Merge rust-bitcoin#5029: Add arbitrary_witness and parse_int fuzz targets

apoelstra · apoelstra · commit 3abd5674f09a · 2025-09-29T15:29:06.000Z
3f20f06 Add `arbitrary_witness` and `parse_int` fuzz targets (Shing Him Ng) 3239696 Bump honggfuzz to 0.5.58 (Shing Him Ng) Pull request description: ACKs for top commit: apoelstra: ACK 3f20f06; successfully ran local tests tcharding: ACK 3f20f06 Tree-SHA512: a0206bd1d9b4cf585738574eb33209f363981ffefa7cca2d72dc3b4e8869c1b328876b8d68d26f803d352f7d084726eb65e8250e9611320c675f88062119389b
diff --git a/.github/workflows/cron-daily-fuzz.yml b/.github/workflows/cron-daily-fuzz.yml
@@ -21,6 +21,7 @@ jobs:
           bitcoin_arbitrary_block,
           bitcoin_arbitrary_script,
           bitcoin_arbitrary_transaction,
+          bitcoin_arbitrary_witness,
           bitcoin_deserialize_block,
           bitcoin_deserialize_prefilled_transaction,
           bitcoin_deserialize_psbt,
@@ -41,6 +42,7 @@ jobs:
           p2p_deserialize_raw_net_msg,
           units_arbitrary_weight,
           units_parse_amount,
+          units_parse_int,
         ]
     steps:
       - name: Install test dependencies
diff --git a/Cargo-minimal.lock b/Cargo-minimal.lock
@@ -251,9 +251,9 @@ checksum = "3011d1213f159867b13cfd6ac92d2cd5f1345762c63be3554e84092d85a50bbd"
 
 [[package]]
 name = "honggfuzz"
-version = "0.5.57"
+version = "0.5.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc563d4f41b17364d5c48ded509f2bcf1c3f6ae9c7f203055b4a5c325072d57e"
+checksum = "6e8319f3cc8fe416e7aa1ab95dcc04fd49f35397a47d0b2f0f225f6dba346a07"
 dependencies = [
  "lazy_static",
  "memmap2",
diff --git a/Cargo-recent.lock b/Cargo-recent.lock
@@ -253,9 +253,9 @@ checksum = "3011d1213f159867b13cfd6ac92d2cd5f1345762c63be3554e84092d85a50bbd"
 
 [[package]]
 name = "honggfuzz"
-version = "0.5.57"
+version = "0.5.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc563d4f41b17364d5c48ded509f2bcf1c3f6ae9c7f203055b4a5c325072d57e"
+checksum = "6e8319f3cc8fe416e7aa1ab95dcc04fd49f35397a47d0b2f0f225f6dba346a07"
 dependencies = [
  "lazy_static",
  "memmap2",
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -10,7 +10,7 @@ publish = false
 cargo-fuzz = true
 
 [dependencies]
-honggfuzz = { version = "0.5.57", default-features = false }
+honggfuzz = { version = "0.5.58", default-features = false }
 bitcoin = { path = "../bitcoin", features = [ "serde", "arbitrary" ] }
 p2p = { path = "../p2p", package = "bitcoin-p2p-messages", features = ["arbitrary"] }
 arbitrary = { version = "1.4.1" }
@@ -33,6 +33,10 @@ path = "fuzz_targets/bitcoin/arbitrary_script.rs"
 name = "bitcoin_arbitrary_transaction"
 path = "fuzz_targets/bitcoin/arbitrary_transaction.rs"
 
+[[bin]]
+name = "bitcoin_arbitrary_witness"
+path = "fuzz_targets/bitcoin/arbitrary_witness.rs"
+
 [[bin]]
 name = "bitcoin_deserialize_block"
 path = "fuzz_targets/bitcoin/deserialize_block.rs"
@@ -112,3 +116,7 @@ path = "fuzz_targets/units/arbitrary_weight.rs"
 [[bin]]
 name = "units_parse_amount"
 path = "fuzz_targets/units/parse_amount.rs"
+
+[[bin]]
+name = "units_parse_int"
+path = "fuzz_targets/units/parse_int.rs"
diff --git a/fuzz/fuzz_targets/bitcoin/arbitrary_witness.rs b/fuzz/fuzz_targets/bitcoin/arbitrary_witness.rs
@@ -0,0 +1,59 @@
+use arbitrary::{Arbitrary, Unstructured};
+use honggfuzz::fuzz;
+use bitcoin::consensus::{deserialize, serialize};
+use bitcoin::Witness;
+use bitcoin::blockdata::witness::WitnessExt;
+
+fn do_test(data: &[u8]) {
+    let mut u = Unstructured::new(data);
+
+    if let Ok(mut witness) = Witness::arbitrary(&mut u) {
+        let serialized = serialize(&witness);
+
+        let _ = witness.witness_script();
+        let _ = witness.taproot_leaf_script();
+
+        let deserialized: Result<Witness, _> = deserialize(serialized.as_slice());
+        assert!(deserialized.is_ok(), "Deserialization error: {:?}", deserialized.err().unwrap());
+        assert_eq!(deserialized.unwrap(), witness);
+
+        if let Ok(element_bytes) = Vec::<u8>::arbitrary(&mut u) {
+            witness.push(element_bytes.as_slice());
+        }
+    }
+}
+
+fn main() {
+    loop {
+        fuzz!(|data| {
+            do_test(data);
+        });
+    }
+}
+
+#[cfg(all(test, fuzzing))]
+mod tests {
+    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
+        let mut b = 0;
+        for (idx, c) in hex.as_bytes().iter().enumerate() {
+            b <<= 4;
+            match *c {
+                b'A'..=b'F' => b |= c - b'A' + 10,
+                b'a'..=b'f' => b |= c - b'a' + 10,
+                b'0'..=b'9' => b |= c - b'0',
+                _ => panic!("Bad hex"),
+            }
+            if (idx & 1) == 1 {
+                out.push(b);
+                b = 0;
+            }
+        }
+    }
+
+    #[test]
+    fn duplicate_crash() {
+        let mut a = Vec::new();
+        extend_vec_from_hex("00", &mut a);
+        super::do_test(&a);
+    }
+}
diff --git a/fuzz/fuzz_targets/units/parse_int.rs b/fuzz/fuzz_targets/units/parse_int.rs
@@ -0,0 +1,106 @@
+use arbitrary::Unstructured;
+use honggfuzz::fuzz;
+use bitcoin::parse_int;
+
+fn do_test(data: &[u8]) {
+    let mut u = Unstructured::new(data);
+
+    if let Ok(s) = u.arbitrary::<&str>() {
+        let _ = parse_int::int_from_str::<i8>(s);
+        let _ = parse_int::int_from_str::<i16>(s);
+        let _ = parse_int::int_from_str::<i32>(s);
+        let _ = parse_int::int_from_str::<i64>(s);
+        let _ = parse_int::int_from_str::<i128>(s);
+
+        let _ = parse_int::int_from_str::<u8>(s);
+        let _ = parse_int::int_from_str::<u16>(s);
+        let _ = parse_int::int_from_str::<u32>(s);
+        let _ = parse_int::int_from_str::<u64>(s);
+        let _ = parse_int::int_from_str::<u128>(s);
+
+        let _ = parse_int::hex_remove_prefix(s);
+
+        if parse_int::hex_u32_prefixed(s).is_ok() {
+            assert!(parse_int::hex_u32(s).is_ok());
+            assert!(parse_int::hex_u32_unprefixed(s).is_err());
+        }
+
+        if parse_int::hex_u32_unprefixed(s).is_ok() {
+            assert!(parse_int::hex_u32(s).is_ok());
+            assert!(parse_int::hex_u32_prefixed(s).is_err());
+        }
+
+        if parse_int::hex_u128_prefixed(s).is_ok() {
+            assert!(parse_int::hex_u128(s).is_ok());
+            assert!(parse_int::hex_u128_unprefixed(s).is_err());
+        }
+
+        if parse_int::hex_u128_unprefixed(s).is_ok() {
+            assert!(parse_int::hex_u128(s).is_ok());
+            assert!(parse_int::hex_u128_prefixed(s).is_err());
+        }
+    }
+
+    if let Ok(s) = u.arbitrary::<String>() {
+        let _ = parse_int::int_from_string::<i8>(s.clone());
+        let _ = parse_int::int_from_string::<i16>(s.clone());
+        let _ = parse_int::int_from_string::<i32>(s.clone());
+        let _ = parse_int::int_from_string::<i64>(s.clone());
+        let _ = parse_int::int_from_string::<i128>(s.clone());
+
+        let _ = parse_int::int_from_string::<u8>(s.clone());
+        let _ = parse_int::int_from_string::<u16>(s.clone());
+        let _ = parse_int::int_from_string::<u32>(s.clone());
+        let _ = parse_int::int_from_string::<u64>(s.clone());
+        let _ = parse_int::int_from_string::<u128>(s);
+    }
+
+    if let Ok(s) = u.arbitrary::<Box<str>>() {
+        let _ = parse_int::int_from_box::<i8>(s.clone());
+        let _ = parse_int::int_from_box::<i16>(s.clone());
+        let _ = parse_int::int_from_box::<i32>(s.clone());
+        let _ = parse_int::int_from_box::<i64>(s.clone());
+        let _ = parse_int::int_from_box::<i128>(s.clone());
+
+        let _ = parse_int::int_from_box::<u8>(s.clone());
+        let _ = parse_int::int_from_box::<u16>(s.clone());
+        let _ = parse_int::int_from_box::<u32>(s.clone());
+        let _ = parse_int::int_from_box::<u64>(s.clone());
+        let _ = parse_int::int_from_box::<u128>(s);
+    }
+}
+
+fn main() {
+    loop {
+        fuzz!(|data| {
+            do_test(data);
+        });
+    }
+}
+
+#[cfg(all(test, fuzzing))]
+mod tests {
+    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
+        let mut b = 0;
+        for (idx, c) in hex.as_bytes().iter().enumerate() {
+            b <<= 4;
+            match *c {
+                b'A'..=b'F' => b |= c - b'A' + 10,
+                b'a'..=b'f' => b |= c - b'a' + 10,
+                b'0'..=b'9' => b |= c - b'0',
+                _ => panic!("Bad hex"),
+            }
+            if (idx & 1) == 1 {
+                out.push(b);
+                b = 0;
+            }
+        }
+    }
+
+    #[test]
+    fn duplicate_crash() {
+        let mut a = Vec::new();
+        extend_vec_from_hex("00", &mut a);
+        super::do_test(&a);
+    }
+}
diff --git a/fuzz/generate-files.sh b/fuzz/generate-files.sh
@@ -22,7 +22,7 @@ publish = false
 cargo-fuzz = true
 
 [dependencies]
-honggfuzz = { version = "0.5.57", default-features = false }
+honggfuzz = { version = "0.5.58", default-features = false }
 bitcoin = { path = "../bitcoin", features = [ "serde", "arbitrary" ] }
 p2p = { path = "../p2p", package = "bitcoin-p2p-messages", features = ["arbitrary"] }
 arbitrary = { version = "1.4.1" }
