Bitcoin Core  24.99.0
P2P Digital Currency
util.cpp
Go to the documentation of this file.
1 // Copyright (c) 2021-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <consensus/amount.h>
6 #include <pubkey.h>
7 #include <test/fuzz/util.h>
8 #include <test/util/script.h>
9 #include <util/check.h>
10 #include <util/overflow.h>
11 #include <util/rbf.h>
12 #include <util/time.h>
13 #include <version.h>
14 
15 #include <memory>
16 
17 CAmount ConsumeMoney(FuzzedDataProvider& fuzzed_data_provider, const std::optional<CAmount>& max) noexcept
18 {
19  return fuzzed_data_provider.ConsumeIntegralInRange<CAmount>(0, max.value_or(MAX_MONEY));
20 }
21 
22 int64_t ConsumeTime(FuzzedDataProvider& fuzzed_data_provider, const std::optional<int64_t>& min, const std::optional<int64_t>& max) noexcept
23 {
24  // Avoid t=0 (1970-01-01T00:00:00Z) since SetMockTime(0) disables mocktime.
25  static const int64_t time_min{946684801}; // 2000-01-01T00:00:01Z
26  static const int64_t time_max{4133980799}; // 2100-12-31T23:59:59Z
27  return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(min.value_or(time_min), max.value_or(time_max));
28 }
29 
30 CMutableTransaction ConsumeTransaction(FuzzedDataProvider& fuzzed_data_provider, const std::optional<std::vector<uint256>>& prevout_txids, const int max_num_in, const int max_num_out) noexcept
31 {
32  CMutableTransaction tx_mut;
33  const auto p2wsh_op_true = fuzzed_data_provider.ConsumeBool();
34  tx_mut.nVersion = fuzzed_data_provider.ConsumeBool() ?
35  CTransaction::CURRENT_VERSION :
36  fuzzed_data_provider.ConsumeIntegral<int32_t>();
37  tx_mut.nLockTime = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
38  const auto num_in = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, max_num_in);
39  const auto num_out = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, max_num_out);
40  for (int i = 0; i < num_in; ++i) {
41  const auto& txid_prev = prevout_txids ?
42  PickValue(fuzzed_data_provider, *prevout_txids) :
43  ConsumeUInt256(fuzzed_data_provider);
44  const auto index_out = fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, max_num_out);
45  const auto sequence = ConsumeSequence(fuzzed_data_provider);
46  const auto script_sig = p2wsh_op_true ? CScript{} : ConsumeScript(fuzzed_data_provider);
47  CScriptWitness script_wit;
48  if (p2wsh_op_true) {
49  script_wit.stack = std::vector<std::vector<uint8_t>>{WITNESS_STACK_ELEM_OP_TRUE};
50  } else {
51  script_wit = ConsumeScriptWitness(fuzzed_data_provider);
52  }
53  CTxIn in;
54  in.prevout = COutPoint{txid_prev, index_out};
55  in.nSequence = sequence;
56  in.scriptSig = script_sig;
57  in.scriptWitness = script_wit;
58 
59  tx_mut.vin.push_back(in);
60  }
61  for (int i = 0; i < num_out; ++i) {
62  const auto amount = fuzzed_data_provider.ConsumeIntegralInRange<CAmount>(-10, 50 * COIN + 10);
63  const auto script_pk = p2wsh_op_true ?
64  P2WSH_OP_TRUE :
65  ConsumeScript(fuzzed_data_provider, /*maybe_p2wsh=*/true);
66  tx_mut.vout.emplace_back(amount, script_pk);
67  }
68  return tx_mut;
69 }
70 
71 CScriptWitness ConsumeScriptWitness(FuzzedDataProvider& fuzzed_data_provider, const size_t max_stack_elem_size) noexcept
72 {
73  CScriptWitness ret;
74  const auto n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_stack_elem_size);
75  for (size_t i = 0; i < n_elements; ++i) {
76  ret.stack.push_back(ConsumeRandomLengthByteVector(fuzzed_data_provider));
77  }
78  return ret;
79 }
80 
81 CScript ConsumeScript(FuzzedDataProvider& fuzzed_data_provider, const bool maybe_p2wsh) noexcept
82 {
83  CScript r_script{};
84  {
85  // Keep a buffer of bytes to allow the fuzz engine to produce smaller
86  // inputs to generate CScripts with repeated data.
87  static constexpr unsigned MAX_BUFFER_SZ{128};
88  std::vector<uint8_t> buffer(MAX_BUFFER_SZ, uint8_t{'a'});
89  while (fuzzed_data_provider.ConsumeBool()) {
90  CallOneOf(
91  fuzzed_data_provider,
92  [&] {
93  // Insert byte vector directly to allow malformed or unparsable scripts
94  r_script.insert(r_script.end(), buffer.begin(), buffer.begin() + fuzzed_data_provider.ConsumeIntegralInRange(0U, MAX_BUFFER_SZ));
95  },
96  [&] {
97  // Push a byte vector from the buffer
98  r_script << std::vector<uint8_t>{buffer.begin(), buffer.begin() + fuzzed_data_provider.ConsumeIntegralInRange(0U, MAX_BUFFER_SZ)};
99  },
100  [&] {
101  // Push multisig
102  // There is a special case for this to aid the fuzz engine
103  // navigate the highly structured multisig format.
104  r_script << fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, 22);
105  int num_data{fuzzed_data_provider.ConsumeIntegralInRange(1, 22)};
106  std::vector<uint8_t> pubkey_comp{buffer.begin(), buffer.begin() + CPubKey::COMPRESSED_SIZE};
107  pubkey_comp.front() = fuzzed_data_provider.ConsumeIntegralInRange(2, 3); // Set first byte for GetLen() to pass
108  std::vector<uint8_t> pubkey_uncomp{buffer.begin(), buffer.begin() + CPubKey::SIZE};
109  pubkey_uncomp.front() = fuzzed_data_provider.ConsumeIntegralInRange(4, 7); // Set first byte for GetLen() to pass
110  while (num_data--) {
111  auto& pubkey{fuzzed_data_provider.ConsumeBool() ? pubkey_uncomp : pubkey_comp};
112  if (fuzzed_data_provider.ConsumeBool()) {
113  pubkey.back() = num_data; // Make each pubkey different
114  }
115  r_script << pubkey;
116  }
117  r_script << fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, 22);
118  },
119  [&] {
120  // Mutate the buffer
121  const auto vec{ConsumeRandomLengthByteVector(fuzzed_data_provider, /*max_length=*/MAX_BUFFER_SZ)};
122  std::copy(vec.begin(), vec.end(), buffer.begin());
123  },
124  [&] {
125  // Push an integral
126  r_script << fuzzed_data_provider.ConsumeIntegral<int64_t>();
127  },
128  [&] {
129  // Push an opcode
130  r_script << ConsumeOpcodeType(fuzzed_data_provider);
131  },
132  [&] {
133  // Push a scriptnum
134  r_script << ConsumeScriptNum(fuzzed_data_provider);
135  });
136  }
137  }
138  if (maybe_p2wsh && fuzzed_data_provider.ConsumeBool()) {
139  uint256 script_hash;
140  CSHA256().Write(r_script.data(), r_script.size()).Finalize(script_hash.begin());
141  r_script.clear();
142  r_script << OP_0 << ToByteVector(script_hash);
143  }
144  return r_script;
145 }
146 
147 uint32_t ConsumeSequence(FuzzedDataProvider& fuzzed_data_provider) noexcept
148 {
149  return fuzzed_data_provider.ConsumeBool() ?
