mirrors/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-20 14:05:23 +01:00
Code Issues Projects Releases Wiki Activity

fuzz: Fix mini_miner_selection running out of coin

Browse source 
Fixes a bug in the mini_miner_selection fuzz test found by fuzzing:
It was possible for the mini_miner_selection fuzz test to generated
transactions that created fewer new spendable outputs than the two
inputs they each spend. If the fuzz seed did so consistently, eventually
it would cause a `pop_front()` on an empty available_coins.

Fixed by:
- asserting that available_coins is not empty before generating tx
- allowing to build tx with a single coin if only one is available
This commit is contained in:
Murch 2023-06-02 14:20:33 -04:00
parent b22408df16
commit 76c5ea703e
No known key found for this signature in database
GPG key ID: 7BA035CA5B901713
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/test/fuzz/mini_miner.cpp
View file

@ -118,10 +118,11 @@ FUZZ_TARGET_INIT(mini_miner_selection, initialize_miner)
LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100)
{
CMutableTransaction mtx = CMutableTransaction();
const size_t num_inputs = 2;
assert(!available_coins.empty());
const size_t num_inputs = std::min(size_t{2}, available_coins.size());
const size_t num_outputs = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(2, 5);
for (size_t n{0}; n < num_inputs; ++n) {
auto prevout = available_coins.front();
auto prevout = available_coins.at(0);
mtx.vin.push_back(CTxIn(prevout, CScript()));
available_coins.pop_front();
}