Bitcoin Core  27.99.0
P2P Digital Currency
util.h
Go to the documentation of this file.
1 // Copyright (c) 2009-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #ifndef BITCOIN_TEST_FUZZ_UTIL_H
6 #define BITCOIN_TEST_FUZZ_UTIL_H
7 
8 #include <addresstype.h>
9 #include <arith_uint256.h>
10 #include <coins.h>
11 #include <compat/compat.h>
12 #include <consensus/amount.h>
13 #include <consensus/consensus.h>
14 #include <key.h>
15 #include <merkleblock.h>
16 #include <primitives/transaction.h>
17 #include <script/script.h>
18 #include <serialize.h>
19 #include <streams.h>
21 #include <test/fuzz/fuzz.h>
22 #include <uint256.h>
23 
24 #include <algorithm>
25 #include <array>
26 #include <cstdint>
27 #include <cstdio>
28 #include <optional>
29 #include <string>
30 #include <vector>
31 
32 class PeerManager;
33 
34 template <typename... Callables>
35 size_t CallOneOf(FuzzedDataProvider& fuzzed_data_provider, Callables... callables)
36 {
37  constexpr size_t call_size{sizeof...(callables)};
38  static_assert(call_size >= 1);
39  const size_t call_index{fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, call_size - 1)};
40 
41  size_t i{0};
42  ((i++ == call_index ? callables() : void()), ...);
43  return call_size;
44 }
45 
46 template <typename Collection>
47 auto& PickValue(FuzzedDataProvider& fuzzed_data_provider, Collection& col)
48 {
49  auto sz{col.size()};
50  assert(sz >= 1);
51  auto it = col.begin();
52  std::advance(it, fuzzed_data_provider.ConsumeIntegralInRange<decltype(sz)>(0, sz - 1));
53  return *it;
54 }
55 
56 template<typename B = uint8_t>
57 [[nodiscard]] inline std::vector<B> ConsumeRandomLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
58 {
59  static_assert(sizeof(B) == 1);
60  const std::string s = max_length ?
61  fuzzed_data_provider.ConsumeRandomLengthString(*max_length) :
62  fuzzed_data_provider.ConsumeRandomLengthString();
63  std::vector<B> ret(s.size());
64  std::copy(s.begin(), s.end(), reinterpret_cast<char*>(ret.data()));
65  return ret;
66 }
67 
68 [[nodiscard]] inline std::vector<bool> ConsumeRandomLengthBitVector(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
69 {
70  return BytesToBits(ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length));
71 }
72 
73 [[nodiscard]] inline DataStream ConsumeDataStream(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
74 {
75  return DataStream{ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length)};
76 }
77 
78 [[nodiscard]] inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16, const size_t max_string_length = 16) noexcept
79 {
80  const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
81  std::vector<std::string> r;
82  for (size_t i = 0; i < n_elements; ++i) {
83  r.push_back(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
84  }
85  return r;
86 }
87 
88 template <typename T>
89 [[nodiscard]] inline std::vector<T> ConsumeRandomLengthIntegralVector(FuzzedDataProvider& fuzzed_data_provider, const size_t max_vector_size = 16) noexcept
90 {
91  const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
92  std::vector<T> r;
93  for (size_t i = 0; i < n_elements; ++i) {
94  r.push_back(fuzzed_data_provider.ConsumeIntegral<T>());
95  }
96  return r;
97 }
98 
99 template <typename P>
100 [[nodiscard]] P ConsumeDeserializationParams(FuzzedDataProvider& fuzzed_data_provider) noexcept;
101 
102 template <typename T, typename P>
103 [[nodiscard]] std::optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, const P& params, const std::optional<size_t>& max_length = std::nullopt) noexcept
104 {
105  const std::vector<uint8_t> buffer{ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length)};
106  DataStream ds{buffer};
107  T obj;
108  try {
109  ds >> params(obj);
110  } catch (const std::ios_base::failure&) {
111  return std::nullopt;
112  }
113  return obj;
114 }
115 
116 template <typename T>
117 [[nodiscard]] inline std::optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, const std::optional<size_t>& max_length = std::nullopt) noexcept
118 {
119  const std::vector<uint8_t> buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, max_length);
120  DataStream ds{buffer};
121  T obj;
122  try {
123  ds >> obj;
124  } catch (const std::ios_base::failure&) {
125  return std::nullopt;
126  }
127  return obj;
128 }
129 
130 template <typename WeakEnumType, size_t size>
131 [[nodiscard]] WeakEnumType ConsumeWeakEnum(FuzzedDataProvider& fuzzed_data_provider, const WeakEnumType (&all_types)[size]) noexcept
132 {
133  return fuzzed_data_provider.ConsumeBool() ?
