/root/bitcoin/src/test/fuzz/scriptnum_ops.cpp

Source (jump to first uncovered line)
// Copyright (c) 2020-2021 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <script/script.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>

#include <cassert>
#include <cstdint>
#include <limits>
#include <vector>

namespace {
bool IsValidAddition(const CScriptNum& lhs, const CScriptNum& rhs)
{
    return rhs == 0 || (rhs > 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} - rhs) || (rhs < 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} - rhs);
}

bool IsValidSubtraction(const CScriptNum& lhs, const CScriptNum& rhs)
{
    return rhs == 0 || (rhs > 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} + rhs) || (rhs < 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} + rhs);
}
} // namespace

FUZZ_TARGET(scriptnum_ops)
{
    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
    CScriptNum script_num = ConsumeScriptNum(fuzzed_data_provider);
    LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 1000000) {
        CallOneOf(
            fuzzed_data_provider,
            [&] {
                const int64_t i = fuzzed_data_provider.ConsumeIntegral<int64_t>();
                assert((script_num == i) != (script_num != i));
                assert((script_num <= i) != (script_num > i));
                assert((script_num >= i) != (script_num < i));
                // Avoid signed integer overflow:
                // script/script.h:264:93: runtime error: signed integer overflow: -2261405121394637306 + -9223372036854775802 cannot be represented in type 'long'
                if (IsValidAddition(script_num, CScriptNum{i})) {
                    assert((script_num + i) - i == script_num);
                }
                // Avoid signed integer overflow:
                // script/script.h:265:93: runtime error: signed integer overflow: 9223371895120855039 - -9223372036854710486 cannot be represented in type 'long'
                if (IsValidSubtraction(script_num, CScriptNum{i})) {
                    assert((script_num - i) + i == script_num);
                }
            },
            [&] {
                const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
                assert((script_num == random_script_num) != (script_num != random_script_num));
                assert((script_num <= random_script_num) != (script_num > random_script_num));
                assert((script_num >= random_script_num) != (script_num < random_script_num));
                // Avoid signed integer overflow:
                // script/script.h:264:93: runtime error: signed integer overflow: -9223126527765971126 + -9223372036854756825 cannot be represented in type 'long'
                if (IsValidAddition(script_num, random_script_num)) {
                    assert((script_num + random_script_num) - random_script_num == script_num);
                }
                // Avoid signed integer overflow:
                // script/script.h:265:93: runtime error: signed integer overflow: 6052837899185946624 - -9223372036854775808 cannot be represented in type 'long'
                if (IsValidSubtraction(script_num, random_script_num)) {
                    assert((script_num - random_script_num) + random_script_num == script_num);
                }
            },
            [&] {
                const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
                if (!IsValidAddition(script_num, random_script_num)) {
                    // Avoid assertion failure:
                    // ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) || (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
                    return;
                }
                script_num += random_script_num;
            },
            [&] {
                const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
                if (!IsValidSubtraction(script_num, random_script_num)) {
                    // Avoid assertion failure:
                    // ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) || (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
                    return;
                }
                script_num -= random_script_num;
            },
            [&] {
                script_num = script_num & fuzzed_data_provider.ConsumeIntegral<int64_t>();
            },
            [&] {
                script_num = script_num & ConsumeScriptNum(fuzzed_data_provider);
            },
            [&] {
                script_num &= ConsumeScriptNum(fuzzed_data_provider);
            },
            [&] {
                if (script_num == CScriptNum{std::numeric_limits<int64_t>::min()}) {
                    // Avoid assertion failure:
                    // ./script/script.h:279: CScriptNum CScriptNum::operator-() const: Assertion `m_value != std::numeric_limits<int64_t>::min()' failed.
                    return;
                }
                script_num = -script_num;
            },
            [&] {
                script_num = fuzzed_data_provider.ConsumeIntegral<int64_t>();
            },
            [&] {
                const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
                if (!IsValidAddition(script_num, CScriptNum{random_integer})) {
                    // Avoid assertion failure:
                    // ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) || (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
                    return;
                }
                script_num += random_integer;
            },
            [&] {
                const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
                if (!IsValidSubtraction(script_num, CScriptNum{random_integer})) {
                    // Avoid assertion failure:
                    // ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 || (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) || (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
                    return;
                }
                script_num -= random_integer;
            },
            [&] {
                script_num &= fuzzed_data_provider.ConsumeIntegral<int64_t>();
            });
        (void)script_num.getint();
        (void)script_num.getvch();
    }
}

Coverage Report

Created: 2025-03-18 19:34

Line	Count	Source (jump to first uncovered line)
1		// Copyright (c) 2020-2021 The Bitcoin Core developers
2		// Distributed under the MIT software license, see the accompanying
3		// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5		#include <script/script.h>
6		#include <test/fuzz/FuzzedDataProvider.h>
7		#include <test/fuzz/fuzz.h>
8		#include <test/fuzz/util.h>
9
10		#include <cassert>
11		#include <cstdint>
12		#include <limits>
13		#include <vector>
14
15		namespace {
16		bool IsValidAddition(const CScriptNum& lhs, const CScriptNum& rhs)
17	0	{
18	0	return rhs == 0 \|\| (rhs > 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} - rhs) \|\| (rhs < 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} - rhs); Branch (18:12): [True: 0, False: 0] Branch (18:25): [True: 0, False: 0] Branch (18:36): [True: 0, False: 0] Branch (18:102): [True: 0, False: 0] Branch (18:113): [True: 0, False: 0]
19	0	}
20
21		bool IsValidSubtraction(const CScriptNum& lhs, const CScriptNum& rhs)
22	0	{
23	0	return rhs == 0 \|\| (rhs > 0 && lhs >= CScriptNum{std::numeric_limits<int64_t>::min()} + rhs) \|\| (rhs < 0 && lhs <= CScriptNum{std::numeric_limits<int64_t>::max()} + rhs); Branch (23:12): [True: 0, False: 0] Branch (23:25): [True: 0, False: 0] Branch (23:36): [True: 0, False: 0] Branch (23:102): [True: 0, False: 0] Branch (23:113): [True: 0, False: 0]
24	0	}
25		} // namespace
26
27		FUZZ_TARGET(scriptnum_ops)
28	0	{
29	0	FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
30	0	CScriptNum script_num = ConsumeScriptNum(fuzzed_data_provider);
31	0	LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 1000000) {
32	0	CallOneOf(
33	0	fuzzed_data_provider,
34	0	[&] {
35	0	const int64_t i = fuzzed_data_provider.ConsumeIntegral<int64_t>();
36	0	assert((script_num == i) != (script_num != i));
37	0	assert((script_num <= i) != (script_num > i));
38	0	assert((script_num >= i) != (script_num < i));
39		// Avoid signed integer overflow:
40		// script/script.h:264:93: runtime error: signed integer overflow: -2261405121394637306 + -9223372036854775802 cannot be represented in type 'long'
41	0	if (IsValidAddition(script_num, CScriptNum{i})) { Branch (41:21): [True: 0, False: 0]
42	0	assert((script_num + i) - i == script_num);
43	0	}
44		// Avoid signed integer overflow:
45		// script/script.h:265:93: runtime error: signed integer overflow: 9223371895120855039 - -9223372036854710486 cannot be represented in type 'long'
46	0	if (IsValidSubtraction(script_num, CScriptNum{i})) { Branch (46:21): [True: 0, False: 0]
47	0	assert((script_num - i) + i == script_num);
48	0	}
49	0	},
50	0	[&] {
51	0	const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
52	0	assert((script_num == random_script_num) != (script_num != random_script_num));
53	0	assert((script_num <= random_script_num) != (script_num > random_script_num));
54	0	assert((script_num >= random_script_num) != (script_num < random_script_num));
55		// Avoid signed integer overflow:
56		// script/script.h:264:93: runtime error: signed integer overflow: -9223126527765971126 + -9223372036854756825 cannot be represented in type 'long'
57	0	if (IsValidAddition(script_num, random_script_num)) { Branch (57:21): [True: 0, False: 0]
58	0	assert((script_num + random_script_num) - random_script_num == script_num);
