From d445eaa8c3d7f539d0dbdf737a203c410312fb52 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Tue, 20 Mar 2018 11:55:14 -0400 Subject: [PATCH] Update fuzzers to match rust-lightning boilerplate --- fuzz/Cargo.toml | 25 +++++++--- fuzz/fuzz_targets/deserialize_block.rs | 52 ++++++++++++++++++++ fuzz/fuzz_targets/deserialize_script.rs | 52 ++++++++++++++++++++ fuzz/fuzz_targets/deserialize_transaction.rs | 52 ++++++++++++++++++++ fuzz/fuzzers/fuzzer_script_1.rs | 13 ----- 5 files changed, 174 insertions(+), 20 deletions(-) create mode 100644 fuzz/fuzz_targets/deserialize_block.rs create mode 100644 fuzz/fuzz_targets/deserialize_script.rs create mode 100644 fuzz/fuzz_targets/deserialize_transaction.rs delete mode 100644 fuzz/fuzzers/fuzzer_script_1.rs diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 4a9439ff..2274e69b 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -1,4 +1,3 @@ - [package] name = "bitcoin-fuzz" version = "0.0.1" @@ -8,15 +7,27 @@ publish = false [package.metadata] cargo-fuzz = true -[dependencies.bitcoin] -path = ".." -[dependencies.libfuzzer-sys] -git = "https://github.com/rust-fuzz/libfuzzer-sys.git" +[features] +afl_fuzz = ["afl"] +honggfuzz_fuzz = ["honggfuzz"] + +[dependencies] +honggfuzz = { version = "0.5", optional = true } +afl = { version = "0.3", optional = true } +bitcoin = { path = "..", features = ["fuzztarget"] } # Prevent this from interfering with workspaces [workspace] members = ["."] [[bin]] -name = "fuzzer_script_1" -path = "fuzzers/fuzzer_script_1.rs" +name = "deserialize_block" +path = "fuzz_targets/deserialize_block.rs" + +[[bin]] +name = "deserialize_script" +path = "fuzz_targets/deserialize_script.rs" + +[[bin]] +name = "deserialize_transaction" +path = "fuzz_targets/deserialize_transaction.rs" diff --git a/fuzz/fuzz_targets/deserialize_block.rs b/fuzz/fuzz_targets/deserialize_block.rs new file mode 100644 index 00000000..52ba0cb3 --- /dev/null +++ b/fuzz/fuzz_targets/deserialize_block.rs @@ -0,0 +1,52 @@ +extern crate bitcoin; +type BResult = Result; +fn do_test(data: &[u8]) { + let _: BResult = bitcoin::network::serialize::deserialize(data); +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + fn extend_vec_from_hex(hex: &str, out: &mut Vec) { + let mut b = 0; + for (idx, c) in hex.as_bytes().iter().enumerate() { + b <<= 4; + match *c { + b'A'...b'F' => b |= c - b'A' + 10, + b'a'...b'f' => b |= c - b'a' + 10, + b'0'...b'9' => b |= c - b'0', + _ => panic!("Bad hex"), + } + if (idx & 1) == 1 { + out.push(b); + b = 0; + } + } + } + + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/deserialize_script.rs b/fuzz/fuzz_targets/deserialize_script.rs new file mode 100644 index 00000000..b336af06 --- /dev/null +++ b/fuzz/fuzz_targets/deserialize_script.rs @@ -0,0 +1,52 @@ +extern crate bitcoin; +type BResult = Result; +fn do_test(data: &[u8]) { + let _: BResult = bitcoin::network::serialize::deserialize(data); +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + fn extend_vec_from_hex(hex: &str, out: &mut Vec) { + let mut b = 0; + for (idx, c) in hex.as_bytes().iter().enumerate() { + b <<= 4; + match *c { + b'A'...b'F' => b |= c - b'A' + 10, + b'a'...b'f' => b |= c - b'a' + 10, + b'0'...b'9' => b |= c - b'0', + _ => panic!("Bad hex"), + } + if (idx & 1) == 1 { + out.push(b); + b = 0; + } + } + } + + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/deserialize_transaction.rs b/fuzz/fuzz_targets/deserialize_transaction.rs new file mode 100644 index 00000000..13c6772e --- /dev/null +++ b/fuzz/fuzz_targets/deserialize_transaction.rs @@ -0,0 +1,52 @@ +extern crate bitcoin; +type BResult = Result; +fn do_test(data: &[u8]) { + let _: BResult = bitcoin::network::serialize::deserialize(data); +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + fn extend_vec_from_hex(hex: &str, out: &mut Vec) { + let mut b = 0; + for (idx, c) in hex.as_bytes().iter().enumerate() { + b <<= 4; + match *c { + b'A'...b'F' => b |= c - b'A' + 10, + b'a'...b'f' => b |= c - b'a' + 10, + b'0'...b'9' => b |= c - b'0', + _ => panic!("Bad hex"), + } + if (idx & 1) == 1 { + out.push(b); + b = 0; + } + } + } + + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzzers/fuzzer_script_1.rs b/fuzz/fuzzers/fuzzer_script_1.rs deleted file mode 100644 index d99c60cb..00000000 --- a/fuzz/fuzzers/fuzzer_script_1.rs +++ /dev/null @@ -1,13 +0,0 @@ -#![no_main] -#[macro_use] extern crate libfuzzer_sys; -extern crate bitcoin; - -type BResult = Result; -//type BResult = Result; -//type BResult = Result; -//type BResult = Result; -//type BResult = Result; - -fuzz_target!(|data: &[u8]| { - let _: BResult = bitcoin::network::serialize::deserialize(data); -});