Bitcoin Core  24.99.0
P2P Digital Currency
util.h
Go to the documentation of this file.
1 // Copyright (c) 2009-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #ifndef BITCOIN_TEST_FUZZ_UTIL_H
6 #define BITCOIN_TEST_FUZZ_UTIL_H
7 
8 #include <arith_uint256.h>
9 #include <chainparamsbase.h>
10 #include <coins.h>
11 #include <compat/compat.h>
12 #include <consensus/amount.h>
13 #include <consensus/consensus.h>
14 #include <merkleblock.h>
15 #include <primitives/transaction.h>
16 #include <script/script.h>
17 #include <script/standard.h>
18 #include <serialize.h>
19 #include <streams.h>
20 #include <test/fuzz/FuzzedDataProvider.h>
21 #include <test/fuzz/fuzz.h>
22 #include <uint256.h>
23 #include <version.h>
24 
25 #include <algorithm>
26 #include <array>
27 #include <cstdint>
28 #include <cstdio>
29 #include <optional>
30 #include <string>
31 #include <vector>
32 
33 class PeerManager;
34 
35 template <typename... Callables>
36 size_t CallOneOf(FuzzedDataProvider& fuzzed_data_provider, Callables... callables)
37 {
38  constexpr size_t call_size{sizeof...(callables)};
39  static_assert(call_size >= 1);
40  const size_t call_index{fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, call_size - 1)};
41 
42  size_t i{0};
43  ((i++ == call_index ? callables() : void()), ...);
44  return call_size;
45 }
46 
47 template <typename Collection>
48 auto& PickValue(FuzzedDataProvider& fuzzed_data_provider, Collection& col)
49 {
50  auto sz{col.size()};
51  assert(sz >= 1);
52  auto it = col.begin();
53  std::advance(it, fuzzed_data_provider.ConsumeIntegralInRange<decltype(sz)>(0, sz - 1));
54  return *it;
55 }
56 
57 [[nodiscard]] inline std::vector<uint8_t> ConsumeRandomLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
58 {
59  const std::string s = max_length ?
60  fuzzed_data_provider.ConsumeRandomLengthString(*max_length) :
61  fuzzed_data_provider.ConsumeRandomLengthString();
62  return {s.begin(), s.end()};
63 }
64 
65 [[nodiscard]] inline std::vector<bool> ConsumeRandomLengthBitVector(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
66 {
67  return BytesToBits(ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length));
68 }
69 
70 [[nodiscard]] inline CDataStream ConsumeDataStream(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
71 {
72  return CDataStream{ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length), SER_NETWORK, INIT_PROTO_VERSION};
73 }
74 
75 [[nodiscard]] inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16, const size_t max_string_length = 16) noexcept
76 {
77  const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
78  std::vector<std::string> r;
79  for (size_t i = 0; i < n_elements; ++i) {
80  r.push_back(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
81  }
82  return r;
83 }
84 
85 template <typename T>
86 [[nodiscard]] inline std::vector<T> ConsumeRandomLengthIntegralVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16) noexcept
87 {
88  const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
89  std::vector<T> r;
90  for (size_t i = 0; i < n_elements; ++i) {
91  r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
92  }
93  return r;
94 }
95 
96 template <typename T>
97 [[nodiscard]] inline std::optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
98 {
99  const std::vector<uint8_t> buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
100  CDataStream ds{buffer, SER_NETWORK, INIT_PROTO_VERSION};
101  T obj;
102  try {
103  ds >> obj;
104  } catch (const std::ios_base::failure&) {
105  return std::nullopt;
106  }
107  return obj;
108 }
109 
110 template <typename WeakEnumType, size_t size>
111 [[nodiscard]] WeakEnumType ConsumeWeakEnum(FuzzedDataProvider& fuzzed_data_provider, const WeakEnumType (&all_types)[size]) noexcept
112 {
113  return fuzzed_data_provider.ConsumeBool() ?
114  fuzzed_data_provider.PickValueInArray<WeakEnumType>(all_types) :
115  WeakEnumType(fuzzed_data_provider.ConsumeIntegral<typename std::underlying_type<WeakEnumType>::type>());
116 }
117 
118 [[nodiscard]] inline opcodetype ConsumeOpcodeType(FuzzedDataProvider& fuzzed_data_provider) noexcept
119 {
120  return static_cast<opcodetype>(fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, MAX_OPCODE));
121 }
122 
123 [[nodiscard]] CAmount ConsumeMoney(FuzzedDataProvider& fuzzed_data_provider, const std::optional<CAmount>& max = std::nullopt) noexcept;
124 
125 [[nodiscard]] int64_t ConsumeTime(FuzzedDataProvider& fuzzed_data_provider, const std::optional<int64_t>& min = std::nullopt, const std::optional<int64_t>& max = std::nullopt) noexcept;
126 
127 [[nodiscard]] CMutableTransaction ConsumeTransaction(FuzzedDataProvider& fuzzed_data_provider, const std::optional<std::vector<uint256>>& prevout_txids, const int max_num_in = 10, const int max_num_out = 10) noexcept;
128 
129 [[nodiscard]] CScriptWitness ConsumeScriptWitness(FuzzedDataProvider& fuzzed_data_provider, const size_t max_stack_elem_size = 32) noexcept;
130 
131 [[nodiscard]] CScript ConsumeScript(FuzzedDataProvider& fuzzed_data_provider, const bool maybe_p2wsh = false) noexcept;
132 
133 [[nodiscard]] uint32_t ConsumeSequence(FuzzedDataProvider& fuzzed_data_provider) noexcept;
134 
135 [[nodiscard]] inline CScriptNum ConsumeScriptNum(FuzzedDataProvider& fuzzed_data_provider) noexcept
136 {
137  return CScriptNum{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
138 }
139 
140 [[nodiscard]] inline uint160 ConsumeUInt160(FuzzedDataProvider& fuzzed_data_provider) noexcept
141 {
142  const std::vector<uint8_t> v160 = fuzzed_data_provider.ConsumeBytes<uint8_t>(160 / 8);
143  if (v160.size() != 160 / 8) {
144  return {};
145  }
146  return uint160{v160};
147 }
148 
149 [[nodiscard]] inline uint256 ConsumeUInt256(FuzzedDataProvider& fuzzed_data_provider) noexcept
150 {
151  const std::vector<uint8_t> v256 = fuzzed_data_provider.ConsumeBytes<uint8_t>(256 / 8);
152  if (v256.size() != 256 / 8) {
153  return {};
154  }
155  return uint256{v256};
156 }
157 
158 [[nodiscard]] inline arith_uint256 ConsumeArithUInt256(FuzzedDataProvider& fuzzed_data_provider) noexcept
159 {
160  return UintToArith256(ConsumeUInt256(fuzzed_data_provider));
161 }
162 
163 [[nodiscard]] CTxDestination ConsumeTxDestination(FuzzedDataProvider& fuzzed_data_provider) noexcept;
164 
165 template <typename T>
166 [[nodiscard]] bool MultiplicationOverflow(const T i, const T j) noexcept
167 {
168  static_assert(std::is_integral<T>::value, "Integral required.");
169  if (std::numeric_limits<T>::is_signed) {
170  if (i > 0) {
171  if (j > 0) {
172  return i > (std::numeric_limits<T>::max() / j);
173  } else {
174  return j < (std::numeric_limits<T>::min() / i);
175  }
176  } else {
177  if (j > 0) {
178  return i < (std::numeric_limits<T>::min() / j);
179  } else {
180  return i != 0 && (j < (std::numeric_limits<T>::max() / i));
181  }
182  }
183  } else {
184  return j != 0 && i > std::numeric_limits<T>::max() / j;
185  }
186 }
187 
188 [[nodiscard]] bool ContainsSpentInput(const CTransaction& tx, const CCoinsViewCache& inputs) noexcept;
189 
193 template <typename T, size_t size>
194 void SetFuzzedErrNo(FuzzedDataProvider& fuzzed_data_provider, const std::array<T, size>& errnos)
195 {
196  errno = fuzzed_data_provider.PickValueInArray(errnos);
197 }
198 
199 /*
200  * Sets a fuzzed errno in the range [0, 133 (EHWPOISON)]. Can be used from functions emulating
201  * standard library functions that set errno, or in other contexts where the value of errno
202  * might be relevant for the execution path that will be taken.