59	0	}
60		// Avoid signed integer overflow:
61		// script/script.h:265:93: runtime error: signed integer overflow: 6052837899185946624 - -9223372036854775808 cannot be represented in type 'long'
62	0	if (IsValidSubtraction(script_num, random_script_num)) { Branch (62:21): [True: 0, False: 0]
63	0	assert((script_num - random_script_num) + random_script_num == script_num);
64	0	}
65	0	},
66	0	[&] {
67	0	const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
68	0	if (!IsValidAddition(script_num, random_script_num)) { Branch (68:21): [True: 0, False: 0]
69		// Avoid assertion failure:
70		// ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 \|\| (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) \|\| (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
71	0	return;
72	0	}
73	0	script_num += random_script_num;
74	0	},
75	0	[&] {
76	0	const CScriptNum random_script_num = ConsumeScriptNum(fuzzed_data_provider);
77	0	if (!IsValidSubtraction(script_num, random_script_num)) { Branch (77:21): [True: 0, False: 0]
78		// Avoid assertion failure:
79		// ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 \|\| (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) \|\| (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
80	0	return;
81	0	}
82	0	script_num -= random_script_num;
83	0	},
84	0	[&] {
85	0	script_num = script_num & fuzzed_data_provider.ConsumeIntegral<int64_t>();
86	0	},
87	0	[&] {
88	0	script_num = script_num & ConsumeScriptNum(fuzzed_data_provider);
89	0	},
90	0	[&] {
91	0	script_num &= ConsumeScriptNum(fuzzed_data_provider);
92	0	},
93	0	[&] {
94	0	if (script_num == CScriptNum{std::numeric_limits<int64_t>::min()}) { Branch (94:21): [True: 0, False: 0]
95		// Avoid assertion failure:
96		// ./script/script.h:279: CScriptNum CScriptNum::operator-() const: Assertion `m_value != std::numeric_limits<int64_t>::min()' failed.
97	0	return;
98	0	}
99	0	script_num = -script_num;
100	0	},
101	0	[&] {
102	0	script_num = fuzzed_data_provider.ConsumeIntegral<int64_t>();
103	0	},
104	0	[&] {
105	0	const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
106	0	if (!IsValidAddition(script_num, CScriptNum{random_integer})) { Branch (106:21): [True: 0, False: 0]
107		// Avoid assertion failure:
108		// ./script/script.h:292: CScriptNum &CScriptNum::operator+=(const int64_t &): Assertion `rhs == 0 \|\| (rhs > 0 && m_value <= std::numeric_limits<int64_t>::max() - rhs) \|\| (rhs < 0 && m_value >= std::numeric_limits<int64_t>::min() - rhs)' failed.
109	0	return;
110	0	}
111	0	script_num += random_integer;
112	0	},
113	0	[&] {
114	0	const int64_t random_integer = fuzzed_data_provider.ConsumeIntegral<int64_t>();
115	0	if (!IsValidSubtraction(script_num, CScriptNum{random_integer})) { Branch (115:21): [True: 0, False: 0]
116		// Avoid assertion failure:
117		// ./script/script.h:300: CScriptNum &CScriptNum::operator-=(const int64_t &): Assertion `rhs == 0 \|\| (rhs > 0 && m_value >= std::numeric_limits<int64_t>::min() + rhs) \|\| (rhs < 0 && m_value <= std::numeric_limits<int64_t>::max() + rhs)' failed.
118	0	return;
119	0	}
120	0	script_num -= random_integer;
121	0	},
122	0	[&] {
123	0	script_num &= fuzzed_data_provider.ConsumeIntegral<int64_t>();
124	0	});
125	0	(void)script_num.getint();
126	0	(void)script_num.getvch();
127	0	}
128	0	}