fuzzers: fuzzers for keystore, rlp, trie, whisper (cred to @guidovranken)

Author: holiman

fuzzbuzz.yaml

@@ -0,0 +1,37 @@
+# bmt  keystore  rlp  trie  whisperv6
+
+base: ubuntu:16.04
+targets:
+  - name: rlp
+    language: go
+    version: "1.11"
+    corpus: ./fuzzers/rlp/corpus
+    harness:
+      function: Fuzz
+      package: github.com/ethereum/go-ethereum/fuzzers/rlp
+      checkout: github.com/ethereum/go-ethereum/
+  - name: keystore
+    language: go
+    version: "1.11"
+    corpus: ./fuzzers/keystore/corpus
+    harness:
+      function: Fuzz
+      package: github.com/ethereum/go-ethereum/fuzzers/keystore
+      checkout: github.com/ethereum/go-ethereum/
+  - name: trie
+    language: go
+    version: "1.11"
+    corpus: ./fuzzers/trie/corpus
+    harness:
+      function: Fuzz
+      package: github.com/ethereum/go-ethereum/fuzzers/trie
+      checkout: github.com/ethereum/go-ethereum/
+  - name: whisperv6
+    language: go
+    version: "1.11"
+    corpus: ./fuzzers/whisperv6/corpus
+    harness:
+      function: Fuzz
+      package: github.com/ethereum/go-ethereum/fuzzers/whisperv6
+      checkout: github.com/ethereum/go-ethereum/
+

fuzzers/keystore/corpus/0176eaf52ed014ec5c91cf4afa070dd3fd469077-1

@@ -0,0 +1 @@
+ns��,��

fuzzers/keystore/keystore-fuzz.go

@@ -0,0 +1,22 @@
+package keystore
+
+import (
+	"os"
+
+	"github.com/ethereum/go-ethereum/accounts/keystore"
+)
+
+func Fuzz(input []byte) int {
+
+	ks := keystore.NewKeyStore("/tmp/ks", keystore.LightScryptN, keystore.LightScryptP)
+
+	a, err := ks.NewAccount(string(input))
+	if err != nil {
+		panic(err)
+	}
+	if err := ks.Unlock(a, string(input)); err != nil {
+		panic(err)
+	}
+	os.Remove(a.URL.Path)
+	return 0
+}

fuzzers/rlp/corpus/r.bin

@@ -0,0 +1 @@
+ˀ����������

fuzzers/rlp/rlp_fuzzer.go

@@ -0,0 +1,114 @@
+package rlp
+
+import (
+	"bytes"
+	"fmt"
+
+	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/rlp"
+)
+
+func decodeEncode(input []byte, val interface{}, i int) {
+	if err := rlp.DecodeBytes(input, val); err == nil {
+		output, err := rlp.EncodeToBytes(val)
+		if err != nil {
+			panic(err)
+		}
+		if !bytes.Equal(input, output) {
+			panic(fmt.Sprintf("case %d: encode-decode is not equal, \ninput : %x\noutput: %x", i, input, output))
+		}
+	}
+}
+
+func Fuzz(input []byte) int {
+
+	var i int
+	{
+		if len(input) > 0 {
+			rlp.Split(input)
+		}
+	}
+	{
+		if len(input) > 0 {
+			if elems, _, err := rlp.SplitList(input); err == nil {
+				rlp.CountValues(elems)
+			}
+		}
+	}
+
+	{
+		rlp.NewStream(bytes.NewReader(input), 0).Decode(new(interface{}))
+	}
+
+	{
+		decodeEncode(input, new(interface{}), i)
+		i++
+	}
+	{
+		var v struct {
+			Int    uint
+			String string
+			Bytes  []byte
+		}
+		decodeEncode(input, &v, i)
+		i++
+	}
+
+	{
+		type Types struct {
+			Bool  bool
+			Raw   rlp.RawValue
+			Slice []*Types
+			Iface []interface{}
+		}
+		var v Types
+		decodeEncode(input, &v, i)
+		i++
+	}
+	{
+		type AllTypes struct {
+			Int    uint
+			String string
+			Bytes  []byte
+			Bool   bool
+			Raw    rlp.RawValue
+			Slice  []*AllTypes
+			Array  [3]*AllTypes
+			Iface  []interface{}
+		}
+		var v AllTypes
+		decodeEncode(input, &v, i)
+		i++
+	}
+	{
+		decodeEncode(input, [10]byte{}, i)
+		i++
+	}
+	{
+		var v struct {
+			Byte [10]byte
+			Rool [10]bool
+		}
+		decodeEncode(input, &v, i)
+		i++
+	}
+	{
+		var h types.Header
+		decodeEncode(input, &h, i)
+		i++
+		var b types.Block
+		decodeEncode(input, &b, i)
+		i++
+		var t types.Transaction
+		decodeEncode(input, &t, i)
+		i++
+		var txs types.Transactions
+		decodeEncode(input, &txs, i)
+		i++
+		var rs types.Receipts
+		decodeEncode(input, &rs, i)
+		i++
+	}
+
+	return 0
+}

