19 : m_fuzzed_data_provider{fuzzed_data_provider}
35 assert(
false &&
"Move of Sock into FuzzedSock not allowed.");
46 constexpr std::array send_errnos{
81 constexpr std::array recv_errnos{
93 assert(buf !=
nullptr || len == 0);
101 std::vector<uint8_t> random_bytes;
106 if ((
flags & MSG_PEEK) == 0) {
109 pad_to_len_bytes =
false;
110 }
else if ((
flags & MSG_PEEK) != 0) {
113 if (!random_bytes.empty()) {
115 pad_to_len_bytes =
false;
121 if (random_bytes.empty()) {
128 std::memcpy(buf, random_bytes.data(), random_bytes.size());
129 if (pad_to_len_bytes) {
130 if (len > random_bytes.size()) {
131 std::memset((
char*)buf + random_bytes.size(), 0, len - random_bytes.size());
136 std::this_thread::sleep_for(std::chrono::milliseconds{2});
138 return random_bytes.size();
146 constexpr std::array connect_errnos{
165 constexpr std::array accept_errnos{
172 return std::unique_ptr<FuzzedSock>();
179 constexpr std::array getsockopt_errnos{
187 if (opt_val ==
nullptr) {
198 constexpr std::array wait_errnos{
207 if (occurred !=
nullptr) {
218 errmsg =
"disconnected at random by the fuzzer";
224 const bool successfully_connected{fuzzed_data_provider.ConsumeBool()};
227 const int32_t version = fuzzed_data_provider.ConsumeIntegralInRange<int32_t>(
MIN_PEER_PROTO_VERSION, std::numeric_limits<int32_t>::max());
228 const bool filter_txs = fuzzed_data_provider.ConsumeBool();
247 (void)connman.ReceiveMsgFrom(
node, msg_version);
248 node.fPauseSend =
false;
249 connman.ProcessMessagesOnce(
node);
252 peerman.SendMessages(&
node);
254 if (
node.fDisconnect)
return;
258 if (
node.m_tx_relay !=
nullptr) {
260 assert(
node.m_tx_relay->fRelayTxes == filter_txs);
262 node.m_permissionFlags = permission_flags;
263 if (successfully_connected) {
265 (void)connman.ReceiveMsgFrom(
node, msg_verack);
266 node.fPauseSend =
false;
267 connman.ProcessMessagesOnce(
node);
270 peerman.SendMessages(&
node);
278 return fuzzed_data_provider.ConsumeIntegralInRange<
CAmount>(0, max.value_or(
MAX_MONEY));
286 return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(min.value_or(time_min), max.value_or(time_max));
292 const auto p2wsh_op_true = fuzzed_data_provider.ConsumeBool();
293 tx_mut.
nVersion = fuzzed_data_provider.ConsumeBool() ?
295 fuzzed_data_provider.ConsumeIntegral<int32_t>();
296 tx_mut.
nLockTime = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
297 const auto num_in = fuzzed_data_provider.ConsumeIntegralInRange<
int>(0, max_num_in);
298 const auto num_out = fuzzed_data_provider.ConsumeIntegralInRange<
int>(0, max_num_out);
299 for (
int i = 0; i < num_in; ++i) {
300 const auto& txid_prev = prevout_txids ?
301 PickValue(fuzzed_data_provider, *prevout_txids) :
303 const auto index_out = fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, max_num_out);
318 tx_mut.
vin.push_back(in);
320 for (
int i = 0; i < num_out; ++i) {
321 const auto amount = fuzzed_data_provider.ConsumeIntegralInRange<
CAmount>(-10, 50 *
COIN + 10);
322 const auto script_pk = p2wsh_op_true ?
325 tx_mut.
vout.emplace_back(amount, script_pk);
333 const auto n_elements = fuzzed_data_provider.ConsumeIntegralInRange<
size_t>(0, max_stack_elem_size);
334 for (
size_t i = 0; i < n_elements; ++i) {
346 static constexpr
unsigned MAX_BUFFER_SZ{128};
347 std::vector<uint8_t> buffer(MAX_BUFFER_SZ, uint8_t{
'a'});
348 while (fuzzed_data_provider.ConsumeBool()) {
350 fuzzed_data_provider,
353 r_script.insert(r_script.end(), buffer.begin(), buffer.begin() + fuzzed_data_provider.ConsumeIntegralInRange(0U, MAX_BUFFER_SZ));
357 r_script << std::vector<uint8_t>{buffer.begin(), buffer.begin() + fuzzed_data_provider.ConsumeIntegralInRange(0U, MAX_BUFFER_SZ)};
363 r_script << fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, 22);
364 int num_data{fuzzed_data_provider.ConsumeIntegralInRange(1, 22)};
366 pubkey_comp.front() = fuzzed_data_provider.ConsumeIntegralInRange(2, 3);
367 std::vector<uint8_t> pubkey_uncomp{buffer.begin(), buffer.begin() +
CPubKey::SIZE};
368 pubkey_uncomp.front() = fuzzed_data_provider.ConsumeIntegralInRange(4, 7);
370 auto& pubkey{fuzzed_data_provider.ConsumeBool() ? pubkey_uncomp : pubkey_comp};
371 if (fuzzed_data_provider.ConsumeBool()) {
372 pubkey.back() = num_data;
376 r_script << fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, 22);
381 std::copy(vec.begin(), vec.end(), buffer.begin());
385 r_script << fuzzed_data_provider.ConsumeIntegral<int64_t>();
397 if (maybe_p2wsh && fuzzed_data_provider.ConsumeBool()) {
408 return fuzzed_data_provider.ConsumeBool() ?
409 fuzzed_data_provider.PickValueInArray({
414 fuzzed_data_provider.ConsumeIntegral<uint32_t>();
421 fuzzed_data_provider,
442 witness_unknown.
version = fuzzed_data_provider.ConsumeIntegralInRange(2, 16);
443 std::vector<uint8_t> witness_unknown_program_1{fuzzed_data_provider.ConsumeBytes<uint8_t>(40)};
444 if (witness_unknown_program_1.size() < 2) {
445 witness_unknown_program_1 = {0, 0};
447 witness_unknown.length = witness_unknown_program_1.size();
448 std::copy(witness_unknown_program_1.begin(), witness_unknown_program_1.end(), witness_unknown.program);
449 tx_destination = witness_unknown;
451 Assert(call_size == std::variant_size_v<CTxDestination>);
452 return tx_destination;
461 const CAmount fee = std::min<CAmount>(
ConsumeMoney(fuzzed_data_provider), std::numeric_limits<CAmount>::max() /
static_cast<CAmount>(100000));
463 const int64_t time = fuzzed_data_provider.ConsumeIntegral<int64_t>();
464 const unsigned int entry_height = fuzzed_data_provider.ConsumeIntegral<
unsigned int>();
465 const bool spends_coinbase = fuzzed_data_provider.ConsumeBool();
466 const unsigned int sig_op_cost = fuzzed_data_provider.ConsumeIntegralInRange<
unsigned int>(0,
MAX_BLOCK_SIGOPS_COST);
472 for (
const CTxIn& tx_in : tx.vin) {
473 const Coin& coin = inputs.AccessCoin(tx_in.
prevout);
486 in_addr v4_addr = {};
487 v4_addr.s_addr = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
490 if (fuzzed_data_provider.remaining_bytes() >= 16) {
491 in6_addr v6_addr = {};
492 memcpy(v6_addr.s6_addr, fuzzed_data_provider.ConsumeBytes<uint8_t>(16).data(), 16);
493 net_addr =
CNetAddr{v6_addr, fuzzed_data_provider.ConsumeIntegral<uint32_t>()};
496 net_addr.
SetInternal(fuzzed_data_provider.ConsumeBytesAsString(32));
498 net_addr.
SetSpecial(fuzzed_data_provider.ConsumeBytesAsString(32));
530 #if defined _GNU_SOURCE && !defined __ANDROID__
531 const cookie_io_functions_t io_hooks = {
537 return fopencookie(
this, mode.c_str(), io_hooks);
552 if (random_bytes.empty()) {
555 std::memcpy(buf, random_bytes.data(), random_bytes.size());
559 fuzzed_file->
m_offset += random_bytes.size();
560 return random_bytes.size();
577 assert(whence == SEEK_SET || whence == SEEK_CUR || whence == SEEK_END);
580 int64_t new_offset = 0;
581 if (whence == SEEK_SET) {
582 new_offset = *offset;
583 }
else if (whence == SEEK_CUR) {
587 new_offset = fuzzed_file->
m_offset + *offset;
588 }
else if (whence == SEEK_END) {
593 new_offset = n + *offset;
595 if (new_offset < 0) {
599 *offset = new_offset;