwrap();
assert_eq!(data, &vec[..]);
}
}
fn main() {
loop {
fuzz!(|d| { do_test(d) });
}
}
#[cfg(all(test, fuzzing))]
mod tests {
fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
let mut b = 0;
for (idx, c) in hex.as_bytes().iter().enumerate() {
b <<= 4;
match *c {
b'A'..=b'F' => b |= c - b'A' + 10,
b'a'..=b'f' => b |= c - b'a' + 10,
b'0'..=b'9' => b |= c - b'0',
_ => panic!("Bad hex"),
}
if (idx & 1) == 1 {
out.push(b);
b = 0;
}
}
}
#[test]
fn duplicate_crash() {
let mut a = Vec::new();
extend_vec_from_hex("00000", &mut a);
super::do_test(&a);
}
}

4
fuzz/generate-files.sh
View File

@ -27,7 +27,9 @@ bitcoin = { path = "../bitcoin", features = [ "serde" ] }
serde = { version = "1.0.103", features = [ "derive" ] }
serde_json = "1.0"
serde_cbor = "0.9"
[lints.rust]
unexpected_cfgs = { level = "deny", check-cfg = ['cfg(fuzzing)'] }
EOF
for targetFile in $(listTargetFiles); do