fuzzers/trie/corpus/data

@@ -0,0 +1 @@
+asdlfkjasf23oiejfasdfadkfqlkjfasdlkfjalwk4jfalsdkfjawlefkjsadlfkjasldkfjwalefkjasdlfkjM

fuzzers/trie/trie-fuzzer.go

@@ -0,0 +1,173 @@
+package trie
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/ethdb/memorydb"
+	"github.com/ethereum/go-ethereum/trie"
+)
+
+// randTest performs random trie operations.
+// Instances of this test are created by Generate.
+type randTest []randTestStep
+
+type randTestStep struct {
+	op    int
+	key   []byte // for opUpdate, opDelete, opGet
+	value []byte // for opUpdate
+	err   error  // for debugging
+}
+
+type proofDb struct{}
+
+func (proofDb) Put(key []byte, value []byte) error {
+	return nil
+}
+
+func (proofDb) Delete(key []byte) error {
+	return nil
+}
+
+const (
+	opUpdate = iota
+	opDelete
+	opGet
+	opCommit
+	opHash
+	opReset
+	opItercheckhash
+	opProve
+	opMax // boundary value, not an actual op
+)
+
+type dataSource struct {
+	input  []byte
+	reader *bytes.Reader
+}
+
+func newDataSource(input []byte) *dataSource {
+	return &dataSource{
+		input, bytes.NewReader(input),
+	}
+}
+func (ds *dataSource) ReadByte() byte {
+	if b, err := ds.reader.ReadByte(); err != nil {
+		return 0
+	} else {
+		return b
+	}
+}
+func (ds *dataSource) Read(buf []byte) (int, error) {
+	return ds.reader.Read(buf)
+}
+func (ds *dataSource) Ended() bool {
+	return ds.reader.Len() == 0
+}
+
+func Generate(input []byte) randTest {
+
+	var allKeys [][]byte
+	r := newDataSource(input)
+	genKey := func() []byte {
+
+		if len(allKeys) < 2 || r.ReadByte() < 0x0f {
+			// new key
+			key := make([]byte, r.ReadByte()%50)
+			r.Read(key)
+			allKeys = append(allKeys, key)
+			return key
+		}
+		// use existing key
+		return allKeys[int(r.ReadByte())%len(allKeys)]
+	}
+
+	var steps randTest
+
+	for i := 0; !r.Ended(); i++ {
+
+		step := randTestStep{op: int(r.ReadByte()) % opMax}
+		switch step.op {
+		case opUpdate:
+			step.key = genKey()
+			step.value = make([]byte, 8)
+			binary.BigEndian.PutUint64(step.value, uint64(i))
+		case opGet, opDelete, opProve:
+			step.key = genKey()
+		}
+		steps = append(steps, step)
+		if len(steps) > 500 {
+			break
+		}
+	}
+
+	return steps
+}
+
+func Fuzz(input []byte) int {
+	program := Generate(input)
+	if len(program) == 0 {
+		return -1
+	}
+	if err := runRandTest(program); err != nil {
+		panic(err)
+	}
+	return 0
+}
+
+func runRandTest(rt randTest) error {
+
+	triedb := trie.NewDatabase(memorydb.New())
+
+	tr, _ := trie.New(common.Hash{}, triedb)
+	values := make(map[string]string) // tracks content of the trie
+
+	for i, step := range rt {
+		switch step.op {
+		case opUpdate:
+			tr.Update(step.key, step.value)
+			values[string(step.key)] = string(step.value)
+		case opDelete:
+			tr.Delete(step.key)
+			delete(values, string(step.key))
+		case opGet:
+			v := tr.Get(step.key)
+			want := values[string(step.key)]
+			if string(v) != want {
+				rt[i].err = fmt.Errorf("mismatch for key 0x%x, got 0x%x want 0x%x", step.key, v, want)
+			}
+		case opCommit:
+			_, rt[i].err = tr.Commit(nil)
+		case opHash:
+			tr.Hash()
+		case opReset:
+			hash, err := tr.Commit(nil)
+			if err != nil {
+				return err
+			}
+			newtr, err := trie.New(hash, triedb)
+			if err != nil {
+				return err
+			}
+			tr = newtr
+		case opItercheckhash:
+			checktr, _ := trie.New(common.Hash{}, triedb)
+			it := trie.NewIterator(tr.NodeIterator(nil))
+			for it.Next() {
+				checktr.Update(it.Key, it.Value)
+			}
+			if tr.Hash() != checktr.Hash() {
+				return fmt.Errorf("hash mismatch in opItercheckhash")
+			}
+		case opProve:
+			rt[i].err = tr.Prove(step.key, 0, proofDb{})
+		}
+		// Abort the test on error.
+		if rt[i].err != nil {
+			return rt[i].err
+		}
+	}
+	return nil
+}