134  fuzzed_data_provider.PickValueInArray<WeakEnumType>(all_types) :
135  WeakEnumType(fuzzed_data_provider.ConsumeIntegral<typename std::underlying_type<WeakEnumType>::type>());
136 }
137 
138 [[nodiscard]] inline opcodetype ConsumeOpcodeType(FuzzedDataProvider& fuzzed_data_provider) noexcept
139 {
140  return static_cast<opcodetype>(fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, MAX_OPCODE));
141 }
142 
143 [[nodiscard]] CAmount ConsumeMoney(FuzzedDataProvider& fuzzed_data_provider, const std::optional<CAmount>& max = std::nullopt) noexcept;
144 
145 [[nodiscard]] int64_t ConsumeTime(FuzzedDataProvider& fuzzed_data_provider, const std::optional<int64_t>& min = std::nullopt, const std::optional<int64_t>& max = std::nullopt) noexcept;
146 
147 [[nodiscard]] CMutableTransaction ConsumeTransaction(FuzzedDataProvider& fuzzed_data_provider, const std::optional<std::vector<Txid>>& prevout_txids, const int max_num_in = 10, const int max_num_out = 10) noexcept;
148 
149 [[nodiscard]] CScriptWitness ConsumeScriptWitness(FuzzedDataProvider& fuzzed_data_provider, const size_t max_stack_elem_size = 32) noexcept;
150 
151 [[nodiscard]] CScript ConsumeScript(FuzzedDataProvider& fuzzed_data_provider, const bool maybe_p2wsh = false) noexcept;
152 
153 [[nodiscard]] uint32_t ConsumeSequence(FuzzedDataProvider& fuzzed_data_provider) noexcept;
154 
155 [[nodiscard]] inline CScriptNum ConsumeScriptNum(FuzzedDataProvider& fuzzed_data_provider) noexcept
156 {
157  return CScriptNum{fuzzed_data_provider.ConsumeIntegral<int64_t>()};
158 }
159 
160 [[nodiscard]] inline uint160 ConsumeUInt160(FuzzedDataProvider& fuzzed_data_provider) noexcept
161 {
162  const std::vector<uint8_t> v160 = fuzzed_data_provider.ConsumeBytes<uint8_t>(160 / 8);
163  if (v160.size() != 160 / 8) {
164  return {};
165  }
166  return uint160{v160};
167 }
168 
169 [[nodiscard]] inline uint256 ConsumeUInt256(FuzzedDataProvider& fuzzed_data_provider) noexcept
170 {
171  const std::vector<uint8_t> v256 = fuzzed_data_provider.ConsumeBytes<uint8_t>(256 / 8);
172  if (v256.size() != 256 / 8) {
173  return {};
174  }
175  return uint256{v256};
176 }
177 
178 [[nodiscard]] inline arith_uint256 ConsumeArithUInt256(FuzzedDataProvider& fuzzed_data_provider) noexcept
179 {
180  return UintToArith256(ConsumeUInt256(fuzzed_data_provider));
181 }
182 
183 [[nodiscard]] std::map<COutPoint, Coin> ConsumeCoins(FuzzedDataProvider& fuzzed_data_provider) noexcept;
184 
185 [[nodiscard]] CTxDestination ConsumeTxDestination(FuzzedDataProvider& fuzzed_data_provider) noexcept;
186 
187 [[nodiscard]] CKey ConsumePrivateKey(FuzzedDataProvider& fuzzed_data_provider, std::optional<bool> compressed = std::nullopt) noexcept;
188 
189 template <typename T>
190 [[nodiscard]] bool MultiplicationOverflow(const T i, const T j) noexcept
191 {
192  static_assert(std::is_integral<T>::value, "Integral required.");
