src/test/test_bitcoin_fuzzy.cpp

   1 // Copyright (c) 2009-2016 The Bitcoin Core developers
   2 // Distributed under the MIT software license, see the accompanying
   3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
   4
   5 #if defined(HAVE_CONFIG_H)
   6 #include "config/bitcoin-config.h"
   7 #endif
   8
   9 #include "consensus/merkle.h"
  10 #include "primitives/block.h"
  11 #include "script/script.h"
  12 #include "addrman.h"
  13 #include "chain.h"
  14 #include "coins.h"
  15 #include "compressor.h"
  16 #include "net.h"
  17 #include "protocol.h"
  18 #include "streams.h"
  19 #include "undo.h"
  20 #include "version.h"
  21 #include "pubkey.h"
  22 #include "blockencodings.h"
  23
  24 #include <stdint.h>
  25 #include <unistd.h>
  26
  27 #include <algorithm>
  28 #include <vector>
  29
  30 enum TEST_ID {
  31     CBLOCK_DESERIALIZE=0,
  32     CTRANSACTION_DESERIALIZE,
  33     CBLOCKLOCATOR_DESERIALIZE,
  34     CBLOCKMERKLEROOT,
  35     CADDRMAN_DESERIALIZE,
  36     CBLOCKHEADER_DESERIALIZE,
  37     CBANENTRY_DESERIALIZE,
  38     CTXUNDO_DESERIALIZE,
  39     CBLOCKUNDO_DESERIALIZE,
  40     CCOINS_DESERIALIZE,
  41     CNETADDR_DESERIALIZE,
  42     CSERVICE_DESERIALIZE,
  43     CMESSAGEHEADER_DESERIALIZE,
  44     CADDRESS_DESERIALIZE,
  45     CINV_DESERIALIZE,
  46     CBLOOMFILTER_DESERIALIZE,
  47     CDISKBLOCKINDEX_DESERIALIZE,
  48     CTXOUTCOMPRESSOR_DESERIALIZE,
  49     BLOCKTRANSACTIONS_DESERIALIZE,
  50     BLOCKTRANSACTIONSREQUEST_DESERIALIZE,
  51     TEST_ID_END
  52 };
  53
  54 bool read_stdin(std::vector<uint8_t> &data) {
  55     uint8_t buffer[1024];
  56     ssize_t length=0;
  57     while((length = read(STDIN_FILENO, buffer, 1024)) > 0) {
  58         data.insert(data.end(), buffer, buffer+length);
  59
  60         if (data.size() > (1<<20)) return false;
  61     }
  62     return length==0;
  63 }
  64
  65 int test_one_input(std::vector<uint8_t> buffer) {
  66     if (buffer.size() < sizeof(uint32_t)) return 0;
  67
  68     uint32_t test_id = 0xffffffff;
  69     memcpy(&test_id, buffer.data(), sizeof(uint32_t));
  70     buffer.erase(buffer.begin(), buffer.begin() + sizeof(uint32_t));
  71
  72     if (test_id >= TEST_ID_END) return 0;
  73
  74     CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
  75     try {
  76         int nVersion;
  77         ds >> nVersion;
  78         ds.SetVersion(nVersion);
  79     } catch (const std::ios_base::failure& e) {
  80         return 0;
  81     }
  82
  83     switch(test_id) {
  84         case CBLOCK_DESERIALIZE:
  85         {
  86             try
  87             {
  88                 CBlock block;
  89                 ds >> block;
  90             } catch (const std::ios_base::failure& e) {return 0;}
  91             break;
  92         }
  93         case CTRANSACTION_DESERIALIZE:
  94         {
  95             try
  96             {
  97                 CTransaction tx(deserialize, ds);
  98             } catch (const std::ios_base::failure& e) {return 0;}
  99             break;
 100         }
 101         case CBLOCKLOCATOR_DESERIALIZE:
 102         {
 103             try
 104             {
 105                 CBlockLocator bl;
 106                 ds >> bl;
 107             } catch (const std::ios_base::failure& e) {return 0;}
 108             break;
 109         }
 110         case CBLOCKMERKLEROOT:
 111         {
 112             try
 113             {
 114                 CBlock block;
 115                 ds >> block;
 116                 bool mutated;
 117                 BlockMerkleRoot(block, &mutated);
 118             } catch (const std::ios_base::failure& e) {return 0;}
 119             break;
 120         }
 121         case CADDRMAN_DESERIALIZE:
 122         {
 123             try
 124             {
 125                 CAddrMan am;
 126                 ds >> am;
 127             } catch (const std::ios_base::failure& e) {return 0;}
 128             break;
 129         }
 130         case CBLOCKHEADER_DESERIALIZE:
 131         {
 132             try
 133             {
 134                 CBlockHeader bh;
 135                 ds >> bh;
 136             } catch (const std::ios_base::failure& e) {return 0;}
 137             break;
 138         }
 139         case CBANENTRY_DESERIALIZE:
 140         {
 141             try
 142             {
 143                 CBanEntry be;
 144                 ds >> be;
 145             } catch (const std::ios_base::failure& e) {return 0;}
 146             break;
 147         }
 148         case CTXUNDO_DESERIALIZE:
 149         {
 150             try
 151             {
 152                 CTxUndo tu;
 153                 ds >> tu;
 154             } catch (const std::ios_base::failure& e) {return 0;}
 155             break;
 156         }
 157         case CBLOCKUNDO_DESERIALIZE:
 158         {
 159             try
 160             {
 161                 CBlockUndo bu;
 162                 ds >> bu;
 163             } catch (const std::ios_base::failure& e) {return 0;}
 164             break;
 165         }
 166         case CCOINS_DESERIALIZE:
 167         {
 168             try
 169             {
 170                 Coin coin;
 171                 ds >> coin;
 172             } catch (const std::ios_base::failure& e) {return 0;}
 173             break;
 174         }
 175         case CNETADDR_DESERIALIZE:
 176         {
 177             try
 178             {
 179                 CNetAddr na;
 180                 ds >> na;
 181             } catch (const std::ios_base::failure& e) {return 0;}
 182             break;
 183         }
 184         case CSERVICE_DESERIALIZE:
 185         {
 186             try
 187             {
 188                 CService s;
 189                 ds >> s;
 190             } catch (const std::ios_base::failure& e) {return 0;}
 191             break;
 192         }
 193         case CMESSAGEHEADER_DESERIALIZE:
 194         {
 195             CMessageHeader::MessageStartChars pchMessageStart = {0x00, 0x00, 0x00, 0x00};
 196             try
 197             {
 198                 CMessageHeader mh(pchMessageStart);
 199                 ds >> mh;
 200                 if (!mh.IsValid(pchMessageStart)) {return 0;}
 201             } catch (const std::ios_base::failure& e) {return 0;}
 202             break;
 203         }
 204         case CADDRESS_DESERIALIZE:
 205         {
 206             try
 207             {
 208                 CAddress a;
 209                 ds >> a;
 210             } catch (const std::ios_base::failure& e) {return 0;}
 211             break;
 212         }
 213         case CINV_DESERIALIZE:
 214         {
 215             try
 216             {
 217                 CInv i;
 218                 ds >> i;
 219             } catch (const std::ios_base::failure& e) {return 0;}
 220             break;
 221         }
 222         case CBLOOMFILTER_DESERIALIZE:
 223         {
 224             try
 225             {
 226                 CBloomFilter bf;
 227                 ds >> bf;
 228             } catch (const std::ios_base::failure& e) {return 0;}
 229             break;
 230         }
 231         case CDISKBLOCKINDEX_DESERIALIZE:
 232         {
 233             try
 234             {
 235                 CDiskBlockIndex dbi;
 236                 ds >> dbi;
 237             } catch (const std::ios_base::failure& e) {return 0;}
 238             break;
 239         }
 240         case CTXOUTCOMPRESSOR_DESERIALIZE:
 241         {
 242             CTxOut to;
 243             CTxOutCompressor toc(to);
 244             try
 245             {
 246                 ds >> toc;
 247             } catch (const std::ios_base::failure& e) {return 0;}
 248
 249             break;
 250         }
 251         case BLOCKTRANSACTIONS_DESERIALIZE:
 252         {
 253             try
 254             {
 255                 BlockTransactions bt;
 256                 ds >> bt;
 257             } catch (const std::ios_base::failure& e) {return 0;}
 258
 259             break;
 260         }
 261         case BLOCKTRANSACTIONSREQUEST_DESERIALIZE:
 262         {
 263             try
 264             {
 265                 BlockTransactionsRequest btr;
 266                 ds >> btr;
 267             } catch (const std::ios_base::failure& e) {return 0;}
 268
 269             break;
 270         }
 271         default:
 272             return 0;
 273     }
 274     return 0;
 275 }
 276
 277 static std::unique_ptr<ECCVerifyHandle> globalVerifyHandle;
 278 void initialize() {
 279     globalVerifyHandle = std::unique_ptr<ECCVerifyHandle>(new ECCVerifyHandle());
 280 }
 281
 282 // This function is used by libFuzzer
 283 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 284     test_one_input(std::vector<uint8_t>(data, data + size));
 285     return 0;
 286 }
 287
 288 // This function is used by libFuzzer
 289 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
 290     initialize();
 291     return 0;
 292 }
 293
 294 // Disabled under WIN32 due to clash with Cygwin's WinMain.
 295 #ifndef WIN32
 296 // Declare main(...) "weak" to allow for libFuzzer linking. libFuzzer provides
 297 // the main(...) function.
 298 __attribute__((weak))
 299 #endif
 300 int main(int argc, char **argv)
 301 {
 302     initialize();
 303 #ifdef __AFL_INIT
 304     // Enable AFL deferred forkserver mode. Requires compilation using
 305     // afl-clang-fast++. See fuzzing.md for details.
 306     __AFL_INIT();
 307 #endif
 308
 309 #ifdef __AFL_LOOP
 310     // Enable AFL persistent mode. Requires compilation using afl-clang-fast++.
 311     // See fuzzing.md for details.
 312     int ret = 0;
 313     while (__AFL_LOOP(1000)) {
 314         std::vector<uint8_t> buffer;
 315         if (!read_stdin(buffer)) {
 316             continue;
 317         }
 318         ret = test_one_input(buffer);
 319     }
 320     return ret;
 321 #else
 322     std::vector<uint8_t> buffer;
 323     if (!read_stdin(buffer)) {
 324         return 0;
 325     }
 326     return test_one_input(buffer);
 327 #endif
 328 }