You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test_bitcoin_fuzzy.cpp 6.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277
  1. // Copyright (c) 2009-2016 The Bitcoin Core developers
  2. // Distributed under the MIT software license, see the accompanying
  3. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
  4. #if defined(HAVE_CONFIG_H)
  5. #include "config/bitcoin-config.h"
  6. #endif
  7. #include "consensus/merkle.h"
  8. #include "primitives/block.h"
  9. #include "script/script.h"
  10. #include "addrman.h"
  11. #include "chain.h"
  12. #include "coins.h"
  13. #include "compressor.h"
  14. #include "net.h"
  15. #include "protocol.h"
  16. #include "streams.h"
  17. #include "undo.h"
  18. #include "version.h"
  19. #include "pubkey.h"
  20. #include <stdint.h>
  21. #include <unistd.h>
  22. #include <algorithm>
  23. #include <vector>
  24. enum TEST_ID {
  25. CBLOCK_DESERIALIZE=0,
  26. CTRANSACTION_DESERIALIZE,
  27. CBLOCKLOCATOR_DESERIALIZE,
  28. CBLOCKMERKLEROOT,
  29. CADDRMAN_DESERIALIZE,
  30. CBLOCKHEADER_DESERIALIZE,
  31. CBANENTRY_DESERIALIZE,
  32. CTXUNDO_DESERIALIZE,
  33. CBLOCKUNDO_DESERIALIZE,
  34. CCOINS_DESERIALIZE,
  35. CNETADDR_DESERIALIZE,
  36. CSERVICE_DESERIALIZE,
  37. CMESSAGEHEADER_DESERIALIZE,
  38. CADDRESS_DESERIALIZE,
  39. CINV_DESERIALIZE,
  40. CBLOOMFILTER_DESERIALIZE,
  41. CDISKBLOCKINDEX_DESERIALIZE,
  42. CTXOUTCOMPRESSOR_DESERIALIZE,
  43. TEST_ID_END
  44. };
  45. bool read_stdin(std::vector<char> &data) {
  46. char buffer[1024];
  47. ssize_t length=0;
  48. while((length = read(STDIN_FILENO, buffer, 1024)) > 0) {
  49. data.insert(data.end(), buffer, buffer+length);
  50. if (data.size() > (1<<20)) return false;
  51. }
  52. return length==0;
  53. }
  54. int do_fuzz()
  55. {
  56. std::vector<char> buffer;
  57. if (!read_stdin(buffer)) return 0;
  58. if (buffer.size() < sizeof(uint32_t)) return 0;
  59. uint32_t test_id = 0xffffffff;
  60. memcpy(&test_id, &buffer[0], sizeof(uint32_t));
  61. buffer.erase(buffer.begin(), buffer.begin() + sizeof(uint32_t));
  62. if (test_id >= TEST_ID_END) return 0;
  63. CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
  64. try {
  65. int nVersion;
  66. ds >> nVersion;
  67. ds.SetVersion(nVersion);
  68. } catch (const std::ios_base::failure& e) {
  69. return 0;
  70. }
  71. switch(test_id) {
  72. case CBLOCK_DESERIALIZE:
  73. {
  74. try
  75. {
  76. CBlock block;
  77. ds >> block;
  78. } catch (const std::ios_base::failure& e) {return 0;}
  79. break;
  80. }
  81. case CTRANSACTION_DESERIALIZE:
  82. {
  83. try
  84. {
  85. CTransaction tx(deserialize, ds);
  86. } catch (const std::ios_base::failure& e) {return 0;}
  87. break;
  88. }
  89. case CBLOCKLOCATOR_DESERIALIZE:
  90. {
  91. try
  92. {
  93. CBlockLocator bl;
  94. ds >> bl;
  95. } catch (const std::ios_base::failure& e) {return 0;}
  96. break;
  97. }
  98. case CBLOCKMERKLEROOT:
  99. {
  100. try
  101. {
  102. CBlock block;
  103. ds >> block;
  104. bool mutated;
  105. BlockMerkleRoot(block, &mutated);
  106. } catch (const std::ios_base::failure& e) {return 0;}
  107. break;
  108. }
  109. case CADDRMAN_DESERIALIZE:
  110. {
  111. try
  112. {
  113. CAddrMan am;
  114. ds >> am;
  115. } catch (const std::ios_base::failure& e) {return 0;}
  116. break;
  117. }
  118. case CBLOCKHEADER_DESERIALIZE:
  119. {
  120. try
  121. {
  122. CBlockHeader bh;
  123. ds >> bh;
  124. } catch (const std::ios_base::failure& e) {return 0;}
  125. break;
  126. }
  127. case CBANENTRY_DESERIALIZE:
  128. {
  129. try
  130. {
  131. CBanEntry be;
  132. ds >> be;
  133. } catch (const std::ios_base::failure& e) {return 0;}
  134. break;
  135. }
  136. case CTXUNDO_DESERIALIZE:
  137. {
  138. try
  139. {
  140. CTxUndo tu;
  141. ds >> tu;
  142. } catch (const std::ios_base::failure& e) {return 0;}
  143. break;
  144. }
  145. case CBLOCKUNDO_DESERIALIZE:
  146. {
  147. try
  148. {
  149. CBlockUndo bu;
  150. ds >> bu;
  151. } catch (const std::ios_base::failure& e) {return 0;}
  152. break;
  153. }
  154. case CCOINS_DESERIALIZE:
  155. {
  156. try
  157. {
  158. CCoins block;
  159. ds >> block;
  160. } catch (const std::ios_base::failure& e) {return 0;}
  161. break;
  162. }
  163. case CNETADDR_DESERIALIZE:
  164. {
  165. try
  166. {
  167. CNetAddr na;
  168. ds >> na;
  169. } catch (const std::ios_base::failure& e) {return 0;}
  170. break;
  171. }
  172. case CSERVICE_DESERIALIZE:
  173. {
  174. try
  175. {
  176. CService s;
  177. ds >> s;
  178. } catch (const std::ios_base::failure& e) {return 0;}
  179. break;
  180. }
  181. case CMESSAGEHEADER_DESERIALIZE:
  182. {
  183. CMessageHeader::MessageStartChars pchMessageStart = {0x00, 0x00, 0x00, 0x00};
  184. try
  185. {
  186. CMessageHeader mh(pchMessageStart);
  187. ds >> mh;
  188. if (!mh.IsValid(pchMessageStart)) {return 0;}
  189. } catch (const std::ios_base::failure& e) {return 0;}
  190. break;
  191. }
  192. case CADDRESS_DESERIALIZE:
  193. {
  194. try
  195. {
  196. CAddress a;
  197. ds >> a;
  198. } catch (const std::ios_base::failure& e) {return 0;}
  199. break;
  200. }
  201. case CINV_DESERIALIZE:
  202. {
  203. try
  204. {
  205. CInv i;
  206. ds >> i;
  207. } catch (const std::ios_base::failure& e) {return 0;}
  208. break;
  209. }
  210. case CBLOOMFILTER_DESERIALIZE:
  211. {
  212. try
  213. {
  214. CBloomFilter bf;
  215. ds >> bf;
  216. } catch (const std::ios_base::failure& e) {return 0;}
  217. break;
  218. }
  219. case CDISKBLOCKINDEX_DESERIALIZE:
  220. {
  221. try
  222. {
  223. CDiskBlockIndex dbi;
  224. ds >> dbi;
  225. } catch (const std::ios_base::failure& e) {return 0;}
  226. break;
  227. }
  228. case CTXOUTCOMPRESSOR_DESERIALIZE:
  229. {
  230. CTxOut to;
  231. CTxOutCompressor toc(to);
  232. try
  233. {
  234. ds >> toc;
  235. } catch (const std::ios_base::failure& e) {return 0;}
  236. break;
  237. }
  238. default:
  239. return 0;
  240. }
  241. return 0;
  242. }
  243. int main(int argc, char **argv)
  244. {
  245. ECCVerifyHandle globalVerifyHandle;
  246. #ifdef __AFL_INIT
  247. // Enable AFL deferred forkserver mode. Requires compilation using
  248. // afl-clang-fast++. See fuzzing.md for details.
  249. __AFL_INIT();
  250. #endif
  251. #ifdef __AFL_LOOP
  252. // Enable AFL persistent mode. Requires compilation using afl-clang-fast++.
  253. // See fuzzing.md for details.
  254. while (__AFL_LOOP(1000)) {
  255. do_fuzz();
  256. }
  257. return 0;
  258. #else
  259. return do_fuzz();
  260. #endif
  261. }