diff --git a/CMakeLists.txt b/CMakeLists.txt index 4fcf782aa..45a6aa1b5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -652,7 +652,7 @@ else() endif() # linker - if (NOT SANITIZE AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) + if (NOT SANITIZE AND NOT OSSFUZZ AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) # PIE executables randomly crash at startup with ASAN # Windows binaries die on startup with PIE when compiled with GCC <9.x add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS) diff --git a/tests/data/fuzz/tx-extra/TXEXTRA1 b/tests/data/fuzz/tx-extra/TXEXTRA1 new file mode 100644 index 000000000..08852abe3 Binary files /dev/null and b/tests/data/fuzz/tx-extra/TXEXTRA1 differ diff --git a/tests/data/fuzz/tx-extra/TXEXTRA2 b/tests/data/fuzz/tx-extra/TXEXTRA2 new file mode 100644 index 000000000..170301145 Binary files /dev/null and b/tests/data/fuzz/tx-extra/TXEXTRA2 differ diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt index 8654d41d5..606fec465 100644 --- a/tests/fuzz/CMakeLists.txt +++ b/tests/fuzz/CMakeLists.txt @@ -200,3 +200,21 @@ set_property(TARGET bulletproof_fuzz_tests PROPERTY FOLDER "tests") +add_executable(tx-extra_fuzz_tests tx-extra.cpp fuzzer.cpp) +target_link_libraries(tx-extra_fuzz_tests + PRIVATE + cryptonote_basic + common + epee + ${Boost_THREAD_LIBRARY} + ${Boost_CHRONO_LIBRARY} + ${Boost_REGEX_LIBRARY} + ${Boost_PROGRAM_OPTIONS_LIBRARY} + ${Boost_SYSTEM_LIBRARY} + ${CMAKE_THREAD_LIBS_INIT} + ${EXTRA_LIBRARIES} + $ENV{LIB_FUZZING_ENGINE}) +set_property(TARGET tx-extra_fuzz_tests + PROPERTY + FOLDER "tests") + diff --git a/tests/fuzz/cold-outputs.cpp b/tests/fuzz/cold-outputs.cpp index af0a33422..ce6d6640c 100644 --- a/tests/fuzz/cold-outputs.cpp +++ b/tests/fuzz/cold-outputs.cpp @@ -34,16 +34,19 @@ #include "wallet/wallet2.h" #include "fuzzer.h" -static tools::wallet2 wallet; +static tools::wallet2 *wallet = NULL; BEGIN_INIT_SIMPLE_FUZZER() + static tools::wallet2 local_wallet; + wallet = &local_wallet; + static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f"; crypto::secret_key spendkey; epee::string_tools::hex_to_pod(spendkey_hex, spendkey); - wallet.init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); - wallet.set_subaddress_lookahead(1, 1); - wallet.generate("", "", spendkey, true, false); + wallet->init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); + wallet->set_subaddress_lookahead(1, 1); + wallet->generate("", "", spendkey, true, false); END_INIT_SIMPLE_FUZZER() BEGIN_SIMPLE_FUZZER() @@ -53,6 +56,6 @@ BEGIN_SIMPLE_FUZZER() iss << s; boost::archive::portable_binary_iarchive ar(iss); ar >> outputs; - size_t n_outputs = wallet.import_outputs(outputs); + size_t n_outputs = wallet->import_outputs(outputs); std::cout << boost::lexical_cast(n_outputs) << " outputs imported" << std::endl; END_SIMPLE_FUZZER() diff --git a/tests/fuzz/cold-transaction.cpp b/tests/fuzz/cold-transaction.cpp index 9808362e4..ebbbc283f 100644 --- a/tests/fuzz/cold-transaction.cpp +++ b/tests/fuzz/cold-transaction.cpp @@ -34,16 +34,19 @@ #include "wallet/wallet2.h" #include "fuzzer.h" -static tools::wallet2 wallet; +static tools::wallet2 *wallet = NULL; BEGIN_INIT_SIMPLE_FUZZER() + static tools::wallet2 local_wallet; + wallet = &local_wallet; + static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f"; crypto::secret_key spendkey; epee::string_tools::hex_to_pod(spendkey_hex, spendkey); - wallet.init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); - wallet.set_subaddress_lookahead(1, 1); - wallet.generate("", "", spendkey, true, false); + wallet->init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); + wallet->set_subaddress_lookahead(1, 1); + wallet->generate("", "", spendkey, true, false); END_INIT_SIMPLE_FUZZER() BEGIN_SIMPLE_FUZZER() @@ -54,6 +57,6 @@ BEGIN_SIMPLE_FUZZER() boost::archive::portable_binary_iarchive ar(iss); ar >> exported_txs; std::vector ptx; - bool success = wallet.sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx); + bool success = wallet->sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx); std::cout << (success ? "signed" : "error") << std::endl; END_SIMPLE_FUZZER() diff --git a/tests/fuzz/fuzzer.h b/tests/fuzz/fuzzer.h index 2d0a29dfc..ce230fb66 100644 --- a/tests/fuzz/fuzzer.h +++ b/tests/fuzz/fuzzer.h @@ -56,7 +56,7 @@ extern "C" { \ static bool first = true; \ if (first) \ { \ - if (!init()) \ + if (init()) \ return 1; \ first = false; \ } \ @@ -66,8 +66,12 @@ extern "C" { \ catch (const std::exception &e) \ { \ fprintf(stderr, "Exception: %s\n", e.what()); \ - return 1; \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ + return 0; \ } \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ return 0; \ } \ } @@ -122,8 +126,12 @@ int run_fuzzer(int argc, const char **argv, Fuzzer &fuzzer); catch (const std::exception &e) \ { \ fprintf(stderr, "Exception: %s\n", e.what()); \ - return 1; \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ + return 0; \ } \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ return 0; \ } \ }; \ diff --git a/tests/fuzz/signature.cpp b/tests/fuzz/signature.cpp index cd65e42d0..3743cfdd0 100644 --- a/tests/fuzz/signature.cpp +++ b/tests/fuzz/signature.cpp @@ -34,17 +34,20 @@ #include "wallet/wallet2.h" #include "fuzzer.h" -static tools::wallet2 wallet(cryptonote::TESTNET); +static tools::wallet2 *wallet = NULL; static cryptonote::account_public_address address; BEGIN_INIT_SIMPLE_FUZZER() + static tools::wallet2 local_wallet(cryptonote::TESTNET); + wallet = &local_wallet; + static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f"; crypto::secret_key spendkey; epee::string_tools::hex_to_pod(spendkey_hex, spendkey); - wallet.init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); - wallet.set_subaddress_lookahead(1, 1); - wallet.generate("", "", spendkey, true, false); + wallet->init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); + wallet->set_subaddress_lookahead(1, 1); + wallet->generate("", "", spendkey, true, false); cryptonote::address_parse_info info; if (!cryptonote::get_account_address_from_str_or_url(info, cryptonote::TESTNET, "9uVsvEryzpN8WH2t1WWhFFCG5tS8cBNdmJYNRuckLENFimfauV5pZKeS1P2CbxGkSDTUPHXWwiYE5ZGSXDAGbaZgDxobqDN")) @@ -56,6 +59,6 @@ BEGIN_INIT_SIMPLE_FUZZER() END_INIT_SIMPLE_FUZZER() BEGIN_SIMPLE_FUZZER() - bool valid = wallet.verify("test", address, std::string((const char*)buf, len)); + bool valid = wallet->verify("test", address, std::string((const char*)buf, len)); std::cout << "Signature " << (valid ? "valid" : "invalid") << std::endl; END_SIMPLE_FUZZER() diff --git a/tests/fuzz/tx-extra.cpp b/tests/fuzz/tx-extra.cpp new file mode 100644 index 000000000..35b14b802 --- /dev/null +++ b/tests/fuzz/tx-extra.cpp @@ -0,0 +1,40 @@ +// Copyright (c) 2020, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#include "include_base_utils.h" +#include "cryptonote_basic/cryptonote_format_utils.h" +#include "fuzzer.h" + +BEGIN_INIT_SIMPLE_FUZZER() +END_INIT_SIMPLE_FUZZER() + +BEGIN_SIMPLE_FUZZER() + std::vector tx_extra_fields; + cryptonote::parse_tx_extra(std::vector(buf, buf + len), tx_extra_fields); +END_SIMPLE_FUZZER() +