tests: Fix bug in the descriptor parsing fuzzing harness (descriptor_parse)#17685
Merged
maflcko merged 1 commit intobitcoin:masterfrom Dec 8, 2019
Merged
Conversation
|
ACK |
Contributor
Author
|
@paymog Thanks for reviewing! Don't forget to include the commit hash after your ACK to specify which version of the PR you are ACK:ing :) Example: |
|
@practicalswift got it. Thanks for the patience. ACK 6338c02 |
Member
|
Added seed to repo bitcoin-core/qa-assets@e4d36ec |
Member
|
Reproduced locally and on travis: https://travis-ci.org/MarcoFalke/bitcoin-core/jobs/622111801#L2555 |
Member
|
ACK 6338c02 🕊 Show signature and timestampSignature: Timestamp of file with hash |
maflcko
pushed a commit
to maflcko/bitcoin-core
that referenced
this pull request
Dec 8, 2019
… harness (descriptor_parse) 6338c02 tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift) Pull request description: Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`). Background: When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`. The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :) Before: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here #0 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12 #1 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24 #2 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42 bitcoin#3 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23 #4 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16 #5 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9 … $ ``` After: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … Done 2 runs in 0 second(s) $ ``` ACKs for top commit: paymog: ACK 6338c02 MarcoFalke: ACK 6338c02 🕊 Tree-SHA512: bf24c404e1f64183761b057d2f210c3db85277f4415122977c315d7d6835acb5e897b5d64032615e9e44ad4a16dfe857e94481f6e4b57b6dfa8cb37adb2528a5
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Dec 9, 2019
… harness (descriptor_parse) 6338c02 tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift) Pull request description: Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`). Background: When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`. The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :) Before: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here #0 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12 #1 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24 #2 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42 #3 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23 #4 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16 #5 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9 … $ ``` After: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … Done 2 runs in 0 second(s) $ ``` ACKs for top commit: paymog: ACK 6338c02 MarcoFalke: ACK 6338c02 🕊 Tree-SHA512: bf24c404e1f64183761b057d2f210c3db85277f4415122977c315d7d6835acb5e897b5d64032615e9e44ad4a16dfe857e94481f6e4b57b6dfa8cb37adb2528a5
jasonbcox
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Jul 10, 2020
…rifyHandle only when needed. Summary: This diff squashes three Core PRs into one. The reason is that [[bitcoin/bitcoin#17235 | PR17235]] introduces a bug, and [[bitcoin/bitcoin#17274 | PR17274]] and [[bitcoin/bitcoin#17685 | PR17685]] both fix it, so our fuzzing test setup isn't broken at any point. --- c2f964a6745be085f2891c909d6c998687de9080 tests: Remove Cygwin WinMain workaround (practicalswift) db4bd32cc31789fc017f5db0b86a69ee43e41575 tests: Skip unnecessary fuzzer initialisation. Hold ECCVerifyHandle only when needed. (practicalswift) Pull request description: Skip unnecessary fuzzer initialisation. Hold `ECCVerifyHandle` only when needed. As suggested by MarcoFalke in bitcoin/bitcoin#17018 (comment). --- Merge #17274: tests: Fix fuzzers eval_script and script_flags by re-adding ECCVerifyHandle dependency 9cae3d5e94f4481e0d251c924314e57187a07a60 tests: Add fuzzer initialization (hold ECCVerifyHandle) (practicalswift) Pull request description: The fuzzers `eval_script` and `script_flags` require holding `ECCVerifyHandle`. This is a follow-up to #17235 which accidentally broke those two fuzzers. Sorry about the temporary breakage my fuzzing friends: it took a while to fuzz before reaching these code paths. That's why this wasn't immediately caught. Sorry. --- Merge #17685: tests: Fix bug in the descriptor parsing fuzzing harness (descriptor_parse) 6338c0203416a5f86e9422b6cd479da8af277f2f tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift) Pull request description: Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`). Background: When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`. The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :) --- Depends on D6881 Backport of Core [[bitcoin/bitcoin#17235 | PR17235]], [[bitcoin/bitcoin#17274 | PR17274]] and [[bitcoin/bitcoin#17685 | PR17685]] Test Plan: cmake -GNinja .. -DENABLE_SANITIZERS="address;fuzzer" -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ ninja bitcoin-fuzzers link-fuzz-test_runner.py ./test/fuzz/test-runner.py -l DEBUG <path-to-corpus> Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D6883
sidhujag
pushed a commit
to syscoin-core/syscoin
that referenced
this pull request
Nov 10, 2020
… harness (descriptor_parse) 6338c02 tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift) Pull request description: Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`). Background: When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`. The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :) Before: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here #0 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12 syscoin#1 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24 syscoin#2 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42 syscoin#3 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23 syscoin#4 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16 syscoin#5 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9 … $ ``` After: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … Done 2 runs in 0 second(s) $ ``` ACKs for top commit: paymog: ACK 6338c02 MarcoFalke: ACK 6338c02 🕊 Tree-SHA512: bf24c404e1f64183761b057d2f210c3db85277f4415122977c315d7d6835acb5e897b5d64032615e9e44ad4a16dfe857e94481f6e4b57b6dfa8cb37adb2528a5
knst
pushed a commit
to knst/dash
that referenced
this pull request
May 30, 2022
… harness (descriptor_parse) 6338c02 tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift) Pull request description: Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`). Background: When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`. The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :) Before: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here #0 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12 #1 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24 dashpay#2 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42 dashpay#3 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23 dashpay#4 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16 dashpay#5 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9 … $ ``` After: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … Done 2 runs in 0 second(s) $ ``` ACKs for top commit: paymog: ACK 6338c02 MarcoFalke: ACK 6338c02 🕊 Tree-SHA512: bf24c404e1f64183761b057d2f210c3db85277f4415122977c315d7d6835acb5e897b5d64032615e9e44ad4a16dfe857e94481f6e4b57b6dfa8cb37adb2528a5
UdjinM6
added a commit
to dashpay/dash
that referenced
this pull request
Jun 3, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix bug in the descriptor parsing fuzzing harness (
descriptor_parse) by making suresecp256k1_context_verifyis properly initialized (viaECCVerifyHandle).Background:
When fuzzing
Parse(…)withlibFuzzerI eventually reached the test casecombo(020000000000000000000000000000000000000000000000000000000000000000). That input triggers a call toCPubKey::IsFullyValid()which in turns requires an initializedsecp256k1_context_verify.The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :)
Before:
After: