Browse Source

Merge #10409: [tests] Add fuzz testing for BlockTransactions and BlockTransactionsRequest

fd3a2f3 [tests] Add fuzz testing for BlockTransactions and BlockTransactionsRequest (practicalswift)

Pull request description:

  The `BlockTransactions` deserialization code is reachable with tainted data via `ProcessMessage(…, "BLOCKTXN", vRecv [tainted], …)`.

  The same thing applies to `BlockTransactionsRequest` which is reachable via `"GETBLOCKTXN"`.

Tree-SHA512: 64560ea344bc6145b940472f99866b808725745b060dedfb315be400bd94e55399f50b982149645bd7af7ed9935fd28751d7daf0d3f94a8e2ed3bc52e3325ffb
0.16
Wladimir J. van der Laan 7 years ago
parent
commit
b5545d8df9
No known key found for this signature in database
GPG Key ID: 1E4AED62986CD25D
  1. 23
      src/test/test_bitcoin_fuzzy.cpp

23
src/test/test_bitcoin_fuzzy.cpp

@ -19,6 +19,7 @@ @@ -19,6 +19,7 @@
#include "undo.h"
#include "version.h"
#include "pubkey.h"
#include "blockencodings.h"
#include <stdint.h>
#include <unistd.h>
@ -45,6 +46,8 @@ enum TEST_ID { @@ -45,6 +46,8 @@ enum TEST_ID {
CBLOOMFILTER_DESERIALIZE,
CDISKBLOCKINDEX_DESERIALIZE,
CTXOUTCOMPRESSOR_DESERIALIZE,
BLOCKTRANSACTIONS_DESERIALIZE,
BLOCKTRANSACTIONSREQUEST_DESERIALIZE,
TEST_ID_END
};
@ -245,6 +248,26 @@ int test_one_input(std::vector<uint8_t> buffer) { @@ -245,6 +248,26 @@ int test_one_input(std::vector<uint8_t> buffer) {
break;
}
case BLOCKTRANSACTIONS_DESERIALIZE:
{
try
{
BlockTransactions bt;
ds >> bt;
} catch (const std::ios_base::failure& e) {return 0;}
break;
}
case BLOCKTRANSACTIONSREQUEST_DESERIALIZE:
{
try
{
BlockTransactionsRequest btr;
ds >> btr;
} catch (const std::ios_base::failure& e) {return 0;}
break;
}
default:
return 0;
}

Loading…
Cancel
Save