203  */
204 inline void SetFuzzedErrNo(FuzzedDataProvider& fuzzed_data_provider) noexcept
205 {
206  errno = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 133);
207 }
208 
213 [[nodiscard]] inline std::vector<uint8_t> ConsumeFixedLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, const size_t length) noexcept
214 {
215  std::vector<uint8_t> result(length);
216  const std::vector<uint8_t> random_bytes = fuzzed_data_provider.ConsumeBytes<uint8_t>(length);
217  if (!random_bytes.empty()) {
218  std::memcpy(result.data(), random_bytes.data(), random_bytes.size());
219  }
220  return result;
221 }
222 
223 class FuzzedFileProvider
224 {
225  FuzzedDataProvider& m_fuzzed_data_provider;
226  int64_t m_offset = 0;
227 
228 public:
229  FuzzedFileProvider(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider{fuzzed_data_provider}
230  {
231  }
232 
233  FILE* open();
234 
235  static ssize_t read(void* cookie, char* buf, size_t size);
236 
237  static ssize_t write(void* cookie, const char* buf, size_t size);
238 
239  static int seek(void* cookie, int64_t* offset, int whence);
240 
241  static int close(void* cookie);
242 };
243 
244 [[nodiscard]] inline FuzzedFileProvider ConsumeFile(FuzzedDataProvider& fuzzed_data_provider) noexcept
245 {
246  return {fuzzed_data_provider};
247 }
248 
249 class FuzzedAutoFileProvider
250 {
251  FuzzedFileProvider m_fuzzed_file_provider;
252 
253 public:
254  FuzzedAutoFileProvider(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_file_provider{fuzzed_data_provider}
255  {
256  }
257 
258  AutoFile open()
259  {
260  return AutoFile{m_fuzzed_file_provider.open()};
261  }
262 };
263 
264 [[nodiscard]] inline FuzzedAutoFileProvider ConsumeAutoFile(FuzzedDataProvider& fuzzed_data_provider) noexcept
265 {
266  return {fuzzed_data_provider};
267 }
268 
269 #define WRITE_TO_STREAM_CASE(type, consume) \
270  [&] { \
271  type o = consume; \
272  stream << o; \
273  }
274 template <typename Stream>
275 void WriteToStream(FuzzedDataProvider& fuzzed_data_provider, Stream& stream) noexcept
276 {
277  while (fuzzed_data_provider.ConsumeBool()) {
278  try {
279  CallOneOf(
280  fuzzed_data_provider,
281  WRITE_TO_STREAM_CASE(bool, fuzzed_data_provider.ConsumeBool()),
282  WRITE_TO_STREAM_CASE(int8_t, fuzzed_data_provider.ConsumeIntegral<int8_t>()),
283  WRITE_TO_STREAM_CASE(uint8_t, fuzzed_data_provider.ConsumeIntegral<uint8_t>()),
284  WRITE_TO_STREAM_CASE(int16_t, fuzzed_data_provider.ConsumeIntegral<int16_t>()),
285  WRITE_TO_STREAM_CASE(uint16_t, fuzzed_data_provider.ConsumeIntegral<uint16_t>()),
286  WRITE_TO_STREAM_CASE(int32_t, fuzzed_data_provider.ConsumeIntegral<int32_t>()),
287  WRITE_TO_STREAM_CASE(uint32_t, fuzzed_data_provider.ConsumeIntegral<uint32_t>()),
288  WRITE_TO_STREAM_CASE(int64_t, fuzzed_data_provider.ConsumeIntegral<int64_t>()),
289  WRITE_TO_STREAM_CASE(uint64_t, fuzzed_data_provider.ConsumeIntegral<uint64_t>()),
290  WRITE_TO_STREAM_CASE(std::string, fuzzed_data_provider.ConsumeRandomLengthString(32)),
291  WRITE_TO_STREAM_CASE(std::vector<uint8_t>, ConsumeRandomLengthIntegralVector<uint8_t>(fuzzed_data_provider)));
292  } catch (const std::ios_base::failure&) {
293  break;
294  }
295  }
296 }
297 
298 #define READ_FROM_STREAM_CASE(type) \