193  if (std::numeric_limits<T>::is_signed) {
194  if (i > 0) {
195  if (j > 0) {
196  return i > (std::numeric_limits<T>::max() / j);
197  } else {
198  return j < (std::numeric_limits<T>::min() / i);
199  }
200  } else {
201  if (j > 0) {
202  return i < (std::numeric_limits<T>::min() / j);
203  } else {
204  return i != 0 && (j < (std::numeric_limits<T>::max() / i));
205  }
206  }
207  } else {
208  return j != 0 && i > std::numeric_limits<T>::max() / j;
209  }
210 }
211 
212 [[nodiscard]] bool ContainsSpentInput(const CTransaction& tx, const CCoinsViewCache& inputs) noexcept;
213 
217 template <typename T, size_t size>
218 void SetFuzzedErrNo(FuzzedDataProvider& fuzzed_data_provider, const std::array<T, size>& errnos)
219 {
220  errno = fuzzed_data_provider.PickValueInArray(errnos);
221 }
222 
223 /*
224  * Sets a fuzzed errno in the range [0, 133 (EHWPOISON)]. Can be used from functions emulating
225  * standard library functions that set errno, or in other contexts where the value of errno
226  * might be relevant for the execution path that will be taken.
227  */
228 inline void SetFuzzedErrNo(FuzzedDataProvider& fuzzed_data_provider) noexcept
229 {
230  errno = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 133);
231 }
232 
237 template<typename B = uint8_t>
238 [[nodiscard]] inline std::vector<B> ConsumeFixedLengthByteVector(FuzzedDataProvider& fuzzed_data_provider, const size_t length) noexcept
239 {
240  static_assert(sizeof(B) == 1);
241  auto random_bytes = fuzzed_data_provider.ConsumeBytes<B>(length);
242  random_bytes.resize(length);
243  return random_bytes;
244 }
245 
247 {
249  int64_t m_offset = 0;
250 
251 public:
252  FuzzedFileProvider(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider{fuzzed_data_provider}
253  {
254  }
255 
256  FILE* open();
257 
258  static ssize_t read(void* cookie, char* buf, size_t size);
259 
260  static ssize_t write(void* cookie, const char* buf, size_t size);
261 
262  static int seek(void* cookie, int64_t* offset, int whence);
263 
264  static int close(void* cookie);
265 };
266 
267 #define WRITE_TO_STREAM_CASE(type, consume) \
268  [&] { \
269  type o = consume; \
270  stream << o; \
271  }
272 template <typename Stream>
273 void WriteToStream(FuzzedDataProvider& fuzzed_data_provider, Stream& stream) noexcept
274 {
275  while (fuzzed_data_provider.ConsumeBool()) {
276  try {
277  CallOneOf(
278  fuzzed_data_provider,
279  WRITE_TO_STREAM_CASE(bool, fuzzed_data_provider.ConsumeBool()),
280  WRITE_TO_STREAM_CASE(int8_t, fuzzed_data_provider.ConsumeIntegral<int8_t>()),
281  WRITE_TO_STREAM_CASE(uint8_t, fuzzed_data_provider.ConsumeIntegral<uint8_t>()),
282  WRITE_TO_STREAM_CASE(int16_t, fuzzed_data_provider.ConsumeIntegral<int16_t>()),
283  WRITE_TO_STREAM_CASE(uint16_t, fuzzed_data_provider.ConsumeIntegral<uint16_t>()),
284  WRITE_TO_STREAM_CASE(int32_t, fuzzed_data_provider.ConsumeIntegral<int32_t>()),
285  WRITE_TO_STREAM_CASE(uint32_t, fuzzed_data_provider.ConsumeIntegral<uint32_t>()),
286  WRITE_TO_STREAM_CASE(int64_t, fuzzed_data_provider.ConsumeIntegral<int64_t>()),
287  WRITE_TO_STREAM_CASE(uint64_t, fuzzed_data_provider.ConsumeIntegral<uint64_t>()),
288  WRITE_TO_STREAM_CASE(std::string, fuzzed_data_provider.ConsumeRandomLengthString(32)),
289  WRITE_TO_STREAM_CASE(std::vector<uint8_t>, ConsumeRandomLengthIntegralVector<uint8_t>(fuzzed_data_provider)));
290  } catch (const std::ios_base::failure&) {
291  break;
292  }
293  }
294 }
295 
296 #define READ_FROM_STREAM_CASE(type) \
297  [&] { \
298  type o; \
299  stream >> o; \
300  }
301 template <typename Stream>
302 void ReadFromStream(FuzzedDataProvider& fuzzed_data_provider, Stream& stream) noexcept
303 {
304  while (fuzzed_data_provider.ConsumeBool()) {
305  try {
306  CallOneOf(
307  fuzzed_data_provider,
308  READ_FROM_STREAM_CASE(bool),
309  READ_FROM_STREAM_CASE(int8_t),
310  READ_FROM_STREAM_CASE(uint8_t),
311  READ_FROM_STREAM_CASE(int16_t),
312  READ_FROM_STREAM_CASE(uint16_t),
313  READ_FROM_STREAM_CASE(int32_t),
314  READ_FROM_STREAM_CASE(uint32_t),
315  READ_FROM_STREAM_CASE(int64_t),
316  READ_FROM_STREAM_CASE(uint64_t),
317  READ_FROM_STREAM_CASE(std::string),
318  READ_FROM_STREAM_CASE(std::vector<uint8_t>));
319  } catch (const std::ios_base::failure&) {
320  break;
321  }
322  }
323 }
324 
325 #endif // BITCOIN_TEST_FUZZ_UTIL_H
std::variant< CNoDestination, PubKeyDestination, PKHash, ScriptHash, WitnessV0ScriptHash, WitnessV0KeyHash, WitnessV1Taproot, WitnessUnknown > CTxDestination
A txout script categorized into standard templates.
Definition: addresstype.h:131
int64_t CAmount
Amount in satoshis (Can be negative)
Definition: amount.h:12
arith_uint256 UintToArith256(const uint256 &a)
int ret
CCoinsView that adds a memory cache for transactions to another CCoinsView.
Definition: coins.h:229
An encapsulated private key.
Definition: key.h:33
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:414
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:296
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:147
std::string ConsumeRandomLengthString(size_t max_length)
std::vector< T > ConsumeBytes(size_t num_bytes)
T ConsumeIntegralInRange(T min, T max)
T PickValueInArray(const T(&array)[size])
static ssize_t write(void *cookie, const char *buf, size_t size)
Definition: util.cpp:308
FuzzedDataProvider & m_fuzzed_data_provider
Definition: util.h:248
int64_t m_offset
Definition: util.h:249
static int seek(void *cookie, int64_t *offset, int whence)
Definition: util.cpp:320
static int close(void *cookie)
Definition: util.cpp:348
FuzzedFileProvider(FuzzedDataProvider &fuzzed_data_provider)
Definition: util.h:252
static ssize_t read(void *cookie, char *buf, size_t size)
Definition: util.cpp:289
FILE * open()
Definition: util.cpp:248
256-bit unsigned big integer.
160-bit opaque blob.
Definition: uint256.h:95
256-bit opaque blob.
Definition: uint256.h:106
std::vector< bool > BytesToBits(const std::vector< unsigned char > &bytes)
Definition: merkleblock.cpp:21
static const unsigned int MAX_OPCODE
Definition: script.h:215
opcodetype
Script opcodes.
Definition: script.h:73
A mutable version of CTransaction.
Definition: transaction.h:378
CScriptNum ConsumeScriptNum(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:155
WeakEnumType ConsumeWeakEnum(FuzzedDataProvider &fuzzed_data_provider, const WeakEnumType(&all_types)[size]) noexcept
Definition: util.h:131
uint32_t ConsumeSequence(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:155
DataStream ConsumeDataStream(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:73
void ReadFromStream(FuzzedDataProvider &fuzzed_data_provider, Stream &stream) noexcept
Definition: util.h:302
CScriptWitness ConsumeScriptWitness(FuzzedDataProvider &fuzzed_data_provider, const size_t max_stack_elem_size=32) noexcept
Definition: util.cpp:83
std::vector< T > ConsumeRandomLengthIntegralVector(FuzzedDataProvider &fuzzed_data_provider, const size_t max_vector_size=16) noexcept
Definition: util.h:89
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition: util.h:47
std::optional< T > ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider, const P &params, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:103
bool ContainsSpentInput(const CTransaction &tx, const CCoinsViewCache &inputs) noexcept
Definition: util.cpp:237
std::map< COutPoint, Coin > ConsumeCoins(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:166
uint256 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:169
std::vector< std::string > ConsumeRandomLengthStringVector(FuzzedDataProvider &fuzzed_data_provider, const size_t max_vector_size=16, const size_t max_string_length=16) noexcept
Definition: util.h:78
#define READ_FROM_STREAM_CASE(type)
Definition: util.h:296
arith_uint256 ConsumeArithUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:178
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35
CScript ConsumeScript(FuzzedDataProvider &fuzzed_data_provider, const bool maybe_p2wsh=false) noexcept
Definition: util.cpp:93
void WriteToStream(FuzzedDataProvider &fuzzed_data_provider, Stream &stream) noexcept
Definition: util.h:273
std::vector< B > ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:57
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min=std::nullopt, const std::optional< int64_t > &max=std::nullopt) noexcept
Definition: util.cpp:34
CMutableTransaction ConsumeTransaction(FuzzedDataProvider &fuzzed_data_provider, const std::optional< std::vector< Txid >> &prevout_txids, const int max_num_in=10, const int max_num_out=10) noexcept
Definition: util.cpp:42
CKey ConsumePrivateKey(FuzzedDataProvider &fuzzed_data_provider, std::optional< bool > compressed=std::nullopt) noexcept
Definition: util.cpp:227
bool MultiplicationOverflow(const T i, const T j) noexcept
Definition: util.h:190
opcodetype ConsumeOpcodeType(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:138
void SetFuzzedErrNo(FuzzedDataProvider &fuzzed_data_provider, const std::array< T, size > &errnos)
Sets errno to a value selected from the given std::array errnos.
Definition: util.h:218
uint160 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:160
P ConsumeDeserializationParams(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: net.cpp:93
#define WRITE_TO_STREAM_CASE(type, consume)
Definition: util.h:267
std::vector< B > ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const size_t length) noexcept
Returns a byte vector of specified size regardless of the number of remaining bytes available from th...
Definition: util.h:238
CTxDestination ConsumeTxDestination(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:184
CAmount ConsumeMoney(FuzzedDataProvider &fuzzed_data_provider, const std::optional< CAmount > &max=std::nullopt) noexcept
Definition: util.cpp:29
std::vector< bool > ConsumeRandomLengthBitVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:68
#define B
Definition: util_tests.cpp:484
assert(!tx.IsCoinBase())