150  fuzzed_data_provider.PickValueInArray({
151  CTxIn::SEQUENCE_FINAL,
152  CTxIn::MAX_SEQUENCE_NONFINAL,
153  MAX_BIP125_RBF_SEQUENCE,
154  }) :
155  fuzzed_data_provider.ConsumeIntegral<uint32_t>();
156 }
157 
158 CTxDestination ConsumeTxDestination(FuzzedDataProvider& fuzzed_data_provider) noexcept
159 {
160  CTxDestination tx_destination;
161  const size_t call_size{CallOneOf(
162  fuzzed_data_provider,
163  [&] {
164  tx_destination = CNoDestination{};
165  },
166  [&] {
167  tx_destination = PKHash{ConsumeUInt160(fuzzed_data_provider)};
168  },
169  [&] {
170  tx_destination = ScriptHash{ConsumeUInt160(fuzzed_data_provider)};
171  },
172  [&] {
173  tx_destination = WitnessV0ScriptHash{ConsumeUInt256(fuzzed_data_provider)};
174  },
175  [&] {
176  tx_destination = WitnessV0KeyHash{ConsumeUInt160(fuzzed_data_provider)};
177  },
178  [&] {
179  tx_destination = WitnessV1Taproot{XOnlyPubKey{ConsumeUInt256(fuzzed_data_provider)}};
180  },
181  [&] {
182  WitnessUnknown witness_unknown{};
183  witness_unknown.version = fuzzed_data_provider.ConsumeIntegralInRange(2, 16);
184  std::vector<uint8_t> witness_unknown_program_1{fuzzed_data_provider.ConsumeBytes<uint8_t>(40)};
185  if (witness_unknown_program_1.size() < 2) {
186  witness_unknown_program_1 = {0, 0};
187  }
188  witness_unknown.length = witness_unknown_program_1.size();
189  std::copy(witness_unknown_program_1.begin(), witness_unknown_program_1.end(), witness_unknown.program);
190  tx_destination = witness_unknown;
191  })};
192  Assert(call_size == std::variant_size_v<CTxDestination>);
193  return tx_destination;
194 }
195 
196 bool ContainsSpentInput(const CTransaction& tx, const CCoinsViewCache& inputs) noexcept
197 {
198  for (const CTxIn& tx_in : tx.vin) {
199  const Coin& coin = inputs.AccessCoin(tx_in.prevout);
200  if (coin.IsSpent()) {
201  return true;
202  }
203  }
204  return false;
205 }
206 
207 FILE* FuzzedFileProvider::open()
208 {
209  SetFuzzedErrNo(m_fuzzed_data_provider);
210  if (m_fuzzed_data_provider.ConsumeBool()) {
211  return nullptr;
212  }
213  std::string mode;
214  CallOneOf(
215  m_fuzzed_data_provider,
216  [&] {
217  mode = "r";
218  },
219  [&] {
220  mode = "r+";
221  },
222  [&] {
223  mode = "w";
224  },
225  [&] {
226  mode = "w+";
227  },
228  [&] {
229  mode = "a";
230  },
231  [&] {
232  mode = "a+";
233  });
234 #if defined _GNU_SOURCE && !defined __ANDROID__
235  const cookie_io_functions_t io_hooks = {
236  FuzzedFileProvider::read,
237  FuzzedFileProvider::write,
238  FuzzedFileProvider::seek,
239  FuzzedFileProvider::close,
240  };
241  return fopencookie(this, mode.c_str(), io_hooks);
242 #else
243  (void)mode;
244  return nullptr;
245 #endif
246 }
247 
248 ssize_t FuzzedFileProvider::read(void* cookie, char* buf, size_t size)
249 {
250  FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
251  SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
252  if (buf == nullptr || size == 0 || fuzzed_file->m_fuzzed_data_provider.ConsumeBool()) {
253  return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
254  }
255  const std::vector<uint8_t> random_bytes = fuzzed_file->m_fuzzed_data_provider.ConsumeBytes<uint8_t>(size);
256  if (random_bytes.empty()) {
257  return 0;
258  }
259  std::memcpy(buf, random_bytes.data(), random_bytes.size());
260  if (AdditionOverflow(fuzzed_file->m_offset, (int64_t)random_bytes.size())) {
261  return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
262  }
263  fuzzed_file->m_offset += random_bytes.size();
264  return random_bytes.size();
265 }
266 
267 ssize_t FuzzedFileProvider::write(void* cookie, const char* buf, size_t size)
268 {
269  FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
270  SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
271  const ssize_t n = fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<ssize_t>(0, size);
272  if (AdditionOverflow(fuzzed_file->m_offset, (int64_t)n)) {
273  return 0;
274  }
275  fuzzed_file->m_offset += n;
276  return n;
277 }
278 
279 int FuzzedFileProvider::seek(void* cookie, int64_t* offset, int whence)
280 {
281  assert(whence == SEEK_SET || whence == SEEK_CUR || whence == SEEK_END);
282  FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
283  SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
284  int64_t new_offset = 0;
285  if (whence == SEEK_SET) {
286  new_offset = *offset;
287  } else if (whence == SEEK_CUR) {
288  if (AdditionOverflow(fuzzed_file->m_offset, *offset)) {
289  return -1;
290  }
291  new_offset = fuzzed_file->m_offset + *offset;
292  } else if (whence == SEEK_END) {
293  const int64_t n = fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, 4096);
294  if (AdditionOverflow(n, *offset)) {
295  return -1;
296  }
297  new_offset = n + *offset;
298  }
299  if (new_offset < 0) {
300  return -1;
301  }
302  fuzzed_file->m_offset = new_offset;
303  *offset = new_offset;
304  return fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<int>(-1, 0);
305 }
306 
307 int FuzzedFileProvider::close(void* cookie)
308 {
309  FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
310  SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
311  return fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<int>(-1, 0);
312 }
MAX_MONEY
static constexpr CAmount MAX_MONEY
No amount larger than this (in satoshi) is valid.
Definition: amount.h:26
CAmount
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
COIN
static constexpr CAmount COIN
The amount of satoshis in one BTC.
Definition: amount.h:15
ret
int ret
Definition: bitcoin-cli.cpp:1254
Assert
#define Assert(val)
Identity function.
Definition: check.h:73
CCoinsViewCache
CCoinsView that adds a memory cache for transactions to another CCoinsView.
Definition: coins.h:213
COutPoint
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:36
CPubKey::COMPRESSED_SIZE
static constexpr unsigned int COMPRESSED_SIZE
Definition: pubkey.h:40
CPubKey::SIZE
static constexpr unsigned int SIZE
secp256k1:
Definition: pubkey.h:39
CSHA256
A hasher class for SHA-256.
Definition: sha256.h:14
CSHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha256.cpp:707
CSHA256::Write
CSHA256 & Write(const unsigned char *data, size_t len)
Definition: sha256.cpp:681
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:411
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:295
CTransaction::CURRENT_VERSION
static const int32_t CURRENT_VERSION
Definition: transaction.h:298
CTxIn
An input of a transaction.
Definition: transaction.h:75
CTxIn::MAX_SEQUENCE_NONFINAL
static const uint32_t MAX_SEQUENCE_NONFINAL
This is the maximum sequence number that enables both nLockTime and OP_CHECKLOCKTIMEVERIFY (BIP 65).
Definition: transaction.h:95
CTxIn::nSequence
uint32_t nSequence
Definition: transaction.h:79
CTxIn::SEQUENCE_FINAL
static const uint32_t SEQUENCE_FINAL
Setting nSequence to this value for every input in a transaction disables nLockTime/IsFinalTx().
Definition: transaction.h:89
CTxIn::scriptSig
CScript scriptSig
Definition: transaction.h:78
CTxIn::scriptWitness
CScriptWitness scriptWitness
Only serialized through CTransaction.
Definition: transaction.h:80
CTxIn::prevout
COutPoint prevout
Definition: transaction.h:77
Coin
A UTXO entry.
Definition: coins.h:31
Coin::IsSpent
bool IsSpent() const
Either this coin never existed (see e.g.
Definition: coins.h:79
FuzzedDataProvider::ConsumeBytes
std::vector< T > ConsumeBytes(size_t num_bytes)
Definition: FuzzedDataProvider.h:108
FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:204
FuzzedFileProvider::write
static ssize_t write(void *cookie, const char *buf, size_t size)
Definition: util.cpp:267
FuzzedFileProvider::m_fuzzed_data_provider
FuzzedDataProvider & m_fuzzed_data_provider
Definition: util.h:225
FuzzedFileProvider::m_offset
int64_t m_offset
Definition: util.h:226
FuzzedFileProvider::seek
static int seek(void *cookie, int64_t *offset, int whence)
Definition: util.cpp:279
FuzzedFileProvider::close
static int close(void *cookie)
Definition: util.cpp:307
FuzzedFileProvider::read
static ssize_t read(void *cookie, char *buf, size_t size)
Definition: util.cpp:248
FuzzedFileProvider::open
FILE * open()
Definition: util.cpp:207
base_blob::begin
constexpr unsigned char * begin()
Definition: uint256.h:67
uint256
256-bit opaque blob.
Definition: uint256.h:105
AdditionOverflow
bool AdditionOverflow(const T i, const T j) noexcept
Definition: overflow.h:13
ToByteVector
std::vector< unsigned char > ToByteVector(const T &in)
Definition: script.h:63
OP_0
@ OP_0
Definition: script.h:72
CTxDestination
std::variant< CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, WitnessUnknown > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:149
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:380
CMutableTransaction::vout
std::vector< CTxOut > vout
Definition: transaction.h:382
CMutableTransaction::vin
std::vector< CTxIn > vin
Definition: transaction.h:381
CScriptWitness::stack
std::vector< std::vector< unsigned char > > stack
Definition: script.h:566
WitnessUnknown
CTxDestination subtype to encode any future Witness version.
Definition: standard.h:118
WitnessUnknown::version
unsigned int version
Definition: standard.h:119
ConsumeSequence
uint32_t ConsumeSequence(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:147
ConsumeTransaction
CMutableTransaction ConsumeTransaction(FuzzedDataProvider &fuzzed_data_provider, const std::optional< std::vector< uint256 >> &prevout_txids, const int max_num_in, const int max_num_out) noexcept
Definition: util.cpp:30
ConsumeScript
CScript ConsumeScript(FuzzedDataProvider &fuzzed_data_provider, const bool maybe_p2wsh) noexcept
Definition: util.cpp:81
ConsumeTime
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition: util.cpp:22
ContainsSpentInput
bool ContainsSpentInput(const CTransaction &tx, const CCoinsViewCache &inputs) noexcept
Definition: util.cpp:196
ConsumeScriptWitness
CScriptWitness ConsumeScriptWitness(FuzzedDataProvider &fuzzed_data_provider, const size_t max_stack_elem_size) noexcept
Definition: util.cpp:71
ConsumeTxDestination
CTxDestination ConsumeTxDestination(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:158
ConsumeMoney
CAmount ConsumeMoney(FuzzedDataProvider &fuzzed_data_provider, const std::optional< CAmount > &max) noexcept
Definition: util.cpp:17
ConsumeScriptNum
CScriptNum ConsumeScriptNum(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:135
ConsumeRandomLengthByteVector
std::vector< uint8_t > ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:57
PickValue
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition: util.h:48
ConsumeUInt256
uint256 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:149
CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:36
ConsumeOpcodeType
opcodetype ConsumeOpcodeType(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:118
SetFuzzedErrNo
void SetFuzzedErrNo(FuzzedDataProvider &fuzzed_data_provider, const std::array< T, size > &errnos)
Sets errno to a value selected from the given std::array errnos.
Definition: util.h:194
ConsumeUInt160
uint160 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:140
WITNESS_STACK_ELEM_OP_TRUE
static const std::vector< uint8_t > WITNESS_STACK_ELEM_OP_TRUE
Definition: script.h:11
P2WSH_OP_TRUE
static const CScript P2WSH_OP_TRUE
Definition: script.h:12
MAX_BIP125_RBF_SEQUENCE
static constexpr uint32_t MAX_BIP125_RBF_SEQUENCE
Definition: rbf.h:12
assert
assert(!tx.IsCoinBase())
Generated on Sat Apr 1 2023 02:43:59 for Bitcoin Core by doxygen 1.9.1