299  [&] { \
300  type o; \
301  stream >> o; \
302  }
303 template <typename Stream>
304 void ReadFromStream(FuzzedDataProvider& fuzzed_data_provider, Stream& stream) noexcept
305 {
306  while (fuzzed_data_provider.ConsumeBool()) {
307  try {
308  CallOneOf(
309  fuzzed_data_provider,
310  READ_FROM_STREAM_CASE(bool),
311  READ_FROM_STREAM_CASE(int8_t),
312  READ_FROM_STREAM_CASE(uint8_t),
313  READ_FROM_STREAM_CASE(int16_t),
314  READ_FROM_STREAM_CASE(uint16_t),
315  READ_FROM_STREAM_CASE(int32_t),
316  READ_FROM_STREAM_CASE(uint32_t),
317  READ_FROM_STREAM_CASE(int64_t),
318  READ_FROM_STREAM_CASE(uint64_t),
319  READ_FROM_STREAM_CASE(std::string),
320  READ_FROM_STREAM_CASE(std::vector<uint8_t>));
321  } catch (const std::ios_base::failure&) {
322  break;
323  }
324  }
325 }
326 
327 #endif // BITCOIN_TEST_FUZZ_UTIL_H
CAmount
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
UintToArith256
arith_uint256 UintToArith256(const uint256 &a)
Definition: arith_uint256.cpp:248
arith_uint256.h
AutoFile
Non-refcounted RAII wrapper for FILE*.
Definition: streams.h:488
CCoinsViewCache
CCoinsView that adds a memory cache for transactions to another CCoinsView.
Definition: coins.h:213
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:411
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:295
FuzzedAutoFileProvider::m_fuzzed_file_provider
FuzzedFileProvider m_fuzzed_file_provider
Definition: util.h:251
FuzzedAutoFileProvider::open
AutoFile open()
Definition: util.h:258
FuzzedAutoFileProvider::FuzzedAutoFileProvider
FuzzedAutoFileProvider(FuzzedDataProvider &fuzzed_data_provider)
Definition: util.h:254
FuzzedDataProvider::ConsumeRandomLengthString
std::string ConsumeRandomLengthString(size_t max_length)
Definition: FuzzedDataProvider.h:152
FuzzedDataProvider::ConsumeBytes
std::vector< T > ConsumeBytes(size_t num_bytes)
Definition: FuzzedDataProvider.h:108
FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:204
FuzzedDataProvider::PickValueInArray
T PickValueInArray(const T(&array)[size])
Definition: FuzzedDataProvider.h:303
FuzzedFileProvider::write
static ssize_t write(void *cookie, const char *buf, size_t size)
Definition: util.cpp:267
FuzzedFileProvider::m_fuzzed_data_provider
FuzzedDataProvider & m_fuzzed_data_provider
Definition: util.h:225
FuzzedFileProvider::m_offset
int64_t m_offset
Definition: util.h:226
FuzzedFileProvider::seek
static int seek(void *cookie, int64_t *offset, int whence)
Definition: util.cpp:279
FuzzedFileProvider::close
static int close(void *cookie)
Definition: util.cpp:307
FuzzedFileProvider::FuzzedFileProvider
FuzzedFileProvider(FuzzedDataProvider &fuzzed_data_provider)
Definition: util.h:229
FuzzedFileProvider::read
static ssize_t read(void *cookie, char *buf, size_t size)
Definition: util.cpp:248
FuzzedFileProvider::open
FILE * open()
Definition: util.cpp:207
arith_uint256
256-bit unsigned big integer.
Definition: arith_uint256.h:245
uint160
160-bit opaque blob.
Definition: uint256.h:94
uint256
256-bit opaque blob.
Definition: uint256.h:105
BytesToBits
std::vector< bool > BytesToBits(const std::vector< unsigned char > &bytes)
Definition: merkleblock.cpp:21
MAX_OPCODE
static const unsigned int MAX_OPCODE
Definition: script.h:212
opcodetype
opcodetype
Script opcodes.
