mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-02-23 23:06:44 +01:00
Code Issues Projects Releases Wiki Activity
core-lightning/tests/fuzz/fuzz-channel_id.c

68 lines
1.7 KiB
C
Raw Normal View History

check-includes: allow redundant "config.h" We should actually be including this (as it may define _GNU_SOURCE etc) before any system headers. But where we include <assert.h> we often didn't, because check-includes would complain that the headers included it too. Weaken that check, and include config.h in C files before assert.h. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-02-01 13:28:50 +10:30
#include "config.h"
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
#include <assert.h>
#include <bitcoin/pubkey.h>
#include <bitcoin/tx.h>
#include <common/channel_id.h>
fuzz: fix UBSan nullability error The issue is that common_setup() wasn't called by the fuzz target, leaving secp256k1_ctx as NULL. UBSan error: $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" \ ./fuzz-channel_id crash-1575b41ef09e62e4c09c165e6dc037a110b113f2 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1153355603 INFO: Loaded 1 modules (25915 inline 8-bit counters): 25915 [0x563bae7ac3a8, 0x563bae7b28e3), INFO: Loaded 1 PC tables (25915 PCs): 25915 [0x563bae7b28e8,0x563bae817c98), ./fuzz-channel_id: Running 1 inputs 1 time(s) each. Running: crash-1575b41ef09e62e4c09c165e6dc037a110b113f2 bitcoin/pubkey.c:22:33: runtime error: null pointer passed as argument 1, which is declared to never be null external/libwally-core/src/secp256k1/include/secp256k1.h:373:3: note: nonnull attribute specified here #0 0x563bae41e3db in pubkey_from_der bitcoin/pubkey.c:19:7 #1 0x563bae4205e0 in fromwire_pubkey bitcoin/pubkey.c:111:7 #2 0x563bae46437c in run tests/fuzz/fuzz-channel_id.c:42:3 #3 0x563bae2f6016 in LLVMFuzzerTestOneInput tests/fuzz/libfuzz.c:23:2 #4 0x563bae20a450 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) #5 0x563bae1f4c3f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) #6 0x563bae1fa6e6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) #7 0x563bae223052 in main (tests/fuzz/fuzz-channel_id+0x181052) (BuildId: f7f56e14ffc06df54ab732d79ea922e773de1f25) #8 0x7fa7fa113082 in __libc_start_main #9 0x563bae1efbdd in _start SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior bitcoin/pubkey.c:22:33 in
2023-03-16 14:24:07 -05:00
#include <common/setup.h>
fuzz: fix check-src/includes when fuzzing enabled. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-04-03 16:11:04 +09:30
#include <tests/fuzz/libfuzz.h>
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
#include <wire/wire.h>
void init(int *argc, char ***argv)
{
fuzz: fix UBSan nullability error The issue is that common_setup() wasn't called by the fuzz target, leaving secp256k1_ctx as NULL. UBSan error: $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" \ ./fuzz-channel_id crash-1575b41ef09e62e4c09c165e6dc037a110b113f2 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1153355603 INFO: Loaded 1 modules (25915 inline 8-bit counters): 25915 [0x563bae7ac3a8, 0x563bae7b28e3), INFO: Loaded 1 PC tables (25915 PCs): 25915 [0x563bae7b28e8,0x563bae817c98), ./fuzz-channel_id: Running 1 inputs 1 time(s) each. Running: crash-1575b41ef09e62e4c09c165e6dc037a110b113f2 bitcoin/pubkey.c:22:33: runtime error: null pointer passed as argument 1, which is declared to never be null external/libwally-core/src/secp256k1/include/secp256k1.h:373:3: note: nonnull attribute specified here #0 0x563bae41e3db in pubkey_from_der bitcoin/pubkey.c:19:7 #1 0x563bae4205e0 in fromwire_pubkey bitcoin/pubkey.c:111:7 #2 0x563bae46437c in run tests/fuzz/fuzz-channel_id.c:42:3 #3 0x563bae2f6016 in LLVMFuzzerTestOneInput tests/fuzz/libfuzz.c:23:2 #4 0x563bae20a450 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) #5 0x563bae1f4c3f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) #6 0x563bae1fa6e6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) #7 0x563bae223052 in main (tests/fuzz/fuzz-channel_id+0x181052) (BuildId: f7f56e14ffc06df54ab732d79ea922e773de1f25) #8 0x7fa7fa113082 in __libc_start_main #9 0x563bae1efbdd in _start SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior bitcoin/pubkey.c:22:33 in
2023-03-16 14:24:07 -05:00
common_setup("fuzzer");
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
}
void run(const uint8_t *data, size_t size)
{
struct channel_id chan_id;
struct pubkey basepoint_1, basepoint_2;
common: use bitcoin_outpoint. I started pulling this thread, and the entire codebase got unravelled. Oh well, it's done now! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-10-13 14:15:36 +10:30
struct bitcoin_outpoint outpoint;
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
const uint8_t **v1_chunks, **v2_chunks, **marshal_chunks;
const uint8_t *wire_ptr;
size_t wire_max;
uint8_t *wire_buf;
common: use bitcoin_outpoint. I started pulling this thread, and the entire codebase got unravelled. Oh well, it's done now! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-10-13 14:15:36 +10:30
/* 32 (txid) + 4 (vout) */
if (size < 36)
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
return;
common: use bitcoin_outpoint. I started pulling this thread, and the entire codebase got unravelled. Oh well, it's done now! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-10-13 14:15:36 +10:30
v1_chunks = get_chunks(NULL, data, size, 36);
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
for (size_t i = 0; i < tal_count(v1_chunks); i++) {
wire_ptr = v1_chunks[i];
common: use bitcoin_outpoint. I started pulling this thread, and the entire codebase got unravelled. Oh well, it's done now! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-10-13 14:15:36 +10:30
wire_max = 36;
fromwire_bitcoin_outpoint(&wire_ptr, &wire_max, &outpoint);
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
assert(wire_ptr);
common: use bitcoin_outpoint. I started pulling this thread, and the entire codebase got unravelled. Oh well, it's done now! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-10-13 14:15:36 +10:30
derive_channel_id(&chan_id, &outpoint);
fuzz: add a fuzz target for channel_id derivation Signed-off-by: Antoine Poinsot <darosior@protonmail.com>
2020-09-23 13:56:36 +02:00
}
tal_free(v1_chunks);
v2_chunks = get_chunks(NULL, data, size, PUBKEY_CMPR_LEN * 2);
for (size_t i = 0; i < tal_count(v2_chunks); i++) {
wire_ptr = v2_chunks[i];
wire_max = PUBKEY_CMPR_LEN;
fromwire_pubkey(&wire_ptr, &wire_max, &basepoint_1);
if (!wire_ptr)
continue;
wire_max = PUBKEY_CMPR_LEN;
fromwire_pubkey(&wire_ptr, &wire_max, &basepoint_2);
if (!wire_ptr)
continue;
derive_channel_id_v2(&chan_id, &basepoint_1, &basepoint_2);
}
tal_free(v2_chunks);
marshal_chunks = get_chunks(NULL, data, size, 32);
for (size_t i = 0; i < tal_count(marshal_chunks); i++) {
wire_ptr = marshal_chunks[i];
wire_max = tal_count(marshal_chunks[i]);
fromwire_channel_id(&wire_ptr, &wire_max, &chan_id);
wire_buf = tal_arr(NULL, uint8_t, tal_count(marshal_chunks[i]));
towire_channel_id(&wire_buf, &chan_id);
tal_free(wire_buf);
}
tal_free(marshal_chunks);
}
Reference in a new issue Copy permalink