Definition: script.h:70
SER_NETWORK
@ SER_NETWORK
Definition: serialize.h:131
CTxDestination
std::variant< CNoDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, WitnessUnknown > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:149
CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:380
ConsumeScriptNum
CScriptNum ConsumeScriptNum(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:135
ConsumeWeakEnum
WeakEnumType ConsumeWeakEnum(FuzzedDataProvider &fuzzed_data_provider, const WeakEnumType(&all_types)[size]) noexcept
Definition: util.h:111
ConsumeDeserializable
std::optional< T > ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:97
ConsumeSequence
uint32_t ConsumeSequence(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:147
ConsumeFixedLengthByteVector
std::vector< uint8_t > ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const size_t length) noexcept
Returns a byte vector of specified size regardless of the number of remaining bytes available from th...
Definition: util.h:213
ReadFromStream
void ReadFromStream(FuzzedDataProvider &fuzzed_data_provider, Stream &stream) noexcept
Definition: util.h:304
ConsumeScriptWitness
CScriptWitness ConsumeScriptWitness(FuzzedDataProvider &fuzzed_data_provider, const size_t max_stack_elem_size=32) noexcept
Definition: util.cpp:71
ConsumeDataStream
CDataStream ConsumeDataStream(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:70
ConsumeRandomLengthByteVector
std::vector< uint8_t > ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:57
ConsumeRandomLengthIntegralVector
std::vector< T > ConsumeRandomLengthIntegralVector(FuzzedDataProvider &fuzzed_data_provider, const size_t max_vector_size=16) noexcept
Definition: util.h:86
PickValue
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition: util.h:48
ConsumeAutoFile
FuzzedAutoFileProvider ConsumeAutoFile(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:264
ContainsSpentInput
bool ContainsSpentInput(const CTransaction &tx, const CCoinsViewCache &inputs) noexcept
Definition: util.cpp:196
ConsumeUInt256
uint256 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:149
ConsumeRandomLengthStringVector
std::vector< std::string > ConsumeRandomLengthStringVector(FuzzedDataProvider &fuzzed_data_provider, const size_t max_vector_size=16, const size_t max_string_length=16) noexcept
Definition: util.h:75
READ_FROM_STREAM_CASE
#define READ_FROM_STREAM_CASE(type)
Definition: util.h:298
ConsumeArithUInt256
arith_uint256 ConsumeArithUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:158
CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:36
ConsumeScript
CScript ConsumeScript(FuzzedDataProvider &fuzzed_data_provider, const bool maybe_p2wsh=false) noexcept
Definition: util.cpp:81
WriteToStream
void WriteToStream(FuzzedDataProvider &fuzzed_data_provider, Stream &stream) noexcept
Definition: util.h:275
ConsumeTime
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min=std::nullopt, const std::optional< int64_t > &max=std::nullopt) noexcept
Definition: util.cpp:22
MultiplicationOverflow
bool MultiplicationOverflow(const T i, const T j) noexcept
Definition: util.h:166
ConsumeTransaction
CMutableTransaction ConsumeTransaction(FuzzedDataProvider &fuzzed_data_provider, const std::optional< std::vector< uint256 >> &prevout_txids, const int max_num_in=10, const int max_num_out=10) noexcept
Definition: util.cpp:30
ConsumeOpcodeType
opcodetype ConsumeOpcodeType(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:118
SetFuzzedErrNo
void SetFuzzedErrNo(FuzzedDataProvider &fuzzed_data_provider, const std::array< T, size > &errnos)
Sets errno to a value selected from the given std::array errnos.
Definition: util.h:194
ConsumeUInt160
uint160 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:140
WRITE_TO_STREAM_CASE
#define WRITE_TO_STREAM_CASE(type, consume)
Definition: util.h:269
ConsumeTxDestination
CTxDestination ConsumeTxDestination(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:158
ConsumeMoney
CAmount ConsumeMoney(FuzzedDataProvider &fuzzed_data_provider, const std::optional< CAmount > &max=std::nullopt) noexcept
Definition: util.cpp:17
ConsumeRandomLengthBitVector
std::vector< bool > ConsumeRandomLengthBitVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:65
ConsumeFile
FuzzedFileProvider ConsumeFile(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:244
assert
assert(!tx.IsCoinBase())
INIT_PROTO_VERSION
static const int INIT_PROTO_VERSION
initial proto version, to be increased after version/verack negotiation
Definition: version.h:15
Generated on Sat Apr 1 2023 02:43:58 for Bitcoin Core by doxygen 1